Re: System Administration Certification & Capabilities

[Joseph S D Yao <jsdy@gwyn.tux.org>]

Hi.  Sorry to splash into the middle of a discussion; but I must have
missed the announcement of these newsgroups.  ;-)  The first couple of
comments are slightly nitpickety [although I contend if your reasoning
is faulty or improperly worded, your discussion may be misunderstood];
but real content follows.

> Andy said:
> >If you don't understand DNS then you don't properly understand TCP/IP.
> 
> Then Sean Kamath said:
> > Um, did I miss something?  If you understand DNS, you understand
> > TCP/IP?
> 
> That's backwards.  I never said the corollary was true - and it's certainly
> not.

Grumble, grumble.  A corollary is trivially true from its axiom or
theorem.  The above is the "converse" - which, as you said, does not
necessarily follow.

> > If you don't understand DNS, you don't understand TCP/IP?
> > That's like saying if you know perl, you know UNIX.
> 
> Backwards... again.

The first line quotes you.  The second line draws a [poor] analogy.
Neither is backwards.

Having griped about your logic [yes, I have a degree in nitpicking,
oops, logic], I don't agree with your premise, either.  Many people
can't read maps, yet drive.  I would suspect that some people who
understand intimately how to construct roads also can't read maps.  By
analogy, there may be some people who understand the TCP protocol and
its underlying IP protocol, at either the driver level or the builder
level, without fully understanding DNS.

ALL DNS DOES IS TURN NAMES INTO NUMBERS.  Well, and other secondary
functions such as keying names to look up other types of records.

How it does this is somewhat more complicated in detail, but essentially
trivial in concept.  It asks a trusted neighbour.  If that one doesn't
know, it asks a more reliable trusted neighbour, up to the ultimate
trusted neighbour - who may not know, but definitely knows whom to ask.
DNS is said to be a distributed, reliable database.  Soon, we may be
able to add authenticated to that list of adjectives.

Understanding IP is more a matter of how the numbers and the wires work.
This has nothing to do with DNS, at that level.

> Many times, when troubleshooting IP problems you need to check the DNS
> involved.  If you don't understand DNS, then you cannot properly verify that
> a fundamental part of most IP activity (converting hostnames into IP
> addresses, and addresses into hostnames) is working correctly and eliminate
> it as the problem.

True.  Now you're a traffic engineer - who does need to understand both
the driver's view of the road and the map.  [Note, by the way, that DNS
is still not a fundamental part of IP activity.  By the time you get
down to the IP layer, it's been long done and gone.]

> The real issue is whether you can effectively administer systems without
> understanding how they work.  I will always argue that you cannot consider
> yourself a SA (and certainly not a "senior" SA) if you do not understand the
> system that you're supposed to be administering.

Many do.  Use the DNS model - just go along doing your rote things until
you come across something you don't understand; then call a more trusted
neighbour.  [;-)]

> > Sheesh.  This has gone from a discussion about whether certification
> > is a good thing into a discussion of what it means to be an SA.
> 
> Which, as someone else pointed out, is kind of important.  If you cannot
> determine the latter, how can you do the former?

Most definitely true.

Joe Yao				jsdy@tux.org - Joseph S. D. Yao