Put down that copy of DNS & Bind and back away from that keyboard!
Years ago, I used to be a systems and network administrator for a local software company. As years went by and that company got larger, my job whittled down until it was nothing more than a rump sysadmin job where I did nothing but maintain the DNS and NTP ring for this company on a contract basis (a whopping 4-6 hours a year. Bind might be a walking example of interesting software design [it's from ISC and they have, um, interesting ideas about how to write software] but once you've set up a zone named will cheerfully serve it without complaint up until the day the machine explodes out from under it.)
Recently, that company hired a couple of new system administrators. Eventually, these administrators wanted to Make Their Mark on the company, and decided that the best thing to, um, improve was the dns setup. So, after a bit of rumblings (most of which I wasn't privy to, because I am just the DNS and NTP person) out came a spectacularly complex plan, which included all new nameservers (since the old ones were, apparently, not suitable for hosting the new zonefiles), public key encryption up the wazoo for the (currently nonexistant, because apparently the O'Reilly book doesn't describe administering these systems) internal zone, and, best of all, they'd put ever new name server onto virtual machines that sit on the same physical box.
Hmm. There's just something about this plan that strikes me as, well, a little bit overdone. Could it be the all new nameservers (thus requiring hours of fun to go in and hand-edit /etc/resolv.conf on ~1000 Unix servers, or equally as much time to go in and coax several hundred Windows boxes into regrabbing dhcp info with the new zones?) Could it be the public key encryption on the local network (it's not that employees aren't capable of crime, but, um, that sort of thing is kind of traceable.) Could it be that one of the reasons they wanted to do this was because they'd found some fancy gui program to manage zones (in the horribly complex format that bind uses, which even a three-year-old could administer once they learned how to type.) Or could it be that they're talking about putting the servers onto virtual machines on the same box?
Well, anyway, this plan was proposed, so I went round and round and round in email trying to subdue the more stupid parts of the plan (which is, really, all of it; you'd think that it would be super-trivial to tweak the config files on the internal servers to point at the new gui-program master, but no, that would be too easy) and we finally got them to shut up about the new plan and go back to their previous arrangement of having me edit the zonefile whenever they wanted to rename a machine from "biff" to "sally."
For three weeks.
And then out came the previous New! DNS! Plan! once again, with absolutely no changes. I could have sworn that I'd just spent several hours going round and round with these PFYs about why their Grand! Plan! was not the greatest idea in the world, but, no, apparently they'd not read any of the mail I sent. So, once again, back on the round and round of trying to convince them that, no, this was not a good way to do it, and this time it escalated to a meeting of the entire IT department, where I went round and round and finally got them to agree not to do anything and I'd write a document explaining how to split the zone.
"Not to do anything" appears to include not reading the document, because three weeks later up came the WHOLE STUPID PLAN with not a line changed, as if I'd just imagined spending several lunch hours in meetings arguing out better ways to do things.
Aaaiieee. It burns, it burns!
And, boy, it makes me happy that, aside from this increasingly thankless contract work, the only sysadmin work I'm doing these days is clubbing two colocated boxes and my home network (now down to 2 servers, a cable modem, a router, and two laptops. ~170watts, and I might be able to shave another 30 watts off the top when I replace the power supplies on the EPIA 5000 motherboards in the servers with more energy-efficient models) into submission. At least at home I don't have to deal with PFYs with a book allowance.