mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 01:59:26 +00:00
Code Issues Releases Wiki Activity
Page: BIND 9.19 Planning: Incident Manager Rotation
Pages
"main" branch partial history rewrite in August 2022 A few thoughts on Rust in BIND BIND 9 Achievements BIND 9 F2F Meeting in Warsaw, October 2019 BIND 9 Memory Explained BIND 9 PKCS11 BIND 9 Packaging BIND 9 Style Guide BIND 9.11 ESV Soft Code Freeze BIND 9.15 Plan BIND 9.17 Plan BIND 9.19 Plan BIND 9.19 Planning: CHANGES BIND 9.19 Planning: Configuration Backend BIND 9.19 Planning: DB notes BIND 9.19 Planning: Discuss new features BIND 9.19 Planning: Incident Manager Rotation BIND 9.19 Planning: Netmgr evaluation BIND 9.19 Planning: Refactor RBTDB BIND 9.19 Planning: Refactoring XFR BIND 9.19 Planning: Refactoring zone.c BIND 9.19 Planning: Refactoring BIND 9.19 Planning: Statistics System Overhaul BIND 9.19 Planning: Testing BIND 9.19 Planning: Things to do before BIND 9.18 cutoff BIND 9.21 Plan BIND Development and Release Process 2019 BIND development workflow CGroups v2 limiting resource consumption for testing CPU profiling using perf Config system requirements DNS Shotgun integration into Gitlab CI DNSSEC Key and Signing Policy (KASP) Data structure survey Debian Packages Escalation Engineer Duties Git Of Theseus Gitlab how to Integration tests wish list Internal objects and their relations Known Issues in BIND 9.18 Known Issues in BIND 9.20 Known Issues in BIND 9.21 LLM based tools thoughts Planning Policy for removing named.conf options Preparing Useful Merge Requests QP‑trie in NSD Requirements and Designs Server side Git hooks Serving stale data Stable Release Update Statistics Requirements SystemTap on 4326 remove locking from copy_namehook_lists SystemTap on main Team Meetings Testing by configuration options Updating resolver algorithm, or "who knows best, the parent or the child?" User space Probing in BIND 9 _sidebar benchmarks best practices caches dashboard home october2018meeting pytest howto stdatomic usage in master
Clone
0
BIND 9.19 Planning: Incident Manager Rotation
Matthijs Mekking edited this page 2021-11-04 21:02:03 +00:00
Table of Contents

Attendees: Petr, Aram, Michal N., Michał K., Everett, Evan, Chuck, Mark, Ondrej, Peter, Cathy, Vicky, Artem, Aram.

We need more people (arguably everyone on the BIND 9 team in the long run?) to take part in Incident Manager rotation. This year, we had 5 BIND CVEs which were handled by a total of three unique IMs/deputy IMs. 2020 was similar. Similarly to Escalation Engineer duties, this leads to burnout and stalling other work, so the load should be spread across more people. "LRU order" sounds like a fair arrangement?

Thoughts

Vicky: Are there any special skills the IM needs to have? For example, access to security officer emails, ability to send email as security officer.

Michał: said nothing more than organization and meeting deadlines. But this did cause some confusion in the most recent CVE.

So far, only Michał has been IM. Petr and Cathy will be new for the recently reported one.

Can anyone use the checklist and do it by following the checklist?

Presentation

Chuck: Would it be beneficial to have an experienced IM give a short presentation on the process? This would help remove some of the mystery of it.

Yes, Michał going through the checklist at the end of the meeting.

Peter: Would it help if there was one person from support and one from Sweng (IM/Deputy).

Michał: It wouldn't hurt, but not sure if there is a real benefit.

Cathy: This shouldn't be confused with the "security officer" role being discussed in another forum: that is specific to handling security vulnerabilities.

Ondrej: Not everybody should do the IM. Some people are better at cracking whips, some are not

Evan: I don't know what it entails, I don't know if I am good it, but we need more people than just Michal doing this, so volunteering.

Matthijs agrees.

Chuck: There is a gitlab issue and there is nothing mystifying.

Petr: doing this for the first time, agrees with Chuck.

Everett: Perhaps a try at deputy-IM to get one's feet wet before taking on full IM duty.

Matthijs: Think it's better to do the IM first and use deputy as advisor role.

Ondrej: do we actually need the deputy IM role?

It helps:

  • Cathy: used for sparring ("Should we do this step?", "Is this sufficient?")
  • Chuck: In different timezone, deputy can help out.
  • Matthijs: Predictable who should take over.

Ondrej: Everyone has lots of tasks to do, do we really need a deputy? It means two persons are distracted.

Ondrej: Whomever is next in the rotation can be the 'deputy' (or better name is 'standby') for the current IM.

Takeaways

  • More people have to take part in the IM rotation.
  • Perhaps not everyone? It is a bad job, but some can handle it better than others.
  • Create a LRU list. The first one on the list is the IM. The second person on the list is the standby.
  • Update IM process wrt assigning CVE numbers.