We came to a decision last week about DNS. Or rather, Antonio came to an informed decision about DNS, and I came to an informed decision to trust Antonio’s decision.
Like most decisions, this one came down to a choice between sub-optimal options based upon imperfect information.
We are going to use ISC’s DNS service, which we can access programatically. ISC’s DNS service supports DNSSEC, which provides additional security for DNS. At this time, AWS’ DNS service, Route 53, does not support DNSSEC.
People tell themselves that their decision-making looks like this:
- Establish a list of criteria, weighted by importance
- Identify all the possible options
- Compare each option against the criteria
- Select the best option.
More often, #1 is skipped, #2 requires too much time, #3 is impossible because #1 was skipped, and the best option is really the best guess.
Even if all four steps are followed, no success is guaranteed. I have done evaluations that only found one lousy option—which became the choice by default. And there’s no guarantee that even one lousy option will exist.
The future can complicate matters. In the near future a better option for DNS with AWS may exist. AWS says DNSSEC is on the roadmap—which is often the vendor equivalent of “Your call is important to us.” After a year of AWS saying that support for DNSSEC is on the roadmap, with no timeframe for implementation, an AWS engineer last week told us that DNSSEC support will happen soon. How soon? He can’t say, but soon.
What’s the right choice, then? Well, we can’t wait. Since we can’t wait, the right choice now is probably going to be the wrong choice by next year. And this is only one AWS decision out of hundreds we have to make.
We’re making another choice based on a service announced by AWS, called Control Tower. It’s in beta. When will it be released in production? Later this year. Should we create our AWS landing zone now so that it aligns with Control Tower, or buy a different software called Turbot? Turbot might be rendered obsolescent by Control Tower, but it’s better than anything AWS is providing now.
How much do all these decisions matter? Daniel Kahneman in Thinking, Fast and Slow says that people underestimate the importance of luck in making decisions. As he says, “Because luck plays a large role, the quality of leadership and management practices cannot be inferred reliably from observations of success. And even if you had perfect foreknowledge that a CEO has brilliant vision and extraordinary competence, you still would be unable to predict how the company will perform with much better accuracy than the flip of a coin.”
In a way, this is reassuring. If our best efforts make decisions that hardly beat a coin toss, then we should make the decisions and move on.