This Week in Enterprise Tech 573 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Lou Maresca (00:00:00):
On this week in Enterprise Tech, we're going to go out with a bang with Mr. Brian Chi, my co-host. We're going to talk botnets, darpa, working with Raytheon Sassy Enterprise. Plus we're going to plead our in-depth view of the world of DNS with our third episode of final episode, talking about internal DNS and Actor directory with experts Josh Qua and Roche Gibson from Infoblox. You definitely should not miss this episode. Try it on the set
TWiT (00:00:26):
Podcasts you love from people you trust. This is
Lou Maresca (00:00:39):
Twit this week in Enterprise Tech episode 5 73 recorded December 15th, 2023 DNS Part three, exploring internal DNS and ad. This episode of this week in Enterprise Tech is brought to you by our friends at IT prot now a CI Learning acis New Solution Insights assist in identifying and fixing skill gaps in your IT teams visit. Go dot ACI learning.com/twit. TWIT listeners can receive up to 65% off an IT Pro enterprise solution plan after completing their form. Based on your team's size, you'll receive a properly quoted discount tailored to your needs end by Vanta, automate compliance and streamline security reviews with the leading trust management platform. Join 6,000 fast growing companies like Chili, Piper, patch, and Autodesk that use Vanta to manage risk and proof security in real time. You can try Vanta for free for seven days by going to vanta.com/enterprise. No costs or obligations end by Miro. The online workspace for innovation where your team can dream design and build the future together From any location. Tap into a way to map processes, visualize content, run retrospectives, and keep all your documents and data in one place. Get your first three boards for free at miro.com/podcast.
(00:02:06):
Welcome to twit this weekend, enterprise Tech, the show that is indicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this world's connected. I'm your host, Louis Masque, your guide to the big world of the enterprise, but I can't guide you by my dad myself. I need to bring in experts, experts in their fields, stuck at the very own walling back, my favorite human being, one of my favorite human beings. Mr. Brian c Gebert, how has been going on this week? What's been keeping you busy?
Brian Chee (00:02:32):
Actually, I requested that my partner back in Honolulu send me our demo G PON rig. The idea is single strata fiber. It's exactly what all these people at and t, Verizon, all these people use for fiber to the home. Well, I'm going to see if it's going to work nicely for distributing fiber through the central Florida fairground, so that ought to be really interesting and looking forward to playing around with that stuff again.
Lou Maresca (00:03:05):
Can you buy it in the bulk basically?
Brian Chee (00:03:07):
Oh yeah, sure. Actually ubiquity has them and there's all kinds. You can actually put optical network terminals, the head end portion. You can actually have one that's got two ports and hang it on a pole and run it off solar or run it off whatever. So there's all kinds of way of doing it and the piece that goes into the home, the PON itself, those things are down to I think 25 bucks each now.
Lou Maresca (00:03:43):
Wow.
Brian Chee (00:03:45):
Very So fiber to the home's getting really, really cheap and all through the Orlando metropolitan area, I'm seeing at and t trucks dropping fiber in the ground all over the place.
Lou Maresca (00:03:57):
It's about time. That's fair. Sure, indeed. Well, speaking, it is about time. It's about time to get into the enterprise news now coming up, we have a tech pack lineup. I can tell you that first we're going to dive into the world of cybersecurity. They're going to talk about botnets. We're talking about DARPA working with Raytheon. We're going to discuss the SS E in the enterprise, but then you don't want to miss our third segment of the DNS where this week we actually go into internal DNS and active directory integration with experts Jaqua and Ross Gibson from Infoblox Plus. We're going to have a lot of great discussions there, so definitely stick around, lots of talk about there later in this show. But first we have to take you through this week's enterprise news blips. This week we got to talk about a new botnet that's wreaking havoc.
(00:04:38):
That's right. Botnets are still alive and well. They haven't gone away. According to this dark reading article, researchers at Lumen Black Lotus Labs have uncovered a sophisticated internet of things botnet named the KV botnet. Now this botnet has been linked to attacks on US government and communications entities. The KV botnet primarily targeting small office home office network devices from various vendors exhibits advanced stealth capabilities. It's capable of spreading across local area networks and has been active since at least February, 2022. The botnet has infected a range of devices including Cisco dray tech, NETGEAR routers, and access IP cameras. Intriguingly. The KB botnet is associated with volt, typhoon or bronze silhouette, A Chinese state aligned threat group known for targeting US critical infrastructure. Now this botnet forms part of the vault typhoons arsenal, which has been used in various cyber campaigns against telecom firms, ISPs, and a US government organization in Guam.
(00:05:40):
Botnet operates from China and it's divided into two clusters. First one being the KY cluster, focusing on high value targets and the JDY cluster with broader, less sophisticated targeting. Most infections fall into the JDY cluster, but the botnet has also engaged with high profile including military and judicial entities. Its stealth is pretty noteworthy here. The botnet resides entirely in memory. That's right, making it elusive but also vulnerable to simple device restarts. It cleverly disguises itself. Its presence and terminates security processes, and it uses random ports for communication. To avoid detection experts highlight the strategic use of soho devices by attackers. These devices often with subpar security that are always not always up to date are ideal for concealing malicious activities. Now, they seldom monitored or updated, making them really easy for compromises. Now botnet, the KV botnet doesn't inherently spread to broader networks. It enables attackers to execute arbitrary commands and potentially launch further attacks within the local area networks. This development underscores the importance of robust security and cybersecurity measures, even in seemingly innocuous home and small office devices.
Brian Chee (00:06:57):
So thank you to VentureBeat for this article, and interestingly enough, one of our sponsors saw an opportunity to scale AI and reduce how overburdened overburdened compliance and security teams are with repetitive tasks. VTA is launching its VTA AI suite today, actually, sorry, yesterday. The suite relies on AI and large language models to help teams get more of their time back by automating repetitive security and compliance tasks. vta AI features AI powered vendor security reviews, generative questionnaire responses, questionnaire automation, intelligent control mapping and suggestions on the best test and policies for each compliance framework. All these features are needed for compliance and security teams looking for automation tools that scale and allow them to offload repetitive manual tasks. So having managed a wide variety of IT personnel over a huge variety of skill levels has pointed out, at least to me, that boredom from boring repetitious tasks is a formula for mistakes in the world of security. My wish is for AI to handle this repetition and then get my attention when something doesn't quite fit the models. Now, I think this is a perfect application for large language models based ai. So this Twitch sponsor has a product that I seriously wish I had had back in the close of last century when I had to manage security audits for a huge number of networks. So to my colleagues that keep wishing for the old days, unquote, I say to you, the best is yet to come.
Lou Maresca (00:08:46):
Now I enjoy covering revolutionary technology. So this week I want to turn our focus to a game-changing development in military technology. That's why military darpa, the US Defense Advanced Research Projects Agency has awarded Raytheon a $10 million contract for a groundbreaking project called the Persistent Optical Wireless Energy relay or Power System. Now this system is set to revolutionize how energy is delivered in contested environments. Imagine high altitude, unmanned aerial systems equipped with laser-based tech, not just surveilling, but actually powering, powering operations on the ground or in the air. That's right, remote power. These drones will beam energy up to a relay across multiple distances and deliver it precisely where it's actually needed. It's like an energy web in the sky, a dynamic and flexible power supply line that can support land, air, or sea-based operations indefinitely. Now, Colonel Paul Calhoun from DARPA highlights this strategic importance of this project, especially from military operations in remote areas where traditional energy supply lines are vulnerable and inefficient, although there's an acknowledgement of power loss during the transmission, the benefits of this airborne energy system, especially in reducing the risks associated with transporting fuel and conflict zones are huge. On a lighter note, it's like we're finally getting our version of sharks with fricking laser beams on their heads only this time. We're not just villains fantasy here, right? It's more about high flying drones powering our military laser beams in the sky, keeping our focuses charged and ready. It's something, and it sounds something straight out of a sci-fi film here, yet it's really making it a reality.
Brian Chee (00:10:28):
Okay, so I cherry picked a portion of an article also from VentureBeat and I strongly encourage you to spend just a bit of time reading the full article. However, this section of the article I feel presents the bottom line Cradlepoint Acquiring eCom is present where the SASE market is going and indicates how the framework will be adopted across global enterprises. VentureBeat recently hosted a conference call with CISOs and CIOs from financial services, healthcare, manufacturing, professional services, all industries that lead in SSE adoption today to learn how the increased pace of mergers and acquisitions in the SSE market is defining the future of this area. CISOs and CIOs view the acquisition as strategic because it shows the potential to combine networking and security into a cloud service. Cecil's also noted that a unified Cradlepoint and Aircom cloud solution could better secure hybrid work environments in virtual teams.
(00:11:38):
Read the whole articles worth your time. Keeping in mind that Cradlepoint is known for cellular modems with lots of security features built in, and ACOM was originally a VDI company that launched a zero trust virtual desktop system before Zero Trust became the biggest buzzword on the minds of CISOs and CIOs around the world. So as my last prediction as 5G approaches full rollout and is finally getting close to broadband speeds, what we may see in a very short span of time is to have a scenario where 5G modems terminate a secure data channel to a VDI server co-located with the cellular A PN that implements a zero trust virtual client that's on a secure virtual network. That's the only way to get to sensitive resources. I'm seeing people at Cradlepoint and Racom embedding these secure endpoint resources into all-in-ones and small black boxes. It could very well be a set top box. I'm also going to do, and I told you so reminding folks that I predicted the revival of VDI over a decade ago during AWI predictions episode where I brought up that science fiction authors like Arthur C. Clark talked about something just like this in his book, the Fountains of Paradise.
Lou Maresca (00:13:04):
Well, folks that does it for the blips, but stick around because next up we're diving back into the world of DNS. So definitely stick around. But before we do that, we do have to thank a really great sponsor of this Weekend, weekend enterprise Tech, and that's our friends at IT pro tv who's now called a CI Learning. Now it's challenging. It's really challenging a market right now. If you're like me, who works in an organization that needs good people who have the skills that meet modern demands, there has to be a way to ensure people can build the skills they need for these roles, right? Well, 94% of CISOs and CIOs agree that attracting and retaining talent is increasingly critical to their roles and with today's IT talent shortage is more important than ever for your team's skills to be current. Technology really evolves really so quickly that the skills gap develops very fast.
(00:13:51):
In fact, 87% of companies say that they have a skills gap in their employees. Now, the challenge of evaluating your IT staff skills is overwhelming, but it doesn't really have to be. ACL Learning Now offers a new tool insights, a revolutionary skills gap analysis tool to assure you that the training you're providing is actually working for your people in a quick one hour assessment. A CA learning's insights will allow you to not just see but understand and fix the skills gaps on your IT teams. Managers are all over rejoicing because this really is the solution that people have been waiting for. With the Insights tool, you can identify specific skill gaps in your employees and see where your team's weaknesses actually lie. Plus, empower your team with personalized training because you and I both know that generic blanket training, waste time and money and people don't find it interesting.
(00:14:40):
Insights offers detailed solutions support and strategy by issuing recommendations and training plans for individuals and your whole team. In fact, you can compare results against other organizations so you know where your org stands. Plus you can test skills and close the gaps with Practical Labs that allow trainees to focus on the skills they need most. Bridging the skills gap is now more efficient for your team. That means the A CI Learning helps you retain your team and entrust them to thrive while investing in the security of your business. More than 7,200 hours of content are available with new episodes added daily. ACL Learning outperforms its competitors with a completion rate that is 50% higher. That's huge. These are the training solutions your business has been waiting for. future-proof, your team and company with insights from ACI Learning visit go dot ACI learning.com/twit. twit listeners can receive up to 65% off an IT Pro enterprise solution plan after you completing their form.
(00:15:42):
Based on your team's size, you'll receive a properly quoted discount tailored to your needs. Definitely check out a CI learning for your organization and we thank a CI learning for their support of this week in enterprise tech. Well, folks, today we're going to wrap up our amazing series on DNS with our esteemed experts, Josh and Ross from Infoblox. Now they're going to dive deep into the nitty gritty of internal DNS and active directory. Now, before we get to that, I remember the days of setting up on-Premise Networks in Anheuser-Busch, Thomson Reuters, and I vividly remember wrestling with Active directory and DNS to support internally hosted services. So I definitely want to talk a little about that later, but it wasn't just a challenge, it was literally an adventure. So I can definitely get to that. Now, on that note, I'm sure that Josh and Ross have a lot to say about those things and how they've evolved. So to kick it off, I'll toss it to you guys and just ask very quickly, how is an internal version of DNS different from an external version?
Ross Gibson (00:16:42):
Sure, as you said, it is definitely an adventure. Anything in the DNS world always ends up being that way. The biggest difference is that you're dealing with namespace that are not resolvable on the internet. They're only visible to people within your enterprise. That's the most key distinction. And then in most cases, I would say probably better than 90% you find authoritative DNS and recursive DNS. The two pieces that we talked about over the past couple of weeks combined generally onto one system or it's quite often you could separate them internally, but I would say most corporations collapse those two into one server.
Josh Kuo (00:17:28):
So again, the main difference is external DNS by our definition is it's intended audience, is everybody else on the internet. I set up a web store, I have my domain name, I want names intended for the entire world. That's external DNS that we talked about in the last episode, and now we're going to dive into, well, let's say my company grows to be a much larger company. I need some kind of ad active directory infrastructure to support my internal networks. Well, when you have networks, you have DNS. That's how you find all the nodes. So this is for the intended audiences only on your network, usually privately addressed, not always, but the names should not leak out to the internet.
Lou Maresca (00:18:22):
Now, one question I have you guys, because I know that a lot of organizations that I talk to, they're being encouraged to expose most of their services externally. They have a lot of remote workforce, and so they're saying, Hey, let's expose a lot of these DNS remotely and then just enable kind of zero trust around it so that even though people can find these domains or even determine these domains, they still can't access 'em. They can't do anything to them. Are you seeing a lot of organizations or organizations still have internal DNS? Are they still focusing on it?
Ross Gibson (00:18:53):
Yeah, I would say it's prevalent everywhere. If you have an internal active director, you have to have DNS, right? It's not going to be based on namespace that's out on the internet, so it's going to exist for a long time. Even in the zero trust world, you're still going to have some DNS. One of the things as you bring that up, actually it plays interestingly in the zero trust discussion because historically people would try to control DNS resolution as a means of controlling access, and while resolution is a prerequisite for access, it does not equal access. I think that's an important distinction to make with respect to DNS. So yes, you can limit resolution, but that alone doesn't necessarily cut off. Communications just makes more difficult.
Lou Maresca (00:19:42):
That's interesting. So what kind, we had this conversation actually off camera before the show, is how we separate the small business from the enterprise level businesses. How is DNS different when it comes to a small organization versus an enterprise level organization?
Josh Kuo (00:20:03):
So right, kind of what we're talking about, a lot of people would classify enterprise maybe by the size of the employees or number of devices when we kind of threw numbers around like 5,000, 10,000. But in terms of DNS, if you're running, I think the rule of thumb would be if you have a server or a box running multiple functions, that's more of a small business way of doing things. As you go into the enterprise world, you specialize, you have different machines doing specialized functions, different teams doing specialized functions. So that's where we're going to dive in a little deeper to talk about how you probably wouldn't want your domain controller those capable. You probably don't want to also be your database server or a web server. So likewise, you should not have it also run DNS in the enterprise environment.
Ross Gibson (00:21:07):
And that brings up a good point because I think there has been historically a misconception that active directory and DNS need to be run on the domain controller, and that's simply not the case. Part of the reasoning for that is because of how critical DNS is to active directory, right? They're very closely intertwined, but there's no actual requirement that you run it on your domain controllers, and as Josh said, the busier your domain controllers get, the better off it is to split off those services. I'd say DNS seems to be the last one that comes off of it, but particularly in the cloud world, as you start to get intra involved where you're actually separating the authorization and authentication services into its own service, you really have to break those two pieces apart.
Lou Maresca (00:21:55):
That makes sense. It's interesting that you guys are saying split these things apart because I can tell you when you first set up a server, I mean server obviously, and you're sending it back to directory, the first thing is, Hey, you're D this. So they make you actually go and set up the DNS service on the same server. And so people usually just assume that, Hey, if that's the case, I'll just set it up all kind of one process and I'll use a service on the same machine and I'll just set it up that way. So it's pretty typical for small businesses to do that kind of thing.
Ross Gibson (00:22:22):
Yes, I would say it's very typical. Like Josh said before in that kind of I guess maturity model, a smaller business, they're going to have fewer servers, fewer people, so you generally are going to have less specialized IT professionals that are covering a much broader ground. And then as you grow and have more people, you're going to have more and more specialization as you fall into issues that come with scale. Things just inherently get more complicated over time.
Josh Kuo (00:22:54):
And I'll share a little sort of anecdotal story about active directory and DNS because I used to do a lot of deployments and migrations. So I've had a customer who felt like, well, I'm going to run DNS, I'm going to keep it on a domain controller, but they had a little outage, a caused domain controller to restart and the DNS service, everything else came back, but the DNS service, something went wrong with it, and because of that, nothing can resolve and the entire ad crumbled apart. Of course, then this customer drew the wrong conclusion like, well, it's critical, so I have to keep them on the same box. I mean, well, that's actually not the cause of the issue. In fact, that's my argument to say, well keep it separate because then you can have a specialized dedicated resource to DNS to make, you can add more layers of redundancy just to that component, make sure it comes up before any of your ad infrastructure comes online,
Ross Gibson (00:23:57):
And particularly in the enterprise space, the more and more mature you get, the more and more likely you're going to run into change control processes. And having that as a separate item definitely makes things a little bit smoother in getting your change control windows aligned.
Lou Maresca (00:24:13):
There's an interesting link that you guys put in the doc, which I saw, which is actually good. I'm glad we're going to talk about this because I'm most familiar, obviously with Microsoft DNS and Actor directory and intra, this particular link talks a little bit about maybe taking the case for non-Microsoft DNS. Where is that a good case to go after basically?
Ross Gibson (00:24:35):
Well, I think it starts with the whole foundation of just breaking things into dedicated services, whether they're Microsoft or not, is not necessarily the most critical piece to know about it. Just to know that you can separate it out. And then the other key piece there is knowing that Microsoft requires DNS, but it doesn't require Microsoft DNS in order for an ad infrastructure to function, you can use any standards compliant DNS that'll handle normal dynamic updates because active directory is built on a completely standardized way of doing that. So just about any typical commercially available DNS server is going to be able to handle and support active directory, right? Active directory is critical across so many places, everything has to support it. Otherwise you really would kind of be a non-starter in the DN S game.
Brian Chee (00:25:35):
I'll tell you what I want to ask. This is a good place everybody and their uncle is talking hybrid, hybrid, hybrid, but AD and DNS and that whole migration, Josh, you've done a bunch of migrations and things like that. How is the cloud DNS services and combined with ad, what kinds of nightmares are people looking for looking at, sorry.
Josh Kuo (00:26:10):
Well, they also might be looking for nightmares for some people. The, so to get to that, let's do a quick a technical recap of why Microsoft is so, or AD is so dependent on DNS. So when an ad client signs into ad authenticate into ad, it just ROS checks the credentials and it's going to find, alright, I need all these services. Maybe I need to find my printer. I need to find the LDAP server, I need to find whoever that finding mechanism is A DNS query. It looks for the SRV record for service record and the dc the domain controllers will return some value to say, all right, I got three printers for you to select print servers, and then the clients can pick through the SRV records to find those and then make the actual connection. So that's one part. And the other part too is the client, as they log into ad, they were going to go, oh, I got an IP address, I got a name. I'm going to put myself into DNS. Now Microsoft calls it registering itself. It's also called Dynamic DNS update. So it'll send a little message to the DNS server to say, Hey, my name is josh laptop.com, my current IP address is whatever it is and puts it into DNS. And if that part doesn't work, then your support or whoever, people who try to reach josh laptop.com by name wouldn't be able to get to the right place. And I'll throw the rest over to Ross because I took a easy one.
Ross Gibson (00:27:59):
Yeah, so I mean the other piece I'll throw out there in the authentication scheme with site aware, what I'll call site aware clients, right? So a typical Microsoft client is going, when it authenticates to the directory, it's going to get back site information as far as where it sits, and then it can actually make queries for site-specific services so that it can get an optimal response. Unfortunately, not all clients are site aware, so in some cases you have to get a little creative, and this kind of goes back to the piece that we were talking about last week with the GSLB or global server load balancing, where you actually can in some cases, and I've worked with some customers to do that, to optimize, for example, in the cloud, going to what Brian was saying, if you have site aware clients and you've got some in the cloud and some on premises and you don't want the guys on premises to be authenticating against the cloud or vice versa just from charges as well as just from traffic optimization or even more so if you've got a really mobile network, let's say you've got ships and they have active directory servers on them, you don't want them going to an on-premises authentication server because of the satellite delay.
(00:29:14):
It's going to ruin the experience. And then if you've got multiple ships going from ship to ship, it just makes it even worse. So there can be situations where you actually need to get down into that level and start doing some deterministic answers with your DNS to control that authentication process.
Brian Chee (00:29:33):
Well, we're talking about doing this or doing that, but we also need to talk about teams what, because an awful lot of different services and moving parts in this. So I'll use the example at the University of Hawaii. Only recently did the DNS team merge with the IPAM team people assigning IP addresses and managing the DHCP servers. What kinds of team mergers or splits are you starting to see in medium to large scale enterprises?
Ross Gibson (00:30:17):
Well, I'll take that just from my own experience. So I was actually a customer for, gosh, about seven and a half years before I came to Infoblox and worked within an organization where we did have a dedicated DDI team and we were all under networking, but as that enterprise had grown over the years, initially DNS was owned by the open systems team, the people who ran the UNIX servers that were running bind, and of course the guys in the networking world don't want to deal with running servers at all. That's way too far in for them. So eventually they got DNF or I mean sorry, DHCP and had to control that because it aligns with IP addressing. So it kind of makes sense there. And then as you get into bringing D-N-S-D-H-C-P and IP address management together into that DDI hole, that is the modern way of doing it. It tends to fall with the networking team in most cases. I'd say from most customers, that seems to be where it ends up.
Josh Kuo (00:31:20):
And I'll share what I've seen from the many dozens of customers I work with. I see roughly three types. Usually it's sort of by their history. If DNS used to be a service living on some kind of network gear like a Cisco router or something like that, then tend to be inherited by the network team. If it's like BIND or Microsoft ad, then usually system team inherits it. And I've seen a new category because of the security team might have brought in, Hey, we need a better newer DNS solution because it really ties into visibility and security control. Then the much rare scenario is the security team, my own DNS component. But what I'm seeing more and more as I see people come as I do education mostly now with classes is there are bigger enterprises. What I see is they're moving towards having a dedicated DDI or even a DNS team, and they'll work sort of in the middle because DNS itself is a little weird. You got to know networking. You kind of got to know systems and some scripting, some coding, and it also ties into security. So it's of overlaps with all of these and it does kind of require a special skillset as the size of your enterprise gets bigger.
Ross Gibson (00:32:50):
As Josh and I were actually speaking earlier this week and we got, I threw out a description of DNS is kind of the Rodney Dangerfield of network services.
Lou Maresca (00:33:01):
I love that. That's great. Well, you know what, we're going to talk a lot more about Rodney Dangerfield of network interfaces, but before we do have to take another great sponsor of this weekend enterprise tech, and that is definitely Vanta. Fast growing businesses are always utilizing tools, third party vendors and lots and lots of data sharing. Adding those altogether means more risk. That's right. Vanda is one of those game-changing services, real-time services that will change how you work. They were founded in 2018 after several high profile data breaches and as years progressed, online security continues to be one of the most important things organizations focus on. novanto understands firsthand how hard it is for fast growing companies to invest the time and staffing to build a solid security foundation. Vanta was inspired by a vision to restore trust and internet businesses by enabling companies to improve and improve their security.
(00:33:56):
Vanta brings your GRC and security efforts together. In fact, they integrate information from multiple systems and reduce risks to your business and your brand all without the need for additional staffing. And because Vanta automates up to 90% of the work for SOC two and ISO 27,001 and more, you can focus on strategy and security, not maintaining compliance. G two resoundingly loves Vanta year after year. Check out these honest customer views from business leaders. There's no doubt about Vanta effect on building trust with our customers. As we work more with Vanta, we provide more information to our current potential customers about how committed we are to information security. And Vanta is the heart of it from a chief technology officer, the best in automated compliance monitoring from a head of quality insurance and customer support there join 6,000 fast growing companies like Chili, Piper, patch and Autodesk. They use Vanna to manage risk and proof security in real time. You can try Vanna free for seven days by going to vanna.com/enterprise. That's VN t.com/enterprise to start a free trial. No costs or obligations and we thank Vanna for their support of this week and enterprise tech.
Brian Chee (00:35:17):
I want to jump in here. I have seen just an amazing number of reorgs in IT and telecom groups and I'd like to talk a little bit about the forces that are pushing these around and DNS time and time again was at the center of the conversations, things like you're doing government contracts and you have to adopt IPV six unified communications and voiceover ip, all forces for change in the technology groups. Now I've seen a lot of changes in Infoblox. I was actually at the University of Hawaiian. We were an Infoblox customer and I had a login to the cluster so I could go and manage different things just for my lab. But what about from the other side of the coin? Why don't you talk a little bit about the forces that are forcing these teams to reorganize and maybe you can do a little bit of a crystal ball on seeing what's happening in the DNS world that might force additional changes as the industry grows up even more. I boy, I see people scratching their heads.
Ross Gibson (00:36:36):
I mean, I think the cloud definitely plays a part in that. It has to play a role because that's driven so much reorganization with the whole DevOps concept and then DevSecOps. So DNS hasn't completely been injected into that yet, although it generally plays as a part of those provisioning processes. So you might see to where that starts to get enveloped into those parts, whether that's just as an input or actually having a resource within those teams that's capable of dealing with that. But the larger the enterprise is, the DNS can be one of those things where definitely on the smaller side of the business, it's not worth dedicating resources to it, right? Because there's just not that much change. Somebody will spin up a server, somebody will take something down, but it's not something where you've got eight hours a day worth of work, but the larger you get, the more and more work there is.
(00:37:34):
Now, of course, you can automate away a lot of that, and I would say that's more and more the trend, whether you're building that as a part of Terraform or Ansible templates or scripts or whatever it may be for doing that provisioning and creating the DNS record as a part of that. But I would say you're going to see more developers plugging into the API side of it, and then the question is, who's going to run that? Who's going to broker that? So I think the cloud's going to drive a lot of it. I just don't know exactly how it's going to shake out, but I would say you're probably going to see some in the cloud space are going to have to play more and more in DNS, which they have already with things like Route 53 or Azure DNS. So they're integrating with that somewhat. But when you get into the hybrid cloud world integrating with the cloud resolvers, it can get complex very quickly.
Brian Chee (00:38:29):
When we were talking about complexity, one of the titles I keep hearing now while the new titles, the DNS architect, why is this become such a complex weaving of services that we need full-time bodies when you start getting bigger?
Josh Kuo (00:38:50):
Yes, so actually I was, thank you for that really well timed question. I was going to say we're talking about all these possible conflicts among teams, among departments, among mergers, these DNS conflicts, I've dealt with a lot of these every, I can tell you right now, every company, every DNS environment I've ever analyzed is a pile of garbage accumulated over years. Nobody does a fresh architecture. They always inherit something that was passed down from the previous DNS administrator or architect. A lot of work to re-architect like a network technology evolved with cloud, you are supposed to re-architect your environment to keep up with these new features. And so I'll give you yet another example from my consulting days. So for internal DNS, a lot of teams might fight over, alright, well who is authoritative for our internal name? DNS doesn't work very well. When you let multiple people all claim I am the authoritative, I'm the one that has the right answer.
(00:40:06):
You have to have one entity that says I'm authoritative, I'm going to delegate out pieces. You unex team, you can run unex.company.com ad team, you can run ad.company.com, but if you both run company.com, there's going to be conflicts. So I've seen countless examples of that where people don't fully understand how DNS namespace work. They just go, you know what? You run one version, I'll run one version and we'll try to do these creative patches to make them kind of work. And it creates very subtle issues. One of them would be somebody goes to site A on this network application works because of DNS lookups, but when they go to a different building, the same device looking at the same name doesn't work because now it's getting a different DNS answer. And these are very hard to track down because people think, oh, this is a generic application or network failure.
(00:41:08):
And a lot of times they don't know where to look in DNS because when they do a lookup works for me, I'm in building B, this works totally fine for me, I don't know why it doesn't work for you. So that's kind of, Ross and I were out there kind of evangelizing that, yeah, you have a network architect from bigger places, you have a database, DBA sort of architect designer. Well, if your company is of the size and you're moving to the cloud, it's probably time that you get a DNS architect to really rethink is your DNS architect designed properly that's going to keep up with the times.
Ross Gibson (00:41:52):
And it really is critically important again at scale because all of your applications are dependent upon DNS, right? So if your DNS isn't working in an optimal way, all of your applications are not going to be working as well as they could be. So it's definitely worth investing the time and the money to having somebody do an actual DNS architecture for your enterprise. Having one vision, documenting standards and getting things because once they're running smooth, it can really optimize things in a lot of ways. I mean, even to the point where I've seen some really high level businesses where a millisecond or two difference of an application response time can equate to a great deal of revenue difference. And so when you can take that out of basically every network communication just by improving the quality of your DNS architecture, it's well worth the investment.
Lou Maresca (00:42:55):
I'm going to jump into just setting up DNS because I think that obviously businesses are, some businesses don't have DNS architects. I can tell you I was definitely not one when I was setting it up. And I think there was some challenges, like some simple things like for instance, how should I name things internally? Like most DNS servers, when you first set them up, they first tack on the local or they add on some kind of namespace. What's the appropriate, what's some best practices there?
Ross Gibson (00:43:25):
I definitely have some opinions on that. The first thing I would say I would advise people to do is build your namespace on namespace you actually own, right? So you're going to own a namespace externally, so company.com, whatever it happens to be, take a subdomain of that and make that the core of your internal namespace. The problem I've seen when you just start with something randomly, and this problem didn't use to be as big of an issue before ICAN started selling off customized TLDs, but once you got into the customized TLD world, you have a lot of situations where somebody built their internal network based on a certain namespace, right? So company, and if that happens to be a generic enough name that there might be some other company out there that also has that name and if they buy the TLD, then when your clients go off net for whatever reason, somebody takes their laptop and they go off net, it's still going to be looking for that ad infrastructure to try to authenticate against. So you're going to be sending traffic to that other party, may be a big deal, may not be, but they're going to be able to collect a lot of information about what your internal network looks like. So if it happens to be a hostile third party, that could be a real problem
Josh Kuo (00:44:56):
And this is a good time that maybe we can bring up one of the last link that we have. That's a list to all of the currently registered top level domains. And for the people on audio, you can also just Google search for a new GTLD. That's generic top level domains. A lot of us think of the classics, your.com.edu net. That's it, right? Just a handful. Now I think that a last time I counted as something like a thousand, a little bit over a thousand. So there's beer free pizza, ABC rocks, really just a lot of things you can think of. So you may have picked something thinking, well, I'm setting up ad, I'm just going to pick something random like XYZ or abc. No one's going to ever use that. Well, guess what? Somebody probably just bought it last month and now you have some name collision issues and I'll throwing yet another Ross talked about this could become a data leaking problem.
(00:46:05):
I have seen one where the customer is a nuclear power plant, so they're under a very strict set of regulations that they cannot reveal their internal networks. However, they did exactly what Ross said not to do. They picked an internal name that became available on the internet and they misconfigured their DNS, so their nuclear power plant devices start making DNS queries and they somehow leak to the internet because they think, whoa, this name is now available on the internet. I'm going to go look it up from root. Now hopefully whoever registered that name isn't collecting that data. But luckily this particular customer luckily caught it in time. They had to go through quite a bit of effort to re-architect their DNS set up. So choose wisely from the beginning to save yourself a lot of pain down the road.
Ross Gibson (00:47:08):
Yeah, I've definitely had a customer in that similar scenario where they built their namespace completely innocently around A TLD that they just made up, and several years later that actually got bought by somebody in Korea and they had a huge concern just from a security perspective about we're sending all this data over to who knows whom, and we have to deal with that. And so they had to re-architect their whole DNS because of that. So yeah, if you're standing up a new DNS, the best thing you can do is buy some namespace, create a subdomain, a do int. So let's say you own company.com, you can set up int.company.com and then use that as your root for all your namespace within your internal network.
Lou Maresca (00:47:59):
Now we have a lot more to talk about from setup perspective, so we'll definitely get to that. But before we do have to thank another great sponsor of this weekend enterprise tech, and that's Miro. Now, what is Miro? Well, it's an online workspace for innovation, but you may be asking what does that exactly mean and how can it actually help? Well, Miro is one incredible visual place that brings all of your innovative work to together. No matter where you're located, it's packed with the right things to be your dream products home base. We're talking six whole capability bundles from product development workflows to content visualization, and it's powered by Miro ai. That means you're generating new ideas or summarizing complex information pretty much instantly. Miro can work for any team, but product development teams really get the full experience. It offers teams the richest feature set of any visual workspace with specific tools to help with strategy or process mapping, facilitation tools to run effective design or agile sprints.
(00:48:58):
You get the picture, Miro connects super seamlessly to platforms. You're already using Jira, confluence, Google wasana, and so you centralize your work in a way that makes sense for your team. They don't need to leave Miro to update projects or statuses in any of those tools. You can do it all through Miro. It also ends up being a massive time saver. Miro users report saving up to 80 hours, 80 hours per year because they streamline conversations, cut down on meetings and see all the most up-to-date information in one place. Miro also just released a board video recording feature called Talk Track to save even more time. We're talking about pre-recording your thoughts and leaving it on the board. Instead of scheduling the millionth meeting of the week, go on, try it for yourself. Get your first three boards for free to start working better together at miro.com/podcast. That's m iro.com/podcast. And we thank Miro for their sport of this week in enterprise tech. Well, folks, we'll be talking about internal DNS and I've been kind of pushing on the setup side of things. I definitely did not set these things up correctly. I think I want to talk a little bit about, just briefly about the fact that obviously there's a lot of talk about secure DNS, obviously the whole concept of encrypting things and does that apply to internal DNS, should organizations be ensuring that they're securing DNS and enabling this encrypted DNS clients?
Josh Kuo (00:50:31):
Okay, I'll take a first step and then I know Ross has a lot of thoughts on encrypted DNS. So I, but before we get to why you've been encrypting it, that's a very double-edged sword. Let's talk about what is embedded in your DNS queries. Who cares? People might think, well, who caress? You see me looking up facebook.com? That's maybe a privacy thing, but what else could really be bad that comes from DNS queries? Well, and so we dedicate a few chapters in our book, the Hidden Potential DNS Insecurity. We really talked about these is how most malware, I think the last time we looked at the statistics, 92% or more than malware are using DNS for communication, for command and control, for data exfiltration. And one particular, since we talked about nuclear power plants, and a particular case that we cover in the book is spyware. So they could infect your phone and when you walk into what you think is a secure network with no direct connection to the internet, but DNS has a very unique hopping mechanism that could hop outward so that you think you don't have direct internet access, but DNS does. It could hop through forwarding eventually getting to the attacker and back, and that's how they stole secret information out of the secure networks, including nuclear power plants. So that's in ENS queries. So encrypting it that's, and I'll let Ross finish why that's a double-edged sword.
Ross Gibson (00:52:14):
Yeah, so I think encrypted DNS, it was really more conceived for privacy from the non-enterprise user. So somebody just at home and trying to cover that what was known as the last mile problem, right? So the communication between the client itself and its recursive DNS server, and that's the piece that encrypted DNS deals with. I would say in an enterprise space, you've got a lot of investigation going into what's happening within your DNS security teams spend a lot of time gathering and analyzing DNS data, and by encrypting it, you make that more challenging, not impossible, but more challenging. Now, if you own the DNS server, you're still going to see that traffic regardless, right? Because you're the target for that. And by running your own encrypted DNS servers internally, you can actually see that traffic and then add those security controls back in. So the key thing is that you're going to see, because operating systems are moving to selecting encrypted DNS servers, by default, you're going to have to see enterprises build encrypted DNS servers internally in order to handle those clients rather than risking them try to connect to something on the internet, which is much we talked about a couple weeks ago, much more challenging when you deal with dough d NSS over HT PS because you can't determine the difference between the DNS traffic and the HT P traffic
Josh Kuo (00:53:45):
Sort of, I guess full circle back, tying it back to a ED, that's yet another reason to decouple DNS from your domain controllers. If now we're talking your DNS server, probably I think in the very near future for most enterprises need to support these encrypted DNS protocols for the reasons that Ross mentioned. So do you really want your domain controller to do all these ad functions and DNS and DSP and handle encryption, right? That's just another thing. You really don't have to throw it onto the domain controller, use a specialized appliance or server and then you can patch it. You can enable different protocols like DOH over HDPS, there's new ones, DOQ over DNS over quick DNS over TLS, just gosh, they just keep coming.
Lou Maresca (00:54:42):
One thing I learned from you guys' book, because I did actually read part of it here, is that there's other ways to use DNS to secure things. So obviously DNS SEC is one way, but there's a laundry list, especially internally, the organizations can go set up and limit access and other things. What are some good best practices there?
Ross Gibson (00:55:01):
So rpz is the general technology that comes into play here, response policy zones, and basically think of it as a way to implement policy by name. So you can say, I don't want you to go to bad guy.com. And so you can take anybody that's querying for that traffic and you can tell them that it doesn't exist. You can send them somewhere else completely, or you can let 'em through and just log it, but you gain telemetry on knowing who's looking up those namespaces, which that alone is valuable information, but the fact that you can take them and direct them elsewhere or just direct them to nowhere is a huge weapon for security teams. It is one of those things where, I don't want to say it's irresponsible, but it's almost irresponsible to run any type of large scale enterprise DNS without some type of RPZ or DNS security mechanism there. It offers way too much protection for such little effort. It doesn't make any sense not to have some measure of DNS security in an enterprise network,
Josh Kuo (00:56:17):
Right? And I concur that's probably the lowest hanging fruit when it comes to enterprise DNS. You mentioned DNS sec, that's probably more for external DNS. If you're setting up external DNS, think about DNS sec. That's more for the world when you're doing internal design. The, again, DNS community loves making a new terms. So we have another one called protective DNS pd, DNS, different from passive DNS, which we invented 20 some years ago. So protective DNS uses something like an RPZ. Basically it downloads a or synchronizes with a threat intel source to know what are the best bad names today, and I'm going to drop or block these. Those are very easy to implement. A lot of vendors out there, not just in Infoblox, many other vendors supported. So definitely get that for your internal corporate DNS lookup.
Brian Chee (00:57:20):
All right, I'm going to jump in. I'm going to ask my infamous crystal ball question. Where are we going? It sounds like there's a lot of things changing. I've been to several IETF meetings and talk about herding feral cats. Where's the DNS world going? You guys obviously work for a big DNS appliance vendor bind has some really cool things. I wouldn't do DNS on active directory to save my life if I could, but the world has to be converging someplace. We're going towards something, and I'd like you guys to go and peer into your crystal ball and where do you think we're going? DNS came from a kinder, gentler world, but things have to change because there's a lot of bad people out there. So Ross, Josh, shine up the crystal crystal ball man.
Ross Gibson (00:58:30):
Yeah, so we actually did put some of this into the book in what we call dap DNS and network assured policy. So it's basically taking the DNS process and integrating it with your network controls. So in other words, especially in the world of dough where you could have somebody going out and looking up something via a DNS server that you're completely unaware of, and then trying to get there by making sure that people are using the approved DNS server for your enterprise before opening up the firewall to allow that traffic, that's where you can start to bring those two together and force people to use the DNS server that has your policy controls in it. That's the real key is once you get dough going on, if people were able to get that traffic out to some third party DNS server, not only are they going to have problems resolving the internal namespace, but any of those security controls that you've put in place to protect your users are completely invalidated. So you need to force everybody to use the DNS servers that you have. And the next step, I think, to getting to that is to actually integrate basically the firewall with the DNS so that the firewall knows you use the proper DNS server in order to start this communication. So I will allow the communication, and if not, I block it.
Josh Kuo (01:00:03):
Right? And so I think we both agree that basically the overall big direction is DNS will play a even bigger role in security in the coming years. I think that's a very safe bet. There's the DAP concept that Ross talked about that we described in detail in our book, how to use it to control your internal traffic going outbound. And then there is also abuses on the internet today. There are millions of domains being registered every single day for no good reason, but to host malware, phishing sites, whatever scam of the day is, and currently the detection and take down process is just too long. It just takes too long. And by the time you convinced ican, this is a bad place, take it down. It's too late. The scammer, the attacker already moved on. He already got all your Bitcoins seven months ago. So I think, I know there's some talks I recently attended. ICAN is talking about we need to streamline all of this process to make it one harder for people to register these malicious names and two, to detect them quickly, and three to take them down quickly. Now that sounds easy, but there's a lot of the governance and compliance side of things that they're trying to work out.
(01:01:38):
I hope for all of us, they do work it out because the internet is getting DNS, just internet overall is getting dirtier and dirtier with just infections and malwares. Yeah, so at the point, I think at some point we had to go do the same thing that we did with network firewalls decades ago. Earlier days we're like, yeah, it's wide open and we'll block this and we'll block that. Pretty soon we learned no firewall will block everything by default and let this out and let this out. I hope we don't get there, but we might. DNS might be someday to say that's it. No names will resolve except these names that we say are okay to resolve. I hope we don't get there, but we might.
Lou Maresca (01:02:29):
Well, thank you guys. This has been a fantastic series. I've learned a lot myself actually. In fact, we've had an overwhelming response regarding the usefulness of all the information. So thank you so much for giving us all the great content and really taking the time to share with everybody. Now, did you guys want to take maybe a moment to maybe pitch something, talk about something, maybe talk about your book a little bit?
Ross Gibson (01:02:50):
Sure. As Josh mentioned before, it's called the Hidden Potential of DNS Insecurity. It's available on Amazon. We've got paperback, hardcover, as well as Kindle versions. And it really, I will say the focus of that book is on the security profession. So this is not for the DN s architect, it is for the people that interact with DNS but aren't the ones responsible for running it. And it's about how they can take DNS and use it as a security tool, which as Josh said, it is really going to become a bigger and bigger player in the security world, and there's no reason not to use your DNS as a security tool these days.
Josh Kuo (01:03:32):
And both Ross and I are on LinkedIn and we are slowly writing more blog entries for our blog, dns insecurity.com. So we're going to try to share more thoughts there. Maybe some for the DNS architects too.
Lou Maresca (01:03:51):
Fantastic. Thank you guys so much for your time and all the great information. Appreciate it.
Ross Gibson (01:03:56):
Thanks for having us. It's been great.
Josh Kuo (01:03:57):
Thank you.
Leo Laporte (01:03:59):
I know Curtis and at gibbert, and you know that this was the last episode of this weekend enterprise Tech, and it breaks my heart. Lisa and I have had to make some very tough decisions over the last few weeks, and among them we're canceling some shows and this is one of them. I'm sad to say you have a devoted and loving fan base who've really supported you, but I'm afraid too small for us to support. So there are a couple other shows we're canceling. We've already announced some. This is one of 'em I've already told this isn't a Shock to Lou Cheaper or Curtis, but the reason I wanted to do this in show is I wanted to give you all a chance to say goodbye and to thank the audience and to tell people how to reach you going forward. It breaks my heart.
(01:04:53):
It's a hard thing to do. We never want to cancel shows, but just economics require it. So Lou, you've done a great job taking over for Father Robert. The show's been fantastic. Brian, you've been here forever, Curtis, to all the people, this was a terrible show to end on because it was so damn good. This has been a great series on DNS and it makes me doubly sad, frankly, because the content has been so important. But I'll let you guys say goodbye. I didn't want you to have to be the bearer of bad tings. Thank you, Leo. I am the Grim Reaper this week. Sorry. Sorry to say.
Lou Maresca (01:05:34):
Well, I tell you one thing, father Robert obviously kicked the show back off what? In 2012, and obviously Curtis and Bert were at the helm there and they really developed the show into a pretty amazing format, I think over the years. And I think obviously with the support of you and Lisa and Twit, really I think the show just excelled over the years. I think we've had so much great content. In fact, it's really for me, when I picked it up as hosts after Father Robert passed the baton there, I think it was just really a chance for me to not only develop good friendships, but get to know some pretty brilliant people. I talked to CTOs and CEOs and CISOs and IT professionals, you name it. I learned a ton of stuff and I've personally grown myself I think during this entire journey. So I definitely think it's been a great opportunity to really meet the people that are shaping the world and the enterprise world.
(01:06:27):
And I definitely feel blessed. So thank you so much for the opportunity. And also I want to thank all the co-hosts over the years too. Obviously Mr. Brian Chi, Curtis Franklin, we had Oliver Wrist, we had Heather Williams, we had Brian McHenry, so we definitely had a lot of great professionals that came in and got to be part of the show and kind of direct us in many different ways. And obviously all the behind the scenes people that really helped make the show twit to be really successful. So just thank you for everything and it's been a great ride. Like I said, I've been telling, I told Lisa this, it's always been a rollercoaster ride for me. I've just enjoyed the entire ride. And of course I knew at some point we'd end up having to get off the ride. And again, it's just been a great ride for me. So thank you.
Leo Laporte (01:07:19):
11 years is a long time to talk about enterprise. You guys have a lot of stamina, that's all I can say.
Brian Chee (01:07:26):
Well, Kurt and I have known each other for going on at least two decades, maybe a little longer, and he and I have written some absolutely massive articles in the past when we were at first Internet week and then InfoWorld together. And for a little while, my lab at the University of Hawaii was one of the top five testing labs in the United States and all the huge, huge big iron tests that Infra World did for, I don't know, maybe half a dozen years were done in Hawaii. So that was a lot of fun and being able to share that experience with the viewers has been amazing. And I'm still going to be on Twitter because I'm stuck there. I've got a lot of iot stuff that talks to my Twitter address. And I still own A-I-S-P-A wireless internet service provider in Honolulu. Actually. I'm partner with a guy and so I'm going to keep my fingers in there. And Jeff Marchini and sorry I didn't get the question about blockchain in there, but we'll talk lots of blockchain in the future. But thank you very much for the opportunities and it was great. I was actually at in the Brickhouse when Leo asked Padre if he wanted to run an enterprise show. So that was a lot of fun. And Padre we're all chatting in Discord thinking Padre must have registered Catholic. Yeah, I saw that.
(01:09:06):
He may well have, he probably had the idea. Well, the telephone number I think is his Rome number, so he might have done that one. Hysterical. The reality is is I'm pretty easy to find. Bert doesn't have too many duplicates out there. Someone did grab Bert on Twitter, so I don't know. But anyway, love to hear from you and look forward to seeing you folks in real life as we start doing other things.
Curtis Franklin (01:09:45):
I wanted to say I've been defining myself as a journalist for the better part of four decades now, going way back to computer shopper in Byte Magazine days, and I've been very proud of the journalism that we've done here on this week in enterprise tech. It's a very specific kind of journalism, what I call advocacy journalism because we haven't just put out facts and stories, we've put them out because we wanted our listeners to succeed. We had a point of view, and that's valid, and I think we've done a good job at that and I've been proud to be able to do that and also been proud to do it as part of the Twit Network. Leo and I first met when we were both speakers at the very first podcasting conference, oh my God, back in the Ples Toine.
Brian Chee (01:10:48):
But
Curtis Franklin (01:10:50):
It's been a great operation. No one knows better than Leo. That podcasting has been a wild ride so far, and I'm not at all sure it's going to get any less wild going forward. I have no idea what it's going to bring, but it'll be something entertaining. People who want to follow me can, best way to do it is on LinkedIn. I'm Curtis Franklin at LinkedIn. Please follow me. And I am always thrilled when someone walks up to me at a conference or at a trade show, recognizes my voice and comes around and wants to meet me. I'm always delighted to meet people, so I continue to want all of those who listen to TWIT to succeed to be happy, and I look forward to catching up with you somewhere down the road.
Lou Maresca (01:11:43):
Definitely hit me up on whether it's on x.com, at LU m, I'm Lewis Moresca on LinkedIn. Lot's of great conversations I have on there, whether it's about careers or technology or implementations or architecture, that kind of thing. Definitely hit me up there. If you want to see what I do during my normal work week at Microsoft, definitely check out developers.microsoft.com, SaaS office. They're my engineering teams. Post all the latest and greatest ways to customize your office experience, make it more productive for you. In fact, if you have Microsoft 365, open up Excel right now and check out the automate tab. That's right. The automate tab is a new tab that's in Excel lets you automate things as you generate JavaScript, run it on in power. Automate lets you do remote automations for Excel, whether it's opening the document yourself, interactive or even behind the scenes.
(01:12:28):
Definitely check that out and automate things and make things more productive for you guys. I want to thank everyone who makes this show possible, especially thank you to Leo and Lisa over the years. They supported Enterprise this week at Enterprise Tech and we really couldn't have done this show without them. So thank you for all their support. Of course, thank you to all the engineers. They made it possible. Of course, thank you to Mr. Brian Chi as well. He was not only our co-host, but he was our Titleist producer as well. He did all the show bookings and the plannings for the show, so we really couldn't have done this show without him. And of course, before I sign out, thank you for the editor today because you know what? They make us look good after the fact to remove all of my mistakes. Thank you very much for that. Of course, thank you to our TD for today, Mr. Jamer B, because you know what? Without you guys, we couldn't have done this show and made it very smooth and fluid, so I appreciate all of that as well. One
Leo Laporte (01:13:13):
Last comment.
Brian Chee (01:13:14):
I want to say thank you to our viewers for 573 amazing episodes.
Leo Laporte (01:13:21):
Wow, that's a lot of great content you guys have created, and I'm thinking about by and InfoWorld and all the other magazines that died long before us. I hope we're not going to go the same way. I think it's really vital that people get these kind of information, the information they need. That's why we started TWI all those years ago. That's why I wish we could keep doing it. We just can't afford to, and that's why I hope somebody else picks up the mantle and keeps this show and the enterprise news flowing. I think it's so important. Everybody needs to hear this, and Lou, you've done such a great job picking up the mantle from Father Robert and I thank you and Curtis and Brian, you guys are great. I really appreciate it. No reflection on you at all or the subject matter frankly. It's just I think maybe mostly the problem with Yeah.
(01:14:15):
Yeah. Thank you. I appreciate it. It's been fun. It's been a great one. I'm going to let you guys go. Wish you a happy, happy holidays. You got a little more free time on your Fridays now. Helps really use that to good advantage and to our great audience, we thank you so much for so many years. We appreciate it. We hope we'll see at other TWIT shows. Of course, these guys will appear on our other TWIT shows on a regular basis. You can count on that, and if you're not yet a Club Twit member, this is how you keep this from happening is by joining Club Twit. Your support makes a huge difference. Thank you guys. We'll see you. Happy holidays. Thanks, Leo. Here's to a great 2024. Take care everybody. Take care. Best wishes.
Ad (01:15:07):
Looking for a fun way to win up to 25 times your money. This basketball season test, your skills on prize picks the most exciting way to play daily fantasy sports. Just select two or more players, pick more or less on their projection for a wide variety of stats and place your entry. It's as easy as that. If you have the skills, you can turn $10 into $250 with just a few taps. Easy gameplay, quick withdrawals and injury insurance on your picks are what make prize picks the number one daily fantasy sports app ready to test your skills. Join the Prize picks community of more than 7 million players who have already signed up. Right now. Prize picks will match your first deposit up to $100. Just visit prize picks.com/get 100 and use code get 100. That's code get 100 at prize picks.com/get 100 for first deposit matchup to $100 prize picks daily Fantasy sports made easy.
