Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I struggle with netbox. I understand their theory of separation of duties, but without it doing DDI and without it having native integration into all the major dns players the usefulness is questionable to me. Relying on people to always update the source of truth never actually works in practice in an organization of any size.


There are Ansible and Terraform modules, the source of truth should be kept up to date by your automation.

There are also reports you can write to catch any data issues.


I fundamentally disagree. The source of truth should be naively updating my components, not a script that may or may not break with the next update which has 0 support available.

Given the repeated asks on the GitHub issues, I’m confident I’m not alone in that belief.

Infoblox doesn’t tell me to write a terraform script to update AD/dns and vice versa, they built it into the product.


Netbox isn't really a DHCP/DNS server and doesn't claim to be. You don't have to use its IPAM features if you want to use Infoblox instead.

Netbox has a lot of great features for documenting your infrastructure even if you don't use IPAM - which Infoblox does not do at all.


I understand what it currently does. I’m saying they’re missing the mark and should finish building out the tool. I don’t want a separate tool for each.


Our current focus, with our current resources, is on core functionality. We want to nail that and then grow our roadmap deliberately, rather than go off and add a bunch of half-finished features just to tick some checkboxes. In the meantime, plugin builders are doing an amazing job tackling things like BGP community / session / policy management, DNS record management, and device ACL management.


> Relying on people to always update the source of truth never actually works in practice in an organization of any size

I agree, the only place it has ever worked for me was in a team of 6 with a fixed deadline and liquidated damages for being late, and the source of truth was a binder with all of the drawings. What is highlighted is true, what is not highlighted is yet to be checked. Be careful precisely what you highlight (cable tag, terminal number, relay contacts, etc) or you are throwing the team and company Under the bus.

Doesn’t scale but works great for getting shit done correctly with no fuss.


In practice nothing should work without the source of truth being updated.


I think that's two ways of saying the same thing - that NetBox isn't integrated into anything which forces it into being the source of truth. It's just a place updates sometimes get sent to.

This was my main problem with NetBox as well.


It isn't "forced" into being the source of truth, it was designed to be that from the start: https://docs.netbox.dev/en/stable/introduction/#serve-as-a-s...


Your ansible (salt, chef, whatever) inventories should be generated from your source of truth, then when they run they should apply against your infrastructure.

You shouldn’t be able to make any changes without driving them through the source of truth.


This is great if your source of truth can be NetBox alone but if NetBox is just a destination for generated workflows relying on things like actual DDI, which is what's actually required for the workflow, as the source of truth the idea every one will remember to update and cleanup NetBox falls apart.

Not to mention not every place can be assumed to declare their entire infrastructure in ansible chef or whathaveyou. If IT people everywhere got the time to redeploy their entire infrastructures only with what works for best practices to make their lives easier then IT people would probably be a lot happier :).




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: