Unix machines set up by anyone with half a brain run a local caching server, and use forwarders. IE, the nameserver process can establish a persistent TCP connection to its trusted forwarders, if we just let it.
Organizations often choose not to do this because doing so involves more risk and more things to update when the next vulnerability appears. In many cases, you are suggesting additional complexity and management requirements. A hosting company, for example, might have 20 racks of machines with 40 machines each, which is 800 servers. If half of those are UNIX, then you're talking about 402 nameservers instead of just 2. Since local bandwidth is "free", this could be seen as a poor engineering choice, and you still had to maintain those two servers for the other (Windows or whatever) boxes anyways. On the upside, you don't need to use a forwarders arrangement unless you really want to... but the benefit of those 400 extra nameserver instances is a bit sketchy. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.