On Wednesday 25 Oct 2006 15:59, you wrote:
just guessing but: 1) it's 'hard'
<rant> The reason the public facing DNS is poorly set up at the majority of institutions is the IT guy says "lets bring it in house to give us more control, how hard can it be?". When if they had left it with their ISP it would be done right (along with the thousands of others that the ISP does right). I've seen it done dozens of times when consulting. I have data from a personal survey that confirms this is the leading cause of poor DNS configuration and lack of redundancy in my part of the UK. I even have a few domains we slave to servers across several continents, and otherwise clueful IT people pick SOA settings that still cause their domains to expire too quickly when, had they left it to us, it would "just work". (okay I could override those settings, but if I do that why bother letting them master it in the first place?! "we delegated control to you, and then overrode all your settings because they were stupid?!"). So don't let the IT guy be a hidden master either, just leave it to the ISP. How I reach the zillions of IT guys out there to say "don't do DNS inhouse, you'll only mess up" is the remaining question; slashdot? </rant>