Re: maybe a dumb idea on how to fix the dns problems i don't know....

[Joe Greco <jgreco () ns sol net>]

> Unix machines set up by anyone with half a brain run a local caching
> server, and use forwarders. IE, the nameserver process can establish a
> persistent TCP connection to its trusted forwarders, if we just let it.

Organizations often choose not to do this because doing so involves more
risk and more things to update when the next vulnerability appears.  In
many cases, you are suggesting additional complexity and management 
requirements.  A hosting company, for example, might have 20 racks of
machines with 40 machines each, which is 800 servers.  If half of those
are UNIX, then you're talking about 402 nameservers instead of just 2.  
Since local bandwidth is "free", this could be seen as a poor engineering
choice, and you still had to maintain those two servers for the other
(Windows or whatever) boxes anyways.  On the upside, you don't need to
use a forwarders arrangement unless you really want to...  but the 
benefit of those 400 extra nameserver instances is a bit sketchy.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.