down sev0?

Simon Waters simonw at
Wed Oct 25 16:00:21 UTC 2006

On Wednesday 25 Oct 2006 15:59, you wrote:
> just guessing but:
> 1) it's 'hard'

The reason the public facing DNS is poorly set up at the majority of 
institutions is the IT guy says "lets bring it in house to give us more 
control, how hard can it be?".

When if they had left it with their ISP it would be done right (along with the 
thousands of others that the ISP does right).

I've seen it done dozens of times when consulting.

I have data from a personal survey that confirms this is the leading cause of 
poor DNS configuration and lack of redundancy in my part of the UK.

I even have a few domains we slave to servers across several continents, and 
otherwise clueful IT people pick SOA settings that still cause their domains 
to expire too quickly when, had they left it to us, it would "just work".

(okay I could override those settings, but if I do that why bother letting 
them master it in the first place?! "we delegated control to you, and then 
overrode all your settings because they were stupid?!"). So don't let the IT 
guy be a hidden master either, just leave it to the ISP.

How I reach the zillions of IT guys out there to say "don't do DNS inhouse, 
you'll only mess up" is the remaining question; slashdot?

More information about the NANOG mailing list