maybe a dumb idea on how to fix the dns problems i don't know....

[karnaugh at karnaugh.za.net (Colin Alston)]

Joe Greco wrote:
>> Unix machines set up by anyone with half a brain run a local caching
>> server, and use forwarders. IE, the nameserver process can establish a
>> persistent TCP connection to its trusted forwarders, if we just let it.
> 
> Organizations often choose not to do this because doing so involves more
> risk and more things to update when the next vulnerability appears.  In
> many cases, you are suggesting additional complexity and management 
> requirements.  A hosting company, for example, might have 20 racks of
> machines with 40 machines each, which is 800 servers.  If half of those
> are UNIX, then you're talking about 402 nameservers instead of just 2.  


[Customers] <--/UDP/--> [DNS Cache] <--/TCP/--> [DNS servers]

Not so?

Of course, one shouldn't let the rest of the internet touch your DNS 
Cache query interface... but that's just obvious.

I mentioned this a while ago though, so I demand credit ;P Also, I think 
there is probably an IETF DNS WG list where this fits on topic (I have 
no idea what it may be though).