Who should Update DNS?

[Martin McCormick]

	Since such things as dynamic dns and Microsoft Networking
have come along, we have been faced with new requests by our
customers or clients and we have been wrestling with the issue of
just how much dns control to allow potentially un-trusted
portions of our net to have.

	Our position in the Data Communications group is that we
will shortly be setting up dynamic dns in at least portions of
our network, but we want to place and run the name servers that
do this function so that we can insure the quality of the service
and the speed at which we can make decisions regarding
maintenance and security.

	At the other end of the scale is at least one department
that wants to run its own dns and let it update ours.

	We don't like that idea at all and are arguing against it
on purely logical grounds such as network security and
reliability.  We have tried over the past couple of years to let
our remote campuses run their own dns's and it has not been a
good experience.  Folks who know what they are doing tend to get
promoted or move and sooner or later, unregistered IP numbers
start cropping up or there aren't any reverse-mapped addresses
for some hosts, and on and on.

	Then there are the Windows boxes that get installed as
name servers which crash and stay that way for hours or even days
until somebody calls somebody on the phone and asks, "What's
going on?"

	Have other universities been facing the same problems?
If so, how do you handle them?

	We have about 18 to 20-thousand students and around
23,000 IP numbers in use on our main campus.

	Is our model of one organization providing the core
Internet support still fairly common?

	Our argument is that our names are on the registration
for this domain which means the buck stops here and we want the
best possible network we can have for every single customer of
ours.

Martin McCormick 405 744-7572   Stillwater, OK
OSU Center for Computing and Information services Data Communications Group