There are two major reasons for an organization to not want roaming
users to trust locally-assigned DNS servers.
Open recursive servers doesn't help in against man in the middle
attacks. If you want to avoid that use VPN's or (for DNS) TSIG.
I seem to remember that the ID actually mentions that.
jaap
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf