Why not? You only have to let port 53 in for DNS services. Putting any machine outside a firewall is equivalent to saying that they should be attacked. If you're Microsoft, it's equivalent to begging for them to be attacked. The reflexive distaste or even hate for Microsoft in the hacker community cannot be underestimated.
> If you can believe M$'s explanation of the problem, then a
> single router misconfiguration caused this problem. That is
Aha. Yes, I read that today. It doesn't violate 1034 or 1035 (which merely specify that name service be redundant) but it certainly violates good sense. Perhaps it's symptomatic of the rather insular mentality at MSFT - it's not like Microsoft has lax hiring standards. A shame all around.
Marco
,--------------------------------------------------------------------------.
> | We know what causes violence: poverty, <
> Marco Anglesio | discrimination, the failure of the <
> mpa at the-wire.com | educational system. It's not the genes <
> http://www.the-wire.com/~mpa | that cause violence in our society. <
> | --Paul Billings <
`--------------------------------------------------------------------------'