one is that our network is obscenely open and used in weird ways.
public ips handed out to all the things via dhcp. dynamic hostnames (generated from the dhcp request) on a subdomain of our .gov for all the things. similarly static ips and top level dns records on our .gov are passed out like candy.
the border is heavily firewalled, and all networks are heavily sniffed and monitored, but everyone has a public ip with a .gov hostname. the network users consist of thousands of academics and scientists who use the network in fun an interesting ways, frequently without tls.
changing this culture is likely way more difficult than making config changes on bind and dhcpd
I've slowly learned to stop asking, and just try to keep my sobbing down during calls
long answer: there are a lot of reasons...
one is that our network is obscenely open and used in weird ways.
public ips handed out to all the things via dhcp. dynamic hostnames (generated from the dhcp request) on a subdomain of our .gov for all the things. similarly static ips and top level dns records on our .gov are passed out like candy.
the border is heavily firewalled, and all networks are heavily sniffed and monitored, but everyone has a public ip with a .gov hostname. the network users consist of thousands of academics and scientists who use the network in fun an interesting ways, frequently without tls.
changing this culture is likely way more difficult than making config changes on bind and dhcpd
I've slowly learned to stop asking, and just try to keep my sobbing down during calls