Because 20 years ago, we realised that this is a problem and stopped intermingling recursive and authoritative service. Software like the djb suite, nsd and unbound was written to assist in this separation.
Thus, noone has bothered to revisit the docs on the subject.
Part of the response you have received, thus, is because the separation requirement is mostly regarded as completely uncontroversial, like "do not allow TELNET without IAC DO ENCRYPT" or "Do not let SNMP community Public have write access" and similar obviousities.
I suggest we wait for the NCC folks to come back with the exact list of requirements used today and starting from those the community, since this is more controversial than I and others thought, should try to formulate a policy that is consistent with the desires and needs of the community and the Internet.
/Måns, down memory lane.
Mans, i get your point but it appears that since those 20 years one might have forgotten to just ask that question again (with todays technology in mind). "Its not working that way." "Why?" "It never worked that way, dont try". While telnet was replaced by SSH (and others), SNMP is still there but has made progress (v3, crypto etc). I'd rather compare the auth nameserver+open resolver thing to SNMP than to telnet. I agree with you to wait for the NCC to specify the requirements and see what the community thinks about it. In any way this should be documented somewhere, so that further confusion is avoided. - Jonas