[dns-operations] GSLB options?

Michael Sinatra michael at rancid.berkeley.edu
Thu Oct 29 03:01:06 UTC 2009


On 10/28/09 14:57, Roland Dobbins wrote:

> Nor can operationally useful GSLB be achieved merely by manipulating 
> DNS, either, as you also wisely imply (and have said elsewhere many 
> times in the past, heh); that's another huge misconception surrounding 
> GSLB, that one can simply play around with DNS alone and be good to go.  
> It's much more complex than that.

Have any of the GSLB implementations been able to implement DNSSEC or is
it on the roadmap?  Considering that they selectively return different A
records for queries and those answers typically have very low ttls, such
RRs are arguably more susceptible to various cache-poisoning methods.  I
think Paul has made this point in the past; is anyone doing anything
about it?





More information about the dns-operations mailing list