[dns-operations] GSLB options?

Florian Weimer fweimer at bfk.de
Thu Oct 29 09:56:10 UTC 2009

* Michael Sinatra:

> Have any of the GSLB implementations been able to implement DNSSEC or is
> it on the roadmap?  Considering that they selectively return different A
> records for queries and those answers typically have very low ttls, such
> RRs are arguably more susceptible to various cache-poisoning methods.

Most DNS resolvers are vulnerable to DNS spoofing all the time, not
just when the TTL expires.

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the dns-operations mailing list