[dns-operations] GSLB options?
Sean Leach
sleach at wiggum.com
Thu Oct 29 12:27:10 UTC 2009
On Oct 28, 2009, at 9:01 PM, Michael Sinatra wrote:
> On 10/28/09 14:57, Roland Dobbins wrote:
>
>> Nor can operationally useful GSLB be achieved merely by
>> manipulating DNS, either, as you also wisely imply (and have said
>> elsewhere many times in the past, heh); that's another huge
>> misconception surrounding GSLB, that one can simply play around
>> with DNS alone and be good to go. It's much more complex than that.
>
> Have any of the GSLB implementations been able to implement DNSSEC
> or is
> it on the roadmap? Considering that they selectively return
> different A
> records for queries and those answers typically have very low ttls,
> such
> RRs are arguably more susceptible to various cache-poisoning
> methods. I
> think Paul has made this point in the past; is anyone doing anything
> about it?
>
I can tell you this was very challenging to solve (especially given
the number of zones and queries we handle) but we will have DNSSEC for
our traffic management/GSLB functionality. I can also tell you many
of our clients use DNS for GSLB and are quite happy with it, even with
it's challenges.
Regards,
Sean
(Sr. Director - Technology, Neustar)
More information about the dns-operations
mailing list