[dns-operations] GSLB options?

Sean Leach sleach at wiggum.com
Thu Oct 29 12:27:10 UTC 2009

On Oct 28, 2009, at 9:01 PM, Michael Sinatra wrote:

> On 10/28/09 14:57, Roland Dobbins wrote:
>> Nor can operationally useful GSLB be achieved merely by  
>> manipulating DNS, either, as you also wisely imply (and have said  
>> elsewhere many times in the past, heh); that's another huge  
>> misconception surrounding GSLB, that one can simply play around  
>> with DNS alone and be good to go.  It's much more complex than that.
> Have any of the GSLB implementations been able to implement DNSSEC  
> or is
> it on the roadmap?  Considering that they selectively return  
> different A
> records for queries and those answers typically have very low ttls,  
> such
> RRs are arguably more susceptible to various cache-poisoning  
> methods.  I
> think Paul has made this point in the past; is anyone doing anything
> about it?

I can tell you this was very challenging to solve (especially given  
the number of zones and queries we handle) but we will have DNSSEC for  
our traffic management/GSLB functionality.  I can also tell you many  
of our clients use DNS for GSLB and are quite happy with it, even with  
it's challenges.


(Sr. Director - Technology, Neustar)

More information about the dns-operations mailing list