[dns-operations] GSLB options?

Michael Sinatra michael at rancid.berkeley.edu
Thu Oct 29 16:00:38 UTC 2009

On 10/29/09 02:56, Florian Weimer wrote:
> * Michael Sinatra:
>> Have any of the GSLB implementations been able to implement DNSSEC or is
>> it on the roadmap?  Considering that they selectively return different A
>> records for queries and those answers typically have very low ttls, such
>> RRs are arguably more susceptible to various cache-poisoning methods.
> Most DNS resolvers are vulnerable to DNS spoofing all the time, not
> just when the TTL expires.

But having the ttl expire frequently opens you up to more spoofing


More information about the dns-operations mailing list