[dns-operations] GSLB options?
Michael Sinatra
michael at rancid.berkeley.edu
Thu Oct 29 16:00:38 UTC 2009
On 10/29/09 02:56, Florian Weimer wrote:
> * Michael Sinatra:
>
>> Have any of the GSLB implementations been able to implement DNSSEC or is
>> it on the roadmap? Considering that they selectively return different A
>> records for queries and those answers typically have very low ttls, such
>> RRs are arguably more susceptible to various cache-poisoning methods.
>
> Most DNS resolvers are vulnerable to DNS spoofing all the time, not
> just when the TTL expires.
But having the ttl expire frequently opens you up to more spoofing
opportunities.
michael
More information about the dns-operations
mailing list