DNS Racing -Multi ISP load balancing with failover using DNS.
Mark Andrews
marka at isc.org
Tue May 31 01:33:34 UTC 2011
In message <4DE43E3E.2040409 at chrysler.com>, Kevin Darcy writes:
> Normally I'd defer to your vastly greater knowledge and experience in
> DNSSEC, but here in the U.S. we have a saying "I'm from Missouri", which
> is a roundabout way of expressing "show me" ("Show Me" being the
> unofficial slogan of the state of Missouri). Maybe it *should* work, but
> when it comes to nifty technical hacks, until co-existence is actually
> demonstrated, I still think there might be a gotcha somewhere...
This happens all the time whenever a signed zone content changes.
You have different servers returning different answers for the same
query all of which can be validated as secure. DNSSEC requires
that the data and signature pass through the system as a atomic
unit. DNSSEC aware servers and resolvers keep this data together.
If you don't things break.
DNS Race just keeps the answers permanently out of sync instead of
the temporary condition that happens with normal updates.
Mark
> - Kevin
>
> P.S. Don't even get me started on car commercials. I've seen a few that
> never even made it to the public eye :-)
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list