[140677] in North American Network Operators' Group
Re: Experience with Open Source load balancers?
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Tue May 17 20:08:17 2011
In-Reply-To: <20110517232320.14963ECE4FD@drugs.dv.isc.org>
Date: Tue, 17 May 2011 19:07:39 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: "Welch, Bryan" <Bryan.Welch@arrisi.com>,
"nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, May 17, 2011 at 6:23 PM, Mark Andrews <marka@isc.org> wrote:
[snip]
>
> Better still would be for them to return AAAA records but until one
> is ready to do that the negative responses need to be correct.
Hm... better would be for load balancers operate transparently at Layer 3 and
not tamper with the contents of answers from proper DNS servers.
Eating traffic based on application content, or turning NOERROR,
0 matches into NXDOMAIN is seriously f***'ed up.
I look forward to more domains having DS records published by TLDs w/
signed zones...
and possibly browsers displaying warnings trying to visit HTTPS
domains without a signed zone.
perhaps load balancers/middle box manufacturers will start to become a
little bit more honest
in what they do with DNS traffic :)
--
-JH
