From: John Payne (no email)
Date: Wed Jul 05 2006 - 07:58:27 EDT
On Jul 5, 2006, at 5:18 AM, Lincoln Dale wrote:
>
>>> but it's a perfect example of why GSLB based on DNS ain't perfect.
>> What would be a better solution then?
>
> utopia would be for DNS to be enhanced in some manner such that the
> 'end
> user ip-address' became visible in the DNS request.
> utopia would have NAT devices which actually updated that in-place
> so an
> authoritive nameserver always authoritively _knew_ the public ip-
> address of
> where the request was coming from.
That would kill all cacheability of DNS.
Split tunnel VPNs do somewhat break the DNS GSLB model, but I don't
think that's
as bad as anti-DNS GSLB people claim it is. If you were on a full-
tunnel VPN, you
would expect to be sent to nocal, right?
This could also be fixed in split tunnel VPNs with a local DNS proxy
that only used
the DNS cache on the other side of the VPN for the "internal"
domains, and your ISP's
DNS cache for everything else. That proxy could even be built into
your VPN client.
With wide open recursive nameservers getting such bad press lately, I
would expect
to see client <-> caching nameserver proximity getting a lot closer.
|
|
|