Joseph Mack NA3T :
> Talk by Radware (www.radware.com)
> at NCSA www.ncsysadmin.org 10 Oct 2005
Note that we removed our radware appliance to use LVS instead. Load Balancing
using DNS is _evil_, especially with mobile internet and all those
misconfigured operator gateways.
Because most mobile gateway are written in Java, and I'm probably the only
one who read the java.security file. Just have a look on this ugly stuff you
can find in it and the unbelievable silly explanation given:
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
For security reasons ! Guys ! Well. So we removed radware. Note that we had
other problem with radware. The DNS cache of the clients is one, the response
time of the DNS was another. Several technical issues when you reach some
trafic limits was the last.
François.
|