Our Intranet includes two datacenters with a CSS at each datacenter. Each CSS has a circuit to the LAN at that datacenter as well as a circuit to the CSS at the other datacenter via ATM. The problem we are having is with sites that are Global Server Load Balanced by the CSSs. Depending on where the client sits on the network and how the OSPF routing tables look, a client could send a DNS request to one interface on the CSS and get the response from the other interface. When this happens, the DNS response has a source IP of the second interface which looks like a spoof to the client.
I am wondering if anyone else has had this problem and what you have done to fix it. We are considering removing the ATM link between the two CSSs but it is nice to have. In my opinion, the CSS needs to be "fixed" to always source the DNS response with the IP address that it received the request on. In fact, the DNS RFC specifies that DNS servers must do this.
Any thoughts would be appreciated.
Web Infrastructure Specialist