Hello, I may have need in the future to do some DNS load balancing, preferably in a way that works well with DNSSEC *without* needing the ZSK on the server. I found this page - http://nsdupdate.com/tag/round-robin/ - but I don't think NSD means to them what it means to me ;) What would be nice is if geolocation could be involved but I am not sure how that would work if at all with caching DNS servers since the end user client itself does not talk to the authoritative DNS server. Is there a solution? What I'm doing is building a font server that does not track, and if it becomes popular, load balancing can be an issue. My unfortunate experience with every CDN I have ever looked at is that whether used for tracking or not, cookies for the CDN often exist on the requesting client which makes them at least look like trackers, and I suspect many are trackers. With the CLOUD act in the United States, third party trackers have become an easy tool for government surveillance and thus have become even more creepy than they already were. When I get to point of needing load balancing, if at all possible I'd prefer to do it within NSD rather than pay a third party for the DNS. Thank you for suggestions, load balancing via DNS is never something I have had to use before. Would be nice if I could just supply a list of A/AAAA records for the hostname and the client would pick one with a fast ping time but it seems they do not do that.