Bug 1300763 - Implement draft-pauly-ipsecme-split-dns-00 for libreswan
Implement draft-pauly-ipsecme-split-dns-00 for libreswan
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libreswan (Show other bugs)
7.4
All Linux
medium Severity medium
: rc
: ---
Assigned To: Paul Wouters
Ondrej Moriš
Mirek Jahoda
: FutureFeature
Depends On:
Blocks: 1490342
  Show dependency treegraph
 
Reported: 2016-01-21 11:13 EST by Paul Wouters
Modified: 2017-09-11 07:42 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1490342 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2016-01-21 11:13:30 EST
Description of problem:

Improved support for DNS configuration in IKEv2 which also supports DNSSEC.

https://tools.ietf.org/html/draft-pauly-ipsecme-split-dns-00
Comment 2 Paul Wouters 2016-08-31 15:25:07 EDT
Here is a better description from the latest draft:

   This document defines two Configuration Payload Attribute Types for
   the IKEv2 protocol that define sets of private DNS domains which
   should be resolved by DNS servers reachable through an IPsec
   connection, while leaving all other DNS resolution unchanged.  The
   options define the set of DNS domains, DNS nameserver IP addresses
   and DNSSEC trust anchors to use for these DNS domains.  This approach
   of resolving a subset of domains using an IPSec connection is
   referred to as "split-DNS".  The information obtained via these
   attribute types can be used to reconfigure the local DNS resolution
   to use DNS forwarding for specific private domains.

Note You need to log in before you can comment on or make changes to this bug.