1300763 – Implement draft-ietf-ipsecme-split-dns for libreswan

Bug 1300763 - Implement draft-ietf-ipsecme-split-dns for libreswan

Summary: Implement draft-ietf-ipsecme-split-dns for libreswan

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libreswan
Sub Component:
Version:	7.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Paul Wouters
QA Contact:	Ondrej Moriš
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Depends On:
Blocks:	1490342 1533724
TreeView+	depends on / blocked

Reported:	2016-01-21 16:13 UTC by Paul Wouters
Modified:	2018-04-10 17:23 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Libreswan now supports split-DNS configuration for IKEv2 This update of the _libreswan_ packages introduces support for split-DNS configuration for the Internet Key Exchange version 2 (IKEv2) protocol through the "leftmodecfgdns=" and "leftcfgdomains=" options. This enables the user to reconfigure a locally running DNS server with DNS forwarding for specific private domains.
Clone Of:
Clones:	1490342 1533724 (view as bug list)
Environment:
Last Closed:	2018-04-10 17:22:34 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0932	0	None	None	None	2018-04-10 17:23:18 UTC

Description Paul Wouters 2016-01-21 16:13:30 UTC

Description of problem:

Improved support for DNS configuration in IKEv2 which also supports DNSSEC.

https://tools.ietf.org/html/draft-pauly-ipsecme-split-dns-00

Comment 2 Paul Wouters 2016-08-31 19:25:07 UTC

Here is a better description from the latest draft:

   This document defines two Configuration Payload Attribute Types for
   the IKEv2 protocol that define sets of private DNS domains which
   should be resolved by DNS servers reachable through an IPsec
   connection, while leaving all other DNS resolution unchanged.  The
   options define the set of DNS domains, DNS nameserver IP addresses
   and DNSSEC trust anchors to use for these DNS domains.  This approach
   of resolving a subset of domains using an IPSec connection is
   referred to as "split-DNS".  The information obtained via these
   attribute types can be used to reconfigure the local DNS resolution
   to use DNS forwarding for specific private domains.

Comment 7 Paul Wouters 2017-11-09 08:07:01 UTC

can I have pm_ack please?

Comment 17 errata-xmlrpc 2018-04-10 17:22:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0932

Note You need to log in before you can comment on or make changes to this bug.