Bug 1300763 - Implement draft-ietf-ipsecme-split-dns for libreswan
Implement draft-ietf-ipsecme-split-dns for libreswan
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libreswan (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Paul Wouters
Ondrej Moriš
Mirek Jahoda
: FutureFeature
Depends On:
Blocks: 1533724 1490342
  Show dependency treegraph
Reported: 2016-01-21 11:13 EST by Paul Wouters
Modified: 2018-04-10 13:23 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
*Libreswan* now supports split-DNS configuration for IKEv2 This update of the _libreswan_ packages introduces support for split-DNS configuration for the Internet Key Exchange version 2 (IKEv2) protocol through the "leftmodecfgdns=" and "leftcfgdomains=" options. This enables the user to reconfigure a locally running DNS server with DNS forwarding for specific private domains.
Story Points: ---
Clone Of:
: 1490342 1533724 (view as bug list)
Last Closed: 2018-04-10 13:22:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0932 None None None 2018-04-10 13:23 EDT

  None (edit)
Description Paul Wouters 2016-01-21 11:13:30 EST
Description of problem:

Improved support for DNS configuration in IKEv2 which also supports DNSSEC.

Comment 2 Paul Wouters 2016-08-31 15:25:07 EDT
Here is a better description from the latest draft:

   This document defines two Configuration Payload Attribute Types for
   the IKEv2 protocol that define sets of private DNS domains which
   should be resolved by DNS servers reachable through an IPsec
   connection, while leaving all other DNS resolution unchanged.  The
   options define the set of DNS domains, DNS nameserver IP addresses
   and DNSSEC trust anchors to use for these DNS domains.  This approach
   of resolving a subset of domains using an IPSec connection is
   referred to as "split-DNS".  The information obtained via these
   attribute types can be used to reconfigure the local DNS resolution
   to use DNS forwarding for specific private domains.
Comment 7 Paul Wouters 2017-11-09 03:07:01 EST
can I have pm_ack please?
Comment 17 errata-xmlrpc 2018-04-10 13:22:34 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.