Hi Andreas, thanks for your quick respond!
After reading it a few times it's clear for me now that the output is actually also there when no tunnel is currently up and running. :-) In this case I think the DNS is the root cause of the behavior I'm experiencing here. Let me suggest some enhancements to the Pluto daemon in that case. I think it is important for every software who is dealing with DNS data to respect other RFC standards like the Time To Live in this case. If Pluto does not care about any TTL set and only looks up the current A record at startup time, I would like to suggest a change to this behavior and add a routine to make sure that DNS records can actually expire and are being retrieved again. I think this is some kind of behavior one would always expect when using canonical names instead of IP addresses. If you would have any concerns in regard to increased DNS vulnerability it might be useful to make this new behavior as a configurable option. I'd highly appreciate if you could consider this to be a worth feature enhancement to the Pluto daemon respective the strongSwan suite. Best regards Julian _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
