Hello all, Based on the conversation on the IPSec list previously about supporting Split DNS in IKEv2, Paul and I have written up a draft to add support for Split DNS (as well as DNSSEC) to the configuration attributes for IKEv2.
We’d like to get feedback from the working group about the level of interest in this topic, and if people would like to work on adopting it. Thanks! Tommy =================== A new version of I-D, draft-pauly-ipsecme-split-dns-00.txt has been successfully submitted by Tommy Pauly and posted to the IETF repository. Name: draft-pauly-ipsecme-split-dns Revision: 00 Title: Split-DNS Configuration for IKEv2 Document date: 2015-09-24 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-pauly-ipsecme-split-dns-00.txt <https://www.ietf.org/internet-drafts/draft-pauly-ipsecme-split-dns-00.txt> Status: https://datatracker.ietf.org/doc/draft-pauly-ipsecme-split-dns/ <https://datatracker.ietf.org/doc/draft-pauly-ipsecme-split-dns/> Htmlized: https://tools.ietf.org/html/draft-pauly-ipsecme-split-dns-00 <https://tools.ietf.org/html/draft-pauly-ipsecme-split-dns-00> Abstract: This document defines two new Configuration Payload Attribute Types for the IKEv2 protocol that together define a set of private DNS domains which should be resolved by DNS servers reachable through an IPsec connection, while leaving all other DNS resolution unchanged. This allows for split-DNS views for multiple domains and includes support for private DNSSEC trust anchors. The information obtained via the new attribute types can be used to reconfigure a locally running DNS server with DNS forwarding for specific private domains. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>. The IETF Secretariat
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec