Paul Wouters <[email protected]> wrote: >> Paul Wouters <[email protected]> wrote: >> > See also Opportunistic IPsec, which is a way of creating a mesh with >> > IPsec using some kind of central (X.509) or decentral (DNSSEC) >> > authentication. See: >> >> And it's important to note that the reverse map that is used doesn't have to >> be the public (DNS) one!
> Right. But also we support the forward DNS. That is libreswan can also
> use the IDr for a forward DNS lookup, which can also be an internal-only
> zone. I believe in that case we also then do another lookup of the IDr
> in the forward to ensure it includes an A/AAAA record to the IP we are
> connecting to.
What's happening to your document about this?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
