Pluto and DNS(SEC): Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) (Created page with " pluto and dns(sec): sometimes you need to have it resolved for the policy sometimes you need to lookup the dns (for right=) Do case analyses: auto=route needs IP address...") |
Tuomo Soini (talk | contribs) No edit summary |
||
| Line 8: | Line 8: | ||
Do case analyses: | Do case analyses: | ||
auto= | auto=ondemand needs IP addresses | ||
auto=add needs IP address | auto=add needs IP address | ||
Latest revision as of 01:15, 14 October 2018
pluto and dns(sec):
sometimes you need to have it resolved for the policy
sometimes you need to lookup the dns (for right=)
Do case analyses:
auto=ondemand needs IP addresses auto=add needs IP address
for instance to %trap a remote IP or subnet. Then if we did a dns lookup for a remote host, then we should take the TTL into account.
right=FQDN would need dns lookups
pluto used to be designed to always use IPs, not DNS.
We need to write out a few more details about DNS interaction.
DNSSEC support should remain a configre option so embedded can disable it. For builds with dnssec support, it would be nice to have an option to enable/disable dnssec.