[Openswan Users] Opportunistic Encryption and djbdns

Jack Byer ojbyer at usa.net
Sat Dec 2 19:33:59 EST 2006

I'm attempting to try out Opportunistic Encryption on my local network.
I have a dns server set up running djbdns with what I thought was all
the TXT records I would need. The output of ipsec verify however is a
little confusing:

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: lithium                 [OK]
   Does the machine have at least one non-private address?      [OK]
   Looking for TXT in reverse dns zone: d.c.b.a.in-addr.arpa.   [OK]
Looking for TXT in reverse dns zone: net\. at mydomain.in-addr.arpa.

What is that fourth check looking for exactly? I have a TXT record for
c.b.a.in-addr.arpa, I tried inserting a record for
net\. at mydomain.in-addr.arpa, but that didn't work either.

More information about the Users mailing list