[Openswan Users] DNSSEC opportunistic encryption: just a beautiful dream?
Niccolò Belli
darkbasic at linuxsystems.it
Fri Mar 9 19:45:17 EST 2012
Hi,
With .it still not having IPv6 glue and DNSSEC signatures I finally get
a working DNSSEC setup with linuxsystems.biz. Next goal was putting a
Passive OE gateway in front of my servers, when suddenly a doubt arises:
what about the reverse zone? I was relieved when I discovered
in-addr.arpa was DNSSEC signed, but then:
http://www.sixxs.net/faq/dns/?faq=dnssec
"Unfortunately, even though there is a possibility for doing DNSSEC in
the .arpa zone, the intermediate DNS Servers at the various ISPs do not
support DNSSEC yet."
What a pity, is there someone actually doing Passive/Full OE using
DNSSEC Look-aside Validation for the reverse?
Cheers,
Niccolò
More information about the Users
mailing list