[Openswan Users] DNSSEC opportunistic encryption: just a beautiful dream?

Niccolò Belli darkbasic at linuxsystems.it
Fri Mar 9 19:45:17 EST 2012

With .it still not having IPv6 glue and DNSSEC signatures I finally get 
a working DNSSEC setup with linuxsystems.biz. Next goal was putting a 
Passive OE gateway in front of my servers, when suddenly a doubt arises: 
what about the reverse zone? I was relieved when I discovered 
in-addr.arpa was DNSSEC signed, but then: 

"Unfortunately, even though there is a possibility for doing DNSSEC in 
the .arpa zone, the intermediate DNS Servers at the various ISPs do not 
support DNSSEC yet."

What a pity, is there someone actually doing Passive/Full OE using 
DNSSEC Look-aside Validation for the reverse?


More information about the Users mailing list