[Openswan Users] DNSSEC opportunistic encryption: just a beautiful dream?

Niccolò Belli darkbasic at linuxsystems.it
Sun Mar 11 12:38:38 EDT 2012

Il 11/03/2012 17:22, Paul Wouters ha scritto:
> yum install dnssec-trigger
> https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations

Unfortunately I don't use Fedora and my intention is to put openswan 
directly in the gateway, not in the single clients.
All clients do already use a local validating resolver (bind), but I 
really don't know how to do the following steps:

 > 4) if received, unbound runs an ipsec whack command that pushes the
 >     IP from the A/AAAA record with the IPSECKEY obtained RSA key into
 >     pluto
 > 5) pluto loads the policy, meaning it will %trap packets to the IP
 > 6) unbound releases the A/AAAA to firefox


More information about the Users mailing list