[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DNS and VPN
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Kumar" == Kumar V Vemuri <vvkumar@lucent.com> writes:
Kumar> RAS. How does one now resolve DNS queries across sites ?
The best way is for the IPsec client to include a DNS server
locally, which either
a) knows which domains to forward to which internal DNS servers
b) acts a secondary for all the internal DNS servers
(this answering the queries locally)
[Bind 8 could transfer just the "STUB" zones, and avoid having
everything locally ]
c) something else
Kumar> Also, does not Win 95 permit one to have only two choices
Technology is not limited by what Win95 can do.
Kumar> for DNS ? Does this restrict the number of tunnels to a
Kumar> maximum of two ?). I think it is unlikely that the client
No, since a "domain does not exist" failure from the first does
cause the machine to query the second. Instead, one needs to put
127.0.0.1 in, and run a DNS server locally.
Kumar> b. Recently, in the mailing list, there was a reference
Kumar> to the SKIX (Symmetic Key Infrastructure Architecture) and
Kumar> X.17 in the context of symmetric manual keying in
Kumar> IPSec. Could someone point me to the appropriate IETF group
Kumar> that is working on this ?
I think this was partially in jest. No IETF WG exists by that name,
but if one did exist, then they might start with the ITU's X.17 standard.
] Network Security Consulting and Contract Programming | SSH IPsec [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQBVAwUBNRaScR4XQavxnHg9AQER8wH+Pqu+eONFZR5vIHD5gUA5miz6CIbTuMGX
fsUq5Rqze3zBomd/MVyLsxh/qmqF4fNQEpTVWkOGO2Z6DB7hBaLskg==
=KIw7
-----END PGP SIGNATURE-----
References:
- DNS and VPN
- From: "Kumar V. Vemuri" <vvkumar@lucent.com>