[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNS and VPN

To: vvkumar@lucent.com
Subject: Re: DNS and VPN
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Mon, 23 Mar 1998 11:48:55 -0500
CC: ipsec@tis.com
In-reply-to: Your message of "Mon, 23 Mar 1998 10:20:20 EST." <35167DB4.7A82@lucent.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Kumar" == Kumar V Vemuri <vvkumar@lucent.com> writes:
    Kumar> RAS. How does one now resolve DNS queries across sites ?

  The best way is for the IPsec client to include a DNS server
locally, which either
	a) knows which domains to forward to which internal DNS servers

	b) acts a secondary for all the internal DNS servers
	(this answering the queries locally)
	[Bind 8 could transfer just the "STUB" zones, and avoid	having
	everything locally ]

	c) something else

    Kumar> Also, does not Win 95 permit one to have only two choices

  Technology is not limited by what Win95 can do.

    Kumar> for DNS ? Does this restrict the number of tunnels to a
    Kumar> maximum of two ?). I think it is unlikely that the client

  No, since a "domain does not exist" failure from the first does
cause the machine to query the second. Instead, one needs to put
127.0.0.1 in, and run a DNS server locally.

    Kumar>   b. Recently, in the mailing list, there was a reference
    Kumar> to the SKIX (Symmetic Key Infrastructure Architecture) and
    Kumar> X.17 in the context of symmetric manual keying in
    Kumar> IPSec. Could someone point me to the appropriate IETF group
    Kumar> that is working on this ?

  I think this was partially in jest. No IETF WG exists by that name,
but if one did exist, then they might start with the ITU's X.17 standard.

]     Network Security Consulting and Contract Programming      |  SSH IPsec  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |international[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQBVAwUBNRaScR4XQavxnHg9AQER8wH+Pqu+eONFZR5vIHD5gUA5miz6CIbTuMGX
fsUq5Rqze3zBomd/MVyLsxh/qmqF4fNQEpTVWkOGO2Z6DB7hBaLskg==
=KIw7
-----END PGP SIGNATURE-----

References:

DNS and VPN

From: "Kumar V. Vemuri" <vvkumar@lucent.com>

Prev by Date: DNS and VPN
Next by Date: Re: Deletion of SA
Prev by thread: DNS and VPN
Next by thread: Re: DNS and VPN
Index(es):
- Main
- Thread