A Method for Storing IPsec Keying Material in DNS

“…A mechanism to automatically deploy certificates and keying material for VPN infrastructures is the use of the global Domain Name System (DNS) [42,43], or preferably the more secure version DNSSEC [44,45]. An opportunistic variant, where IPsec protection is only used if a DNS IPSECKEY record is available, is specified in [46].…”

Section: Key Distribution Via Dnssecmentioning

confidence: 99%

A survey on automatic configuration of virtual private networks

Rossberg

Schaefer

2011

Computer Networks

View full text Add to dashboard Cite

Virtual private networks (VPN) offer a secure data exchange over public networks. Despite being cheaper than leased lines, growing sizes and dynamic behavior of VPN nodes, e.g., for mobility or reasons of denial-of-service-attacks, make a manual configuration of large, dynamic VPN expensive.Consequently, a number of different VPN auto-configuration approaches have been invented and partially deployed over the last decade. This article identifies a comprehensive set of objectives to be fulfilled by IP-based VPN auto-configuration, explains and groups mechanisms, and analyzes their strengths and weaknesses with regards to the objectives. Finally, it identifies potential future directions of autonomous VPN deployment.

show abstract

“…It may also be desirable to store IPsec keying material corresponding to an IP address in the reverse DNS, as justified and described in [RFC4025].…”

Section: Applicability Of Reverse Dnsmentioning

confidence: 99%

Operational Considerations and Issues with IPv6 DNS

Durand¹,

Ihren²,

Savola³

2006

View full text Add to dashboard Cite

This memo presents operational considerations and issues with IPv6 Domain Name System (DNS), including a summary of special IPv6 addresses, documentation of known DNS implementation misbehavior, recommendations and considerations on how to perform DNS naming for service provisioning and for DNS resolver IPv6 support, considerations for DNS updates for both the forward and reverse trees, and miscellaneous issues. This memo is aimed to include a summary of information about IPv6 DNS considerations for those who have experience with IPv4 DNS.

show abstract

A Method for Storing IPsec Keying Material in DNS

Cited by 28 publications

References 12 publications

Host Identity Protocol (HIP) Architecture

Host Identity Protocol (HIP) Architecture

A survey on automatic configuration of virtual private networks

Operational Considerations and Issues with IPv6 DNS

Contact Info

Product

Resources

About