Split-DNS Configuration for IKEv2
draft-pauly-ipsecme-split-dns-00

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Tommy Pauly  , Paul Wouters 
Last updated 2016-04-04 (latest revision 2015-09-24)
Replaced by draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, draft-ietf-ipsecme-split-dns, RFC 8598
Stream (None)
Formats
Expired & archived
plain text xml pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-pauly-ipsecme-split-dns-00.txt

Abstract

This document defines two new Configuration Payload Attribute Types for the IKEv2 protocol that together define a set of private DNS domains which should be resolved by DNS servers reachable through an IPsec connection, while leaving all other DNS resolution unchanged. This allows for split-DNS views for multiple domains and includes support for private DNSSEC trust anchors. The information obtained via the new attribute types can be used to reconfigure a locally running DNS server with DNS forwarding for specific private domains.

Authors

Tommy Pauly (tpauly@apple.com)
Paul Wouters (pwouters@redhat.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)