DNSSEC and ISAKMP?
Roy Badami
roy at gnomon.org.uk
Fri Apr 16 20:03:29 UTC 2010
> DNSSEC and ISAKMP are not related.
Well, that's no longer entirely true... AIUI Microsoft seem to have
decided that in their DNSSEC implementation they will use IPsec (and
hence IKE with GSS-API) to secure communications from the client to
the validating resolver (rather than using GSS-TSIG, which is how they
secure dynamic updates). So in the MS world, DNSSEC and ISAKMP *are*
at least indirectly related.
I have no idea whether this is likely to result in port 500 traffic to
random non-participating nameservers, though - I would assume not but
am prepared to be proved wrong.
-roy
More information about the bind-users
mailing list