IPSec and DNS
Peter Shulkin
pshulkin at demoulasmarketbasket.com
Mon Feb 22 14:55:53 UTC 2010
I tried using dnsmasq to provide dns to the server, but I still get the
{MISSING| messages with ipsec verify. Do I need to add something to
nsswitch.conf to use dnsmasq?
Peter
________________________________
From: Peter Shulkin
Sent: Monday, February 22, 2010 9:00 AM
To: 'redhat-list at redhat.com'
Subject: IPSec and DNS
Can IPSec (either racoon or openswan) run without DNS on the connecting
hosts? Does DNS need to be configured to talk to windows servers, too?
We do not have DNS running inside our firewall, so:
ipsec verify
<snip> ...
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: store191
[MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 207.3.181.128.in-addr.arpa.
[MISSING]
Looking for TXT in reverse dns zone: 208.3.181.128.in-addr.arpa.
[MISSING]
Do I need to create false entries for dns? Our nsswitch.conf is set to
all files, and dns is not defined there. We really don't want to set up
a DNS server for this, if we can help it.
Thanks,
Peter Shulkin
More information about the redhat-list
mailing list