> DNSSEC and ISAKMP are not related.
Well, that's no longer entirely true... AIUI Microsoft seem to have
decided that in their DNSSEC implementation they will use IPsec (and
hence IKE with GSS-API) to secure communications from the client to
the validating resolver (rather than using GSS-TSIG, which is how they
secure dynamic updates). So in the MS world, DNSSEC and ISAKMP *are*
at least indirectly related.
I have no idea whether this is likely to result in port 500 traffic to
random non-participating nameservers, though - I would assume not but
am prepared to be proved wrong.
-roy
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
