Split DNS Configuration for the Internet Key Exchange Protocol Version 2
RFC 8598, “Split DNS Configuration for the Internet Key Exchange Protocol Version 2”, is a Proposed Standard document published in May 2019 by T. Pauly, P. Wouters. The canonical text is published by the RFC Editor.
Abstract
This document defines two Configuration Payload Attribute Types (INTERNAL_DNS_DOMAIN and INTERNAL_DNSSEC_TA) for the Internet Key Exchange Protocol version 2 (IKEv2). These payloads add support for private (internal-only) DNS domains. These domains are intended to be resolved using non-public DNS servers that are only reachable through the IPsec connection. DNS resolution for other domains remains unchanged. These Configuration Payloads only apply to split- tunnel configurations.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8598 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8597 Cooperating Layered Architecture for Software-Defined Networking
- RFC 8599 Push Notification with the Session Initiation Protocol
- RFC 8596 MPLS Transport Encapsulation for the Service Function Chaining Network Service Header
- RFC 8600 Using Extensible Messaging and Presence Protocol for Security Information Exchange
- RFC 8595 An MPLS-Based Forwarding Plane for Service Function Chaining
- RFC 8601 Message Header Field for Indicating Message Authentication Status
- RFC 8594 The Sunset HTTP Header Field
- RFC 8602 Update to the Telephony Routing over IP IANA Registry Rules regarding Postal Addresses