FreeRADIUS, radsec and dnssec

Alan DeKok aland at
Thu Apr 6 21:28:41 CEST 2017

On Apr 6, 2017, at 10:53 AM, Brian Julin <BJulin at> wrote:
> Dynamic home servers was the missing ingredient at that time.
> I have seen indications from the core team that they are working
> to address this.

  It's sort of in v3, for the trust router work.  But not in a way that can be sustained moving forward.

>  The further challenge after that is session-aware
> load balancing correctly through a DNS change, and of course closing
> the security loop by validating the realm against server certificates.
> It's a pretty big project when you do more than just simple proxying.
> I would not expect it to materialize quickly, but people know the need
> is out there.

  In v4, all of the proxying is being moved to modules.  It means that proxy.conf becomes harder to configure.  BUT things like "proxy to 4 destinations" becomes trivial.

  And, adding dynamic DNS to radsec home servers is just a plugin module.  i.e. someone could start on it today.

  Alan DeKok.

More information about the Freeradius-Users mailing list