FreeRADIUS, radsec and dnssec

Arran Cudbard-Bell a.cudbardb at
Thu Apr 6 21:35:26 CEST 2017

> On Apr 6, 2017, at 3:28 PM, Alan DeKok <aland at> wrote:
> On Apr 6, 2017, at 10:53 AM, Brian Julin <BJulin at> wrote:
>> Dynamic home servers was the missing ingredient at that time.
>> I have seen indications from the core team that they are working
>> to address this.
>  It's sort of in v3, for the trust router work.  But not in a way that can be sustained moving forward.
>> The further challenge after that is session-aware
>> load balancing correctly through a DNS change, and of course closing
>> the security loop by validating the realm against server certificates.
>> It's a pretty big project when you do more than just simple proxying.
>> I would not expect it to materialize quickly, but people know the need
>> is out there.
>  In v4, all of the proxying is being moved to modules.  It means that proxy.conf becomes harder to configure.  BUT things like "proxy to 4 destinations" becomes trivial.
>  And, adding dynamic DNS to radsec home servers is just a plugin module.  i.e. someone could start on it today.

It's already there pretty much.  Just need to add some extra xlats for the different record types.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list