FR 3.0 radsec : dynamic home server discovery status

Stefan Winter stefan.winter at
Fri Mar 13 13:57:23 CET 2020


many hundreds of realms set NAPTR records in eduroam. Those typically
point to an approximate dozen of country-level endpoints which take the
traffic from there over RADIUS/UDP.

Similarly, eduroam hotspots typically send traffic via RADIUS/UDP to
their country-level, and those do the NAPTR lookups to find the
destination country server.

That way, dynamic lookups and shorter proxy chains are possible, but the
complexity of having TLS certs for the realms and hotspots directly goes

To be honest, the lack of NAPTR lookup capability is my #1 reason why
I'm using Radiator and radsecproxy as the two RADIUS implementations for
my own country-level servers. Both allow dynamic lookups.


Stefan Winter

Am 03.03.20 um 23:25 schrieb Alan Buxey:
> hi,
>> I wasn't aware that anyone was doing dynamic home server discovery.  I know there's a standard for it, but wasn't aware there was support within the federation.
> oh yes. at the national level theres been a few federations using it
> to then send the requests directly to the relevant federation and not
> through the very top level proxies.
> but for end sites using it directly. not much lift (historically thats
> been due to individual sites not doing relevant logging so the
> national proxies lose visibility of
> traffic/usage
> alan
> -
> List info/subscribe/unsubscribe? See

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list