Home
Lookup Tools
Analysis
Bulk & Enterprise
Resources
Close

IPSECKEY Record Security

The IPSECKEY record publishes public keys for IPsec (Internet Protocol Security) in DNS. Defined in RFC 4025, it enables opportunistic encryption by allowing hosts to discover each other's IPsec keys without pre-configuration.

Look Up IPSECKEY Records

Check IPSECKEY records for any domain using our free DNS lookup tool.

Look Up IPSECKEY Records →

What Is an IPSECKEY Record?

IPSECKEY records store public keys that can be used to establish IPsec security associations. This enables:

IPSECKEY Record Format

Example IPSECKEY Record

host.example.com.    3600    IN    IPSECKEY    10 0 2 . AQNRU3mG7TVN...

Precedence: 10, Gateway Type: 0 (none), Algorithm: 2 (RSA), Public Key follows.

IPSECKEY Record Fields

Field Description Example
Precedence Priority (lower preferred) 10
Gateway Type Type of gateway identifier 0, 1, 2, or 3
Algorithm Public key algorithm 1 (DSA), 2 (RSA), 3 (ECDSA)
Gateway IPsec gateway address . (none), IP, or hostname
Public Key Base64-encoded public key AQNRU3mG7TVN...

Gateway Types

Value Gateway Type Gateway Field
0 No gateway . (dot)
1 IPv4 address 192.0.2.1
2 IPv6 address 2001:db8::1
3 Domain name gateway.example.com.

Algorithm Types

Value Algorithm
0 No key present
1 DSA
2 RSA
3 ECDSA

IPSECKEY Use Cases

Opportunistic IPsec

; Host publishes its IPsec public key
1.2.0.192.in-addr.arpa.    IPSECKEY    10 0 2 . AQNRU3mG7TVN...

With Gateway

; Traffic should go through specific gateway
host.example.com.    IPSECKEY    10 3 2 vpn.example.com. AQNRU3mG7TVN...

Multiple Keys (Failover)

host.example.com.    IPSECKEY    10 1 2 192.0.2.1 AQNRU3mG7TVN...
host.example.com.    IPSECKEY    20 1 2 192.0.2.2 AQO8lIpN...

Reverse DNS for IPSECKEY

IPSECKEY records are typically published in reverse DNS zones, allowing hosts to look up keys by IP address:

; For IPv4 192.0.2.1
1.2.0.192.in-addr.arpa.    IPSECKEY    10 0 2 . AQNRU3mG7TVN...

; For IPv6 2001:db8::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.    IPSECKEY    10 0 2 . AQNRU3mG7TVN...

IPSECKEY Best Practices

Security Considerations

Troubleshooting IPSECKEY

Common issues and solutions:

Check Your IPSECKEY Records

Use our DNS Record Finder to look up IPSECKEY records for any domain.

Look Up IPSECKEY Records →

Related Record Types