diff --git a/types.go b/types.go
index 59cee850..a5c710d7 100644
--- a/types.go
+++ b/types.go
@@ -49,7 +49,7 @@ const (
 	TypeNXT        uint16 = 30
 	TypeDS         uint16 = 43
 	TypeSSHFP      uint16 = 44
-	TypeIPSECKEY   uint16 = 45 // No type implemented
+	TypeIPSECKEY   uint16 = 45
 	TypeRRSIG      uint16 = 46
 	TypeNSEC       uint16 = 47
 	TypeDNSKEY     uint16 = 48
@@ -746,6 +746,32 @@ func (rr *RR_SSHFP) Len() int {
 	return rr.Hdr.Len() + 2 + len(rr.FingerPrint)/2
 }
 
+type RR_IPSECKEY struct {
+        Hdr             RR_Header
+        Precedence      uint8
+        GatewayType     uint8
+        Algorithm       uint8
+        Gateway         string "ipseckey"
+        PublicKey       string "base64"
+}
+
+func (rr *RR_IPSECKEY) Header() *RR_Header {
+	return &rr.Hdr
+}
+
+func (rr *RR_IPSECKEY) String() string {
+        return rr.Hdr.String() + strconv.Itoa(int(rr.Precedence)) +
+                " " + strconv.Itoa(int(rr.GatewayType)) +
+                " " + strconv.Itoa(int(rr.Algorithm)) +
+                " " + rr.Gateway +
+                " " + rr.PublicKey
+}
+
+func (rr *RR_IPSECKEY) Len() int {
+        // TODO: this is not correct
+        return rr.Hdr.Len() + 3 + len(rr.Gateway) + len(rr.PublicKey)
+}
+
 type RR_DNSKEY struct {
 	Hdr       RR_Header
 	Flags     uint16
@@ -759,7 +785,7 @@ func (rr *RR_DNSKEY) Header() *RR_Header {
 }
 
 func (rr *RR_DNSKEY) String() string {
-	return rr.Hdr.String() + strconv.Itoa(int(rr.Flags)) +
+        return rr.Hdr.String() + strconv.Itoa(int(rr.Flags)) +
 		" " + strconv.Itoa(int(rr.Protocol)) +
 		" " + strconv.Itoa(int(rr.Algorithm)) +
 		" " + rr.PublicKey
diff --git a/zscan_rr.go b/zscan_rr.go
index 99d19055..13fc1333 100644
--- a/zscan_rr.go
+++ b/zscan_rr.go
@@ -68,6 +68,8 @@ func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
 		return setDS(h, c, f)
 	case TypeTXT:
 		return setTXT(h, c, f)
+        case TypeIPSECKEY:
+                return setIPSECKEY(h, c, o, f)
 	default:
 		// RFC3957 RR (Unknown RR handling)
 		return setRFC3597(h, c, f)
@@ -452,7 +454,7 @@ func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
 	<-c // _BLANK
 	l = <-c
 	if i, err := strconv.Atoi(l.token); err != nil {
-		return nil, &ParseError{f, "bad RRSIG Algoritm", l}
+		return nil, &ParseError{f, "bad RRSIG Algorithm", l}
 	} else {
 		rr.Algorithm = uint8(i)
 	}
@@ -818,3 +820,47 @@ func setTXT(h RR_Header, c chan lex, f string) (RR, *ParseError) {
 	rr.Txt = s
 	return rr, nil
 }
+
+func setIPSECKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
+	rr := new(RR_IPSECKEY)
+	rr.Hdr = h
+
+	l := <-c
+	if i, e := strconv.Atoi(l.token); e != nil {
+		return nil, &ParseError{f, "bad IPSECKEY Precedence", l}
+	} else {
+		rr.Precedence = uint8(i)
+	}
+	<-c // _BLANK
+	l = <-c
+	if i, e := strconv.Atoi(l.token); e != nil {
+		return nil, &ParseError{f, "bad IPSECKEY GatewayType", l}
+	} else {
+		rr.GatewayType = uint8(i)
+	}
+	<-c // _BLANK
+	l = <-c
+	if i, e := strconv.Atoi(l.token); e != nil {
+		return nil, &ParseError{f, "bad IPSECKEY Algorithm", l}
+	} else {
+		rr.Algorithm = uint8(i)
+	}
+	<-c
+	l = <-c
+	rr.Gateway = l.token
+	l = <-c
+	var s string
+	for l.value != _NEWLINE && l.value != _EOF {
+		switch l.value {
+		case _STRING:
+			s += l.token
+		case _BLANK:
+			// Ok
+		default:
+			return nil, &ParseError{f, "bad IPSECKEY PublicKey", l}
+		}
+		l = <-c
+	}
+	rr.PublicKey = s
+	return rr, nil
+}