On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote: > > > We need to be careful to distinguish between 'search domain' > > (CISCO_DEF_DOMAIN) and 'domains to use this DNS server for' > > (CISCO_SPLIT_DNS). They are completely different things, and should not > > be conflated. > > Ok, that's useful to know. It has been difficult for me to find > documentation of the environment variables. > > So, is your advice that we should continue to use CISCO_DEF_DOMAIN?
For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is distinctly non-trivial. If you're putting together a custom dnsmasq configuration then I suppose vpnc-script might be able to manage that, but otherwise it just isn't something that "simple" system configuration can do. > The reason I originally shied away from that is that script.c handles > CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even > know if it was _supposed_ to be able to have multiple entries or if > having space-separated entries in a single string worked by accident. Historically, it was always a single string, because that's all we ever got out of Cisco AnyConnect. Then Juniper started offering a single string but it was comma-separated IIRC, so we turned the commas into spaces and it magically Just Worked in /etc/resolv.conf without changing vpnc-script. So yeah... it kind of worked by accident.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
