On 2017-08-14 17:25, David Woodhouse wrote:
On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote:
We need to be careful to distinguish between 'search domain'
(CISCO_DEF_DOMAIN) and 'domains to use this DNS server for'
(CISCO_SPLIT_DNS). They are completely different things, and should not
be conflated.
Ok, that's useful to know. It has been difficult for me to find
documentation of the environment variables.
So, is your advice that we should continue to use CISCO_DEF_DOMAIN?
For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is
distinctly non-trivial. If you're putting together a custom dnsmasq
configuration then I suppose vpnc-script might be able to manage that,
but otherwise it just isn't something that "simple" system
configuration can do.
The reason I originally shied away from that is that script.c handles
CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even
know if it was _supposed_ to be able to have multiple entries or if
having space-separated entries in a single string worked by accident.
Historically, it was always a single string, because that's all we ever
got out of Cisco AnyConnect. Then Juniper started offering a single
string but it was comma-separated IIRC, so we turned the commas into
spaces and it magically Just Worked in /etc/resolv.conf without
changing vpnc-script. So yeah... it kind of worked by accident.
Thanks for your answers. I will work up another patch when I get the time.
-Corey
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
