CISCO_DEF_DOMAIN VS CISCO_SPLIT_DNS

Erinn Looney-Triggs erinn.looneytriggs at gmail.com
Wed Sep 17 12:04:23 PDT 2014 

I am working on changes to the unbound configuration of the vpnc-script the 
changes are as follows:

 # === resolv.conf handling via unbound =========
 
 modify_resolvconf_unbound() {
-        if [ -n "$CISCO_DEF_DOMAIN" ]; then
-                unbound-control forward_add +i ${CISCO_DEF_DOMAIN} 
${INTERNAL_IP4_DNS[@]}
-               unbound-control flush_requestlist
-                unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+        if [ -n "$CISCO_SPLIT_DNS" ]; then
+                OIFS=${IFS}
+                IFS=','
+                domains=(${CISCO_SPLIT_DNS})
+                IFS=OIFS
+                for domain in ${domains[@]}; do
+                    unbound-control forward_add +i ${domain} 
${INTERNAL_IP4_DNS}
+                    unbound-control flush_zone ${domain}
+                done
+
+                unbound-control flush_requestlist
         fi
 }
 
 restore_resolvconf_unbound() {
-        if [ -n "$CISCO_DEF_DOMAIN" ]; then
-                unbound-control forward_remove +i ${CISCO_DEF_DOMAIN}
-                unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+        if [ -n "$CISCO_SPLIT_DNS" ]; then
+                OIFS=${IFS}
+                IFS=','
+                domains=(${CISCO_SPLIT_DNS})
+                IFS=OIFS
+                for domain in ${domains[@]}; do
+                    unbound-control forward_remove +i ${domain}
+                    unbound-control flush_zone ${domain}
+                done
+
                unbound-control flush_requestlist
         fi
 }

The question that has come up, and unfortunately with the environment I have, 
I am unable to test to answer it, is if the CISCO_SPLIT_DNS is populated with 
with a domain if there is only one domain defined? 

It kinda of makes sense both ways for it to either be defined or not. If 
CISCO_SPLIT_DNS isn't defined for a single domain I will need to test for the 
existence of CISCO_DEF_DOMAIN as a fallback if CISCO_SPLIT_DNS is zero and 
configure unbound appropriately.

I'll take a look through the source to try and suss it out, but given my shaky 
c knowledge even if I did figure it out I would probably be asking here just to 
make sure.

-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140917/58ebb04b/attachment.sig>

More information about the openconnect-devel mailing list