[PATCH] write CISCO_SPLIT_INC in order
David Woodhouse
dwmw2 at infradead.org
Mon Aug 14 17:25:44 PDT 2017
On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote:
>
> > We need to be careful to distinguish between 'search domain'
> > (CISCO_DEF_DOMAIN) and 'domains to use this DNS server for'
> > (CISCO_SPLIT_DNS). They are completely different things, and should not
> > be conflated.
>
> Ok, that's useful to know. It has been difficult for me to find
> documentation of the environment variables.
>
> So, is your advice that we should continue to use CISCO_DEF_DOMAIN?
For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is
distinctly non-trivial. If you're putting together a custom dnsmasq
configuration then I suppose vpnc-script might be able to manage that,
but otherwise it just isn't something that "simple" system
configuration can do.
> The reason I originally shied away from that is that script.c handles
> CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even
> know if it was _supposed_ to be able to have multiple entries or if
> having space-separated entries in a single string worked by accident.
Historically, it was always a single string, because that's all we ever
got out of Cisco AnyConnect. Then Juniper started offering a single
string but it was comma-separated IIRC, so we turned the commas into
spaces and it magically Just Worked in /etc/resolv.conf without
changing vpnc-script. So yeah... it kind of worked by accident.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170815/cbe08b51/attachment.bin>
More information about the openconnect-devel
mailing list