Which DNS server for which domains?

David Woodhouse dwmw2 at infradead.org
Tue Jul 2 16:10:18 EDT 2013

On Tue, 2013-07-02 at 11:08 -0700, Jack Bates wrote:
>     1)  Does this output cover all the data in the response from the 
> gateway? Is it possible that the gateway *does* advertise the "bcgov" 
> domain and OpenConnect just isn't printing it?

You've included the actual HTTP headers in the response we get from the
server. Yes, it's certainly possible for them to add new stuff in there
which we don't interpret and pass to the vpn-script. But no, it's very
unlikely that there's something that *isn't* in the HTTP headers you
showed. Vaguely possible in theory that there might be something that
doesn't get given to us unless we *ask* for it (like DTLS), but seems
unlikely for DNS information.

>     2)  If not and the response from the gateway doesn't anywhere 
> mention "bcgov", is the gateway misconfigured? Or am I supposed to
> send *all* DNS queries to the server advertised by the gateway?

I think you are, yes. I think there might be some kind of split-DNS
option but I don't remember the details and I don't see it in your


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20130702/2cebe925/attachment.bin>

More information about the openconnect-devel mailing list