connecting to dynamic dns
David Woodhouse
dwmw2 at infradead.org
Tue Dec 2 04:04:39 PST 2014
On Mon, 2014-12-01 at 20:15 +0100, Nikos Mavrogiannopoulos wrote:
> On Sat, 2014-11-29 at 15:26 -0800, Kevin Cernekee wrote:
>
> > [...]
> > Do you think it makes sense for ocserv to pass a hint to the client
> > that the server's IP is dynamic?
>
> Attached is a minimal patch which only re-resolves if the
> "X-CSTP-DynDNS: true" is set. It would be nice if it would be applied,
> so openconnect could work seamlessly with dynamic dns addresses.
Hm, it might be nicer to do it based on the TTL of the DNS record
instead — regardless of 'dynamic' DNS or not, we should only cache a
lookup as long as its TTL.
However, that's a can of worms we probably don't really want to open. We
can't get the TTL from getaddrinfo(), we can't *know* that the result we
get was actually from DNS and not another NSS provider such as
NIS/LDAP/file/etc., and although we *could* potentially use res_*
functions to vaguely portably do the lookup for ourselves and get the
TTL I do sometimes worry that we'll end up with a whole operating system
in OpenConnect...
So yeah, this looks like a sane approach.
Is it forbidden to set X-CSTP-DynDNS on a full-tunnel configuration?
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141202/a14f77cf/attachment.bin>
More information about the openconnect-devel
mailing list