Kevin Cernekee cernekee at
Wed Sep 17 15:40:54 PDT 2014

On Wed, Sep 17, 2014 at 12:04 PM, Erinn Looney-Triggs
<erinn.looneytriggs at> wrote:
> The question that has come up, and unfortunately with the environment I have,
> I am unable to test to answer it, is if the CISCO_SPLIT_DNS is populated with
> with a domain if there is only one domain defined?
> It kinda of makes sense both ways for it to either be defined or not. If
> CISCO_SPLIT_DNS isn't defined for a single domain I will need to test for the
> existence of CISCO_DEF_DOMAIN as a fallback if CISCO_SPLIT_DNS is zero and
> configure unbound appropriately.

These are two independent settings:

CISCO_SPLIT_DNS can be empty, or it could include a different list of
domains.  Some plausible configurations include:

# default domain matches a local site name, but split DNS applies to
the whole intranet

# all DNS requests go through $INTERNAL_IP4_DNS (which may or may not redirect
# internet sites to a proxy)

# use split DNS for all properties owned by the company

> +                OIFS=${IFS}
> +                IFS=','
> +                domains=(${CISCO_SPLIT_DNS})
> +                IFS=OIFS

I know this is a work in progress, but note that arrays produce a
"checkbashisms" warning.

Maybe something like this would be OK:


for domain in $@; do

> elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then

It would be nice to use "unbound-control -q status" here, but
unfortunately it doesn't look like that works in all versions.

More information about the openconnect-devel mailing list