[PATCH] write CISCO_SPLIT_INC in order

Corey Hickey bugfood-ml at fatooh.org
Tue Aug 15 09:25:48 PDT 2017


On 2017-08-14 17:25, David Woodhouse wrote:
> On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote:
>>
>>> We need to be careful to distinguish between 'search domain'
>>> (CISCO_DEF_DOMAIN) and 'domains to use this DNS server for'
>>> (CISCO_SPLIT_DNS). They are completely different things, and should not
>>> be conflated.
>>
>> Ok, that's useful to know. It has been difficult for me to find
>> documentation of the environment variables.
>>
>> So, is your advice that we should continue to use CISCO_DEF_DOMAIN?
> 
> For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is
> distinctly non-trivial. If you're putting together a custom dnsmasq
> configuration then I suppose vpnc-script might be able to manage that,
> but otherwise it just isn't something that "simple" system
> configuration can do.
> 
>> The reason I originally shied away from that is that script.c handles
>> CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even
>> know if it was _supposed_ to be able to have multiple entries or if
>> having space-separated entries in a single string worked by accident.
> 
> Historically, it was always a single string, because that's all we ever
> got out of Cisco AnyConnect. Then Juniper started offering a single
> string but it was comma-separated IIRC, so we turned the commas into
> spaces and it magically Just Worked in /etc/resolv.conf without
> changing vpnc-script. So yeah... it kind of worked by accident.

Thanks for your answers. I will work up another patch when I get the time.

-Corey



More information about the openconnect-devel mailing list