On Mon, 2014-12-01 at 20:15 +0100, Nikos Mavrogiannopoulos wrote: > On Sat, 2014-11-29 at 15:26 -0800, Kevin Cernekee wrote: > > > [...] > > Do you think it makes sense for ocserv to pass a hint to the client > > that the server's IP is dynamic? > > Attached is a minimal patch which only re-resolves if the > "X-CSTP-DynDNS: true" is set. It would be nice if it would be applied, > so openconnect could work seamlessly with dynamic dns addresses. Hm, it might be nicer to do it based on the TTL of the DNS record instead ? regardless of 'dynamic' DNS or not, we should only cache a lookup as long as its TTL. However, that's a can of worms we probably don't really want to open. We can't get the TTL from getaddrinfo(), we can't *know* that the result we get was actually from DNS and not another NSS provider such as NIS/LDAP/file/etc., and although we *could* potentially use res_* functions to vaguely portably do the lookup for ourselves and get the TTL I do sometimes worry that we'll end up with a whole operating system in OpenConnect... So yeah, this looks like a sane approach. Is it forbidden to set X-CSTP-DynDNS on a full-tunnel configuration? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20141202/a14f77cf/attachment.bin>
