I am working on changes to the unbound configuration of the vpnc-script the
changes are as follows:
# === resolv.conf handling via unbound =========
modify_resolvconf_unbound() {
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- unbound-control forward_add +i ${CISCO_DEF_DOMAIN}
${INTERNAL_IP4_DNS[@]}
- unbound-control flush_requestlist
- unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+ if [ -n "$CISCO_SPLIT_DNS" ]; then
+ OIFS=${IFS}
+ IFS=','
+ domains=(${CISCO_SPLIT_DNS})
+ IFS=OIFS
+ for domain in ${domains[@]}; do
+ unbound-control forward_add +i ${domain}
${INTERNAL_IP4_DNS}
+ unbound-control flush_zone ${domain}
+ done
+
+ unbound-control flush_requestlist
fi
}
restore_resolvconf_unbound() {
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- unbound-control forward_remove +i ${CISCO_DEF_DOMAIN}
- unbound-control flush_zone ${CISCO_DEF_DOMAIN}
+ if [ -n "$CISCO_SPLIT_DNS" ]; then
+ OIFS=${IFS}
+ IFS=','
+ domains=(${CISCO_SPLIT_DNS})
+ IFS=OIFS
+ for domain in ${domains[@]}; do
+ unbound-control forward_remove +i ${domain}
+ unbound-control flush_zone ${domain}
+ done
+
unbound-control flush_requestlist
fi
}
The question that has come up, and unfortunately with the environment I have,
I am unable to test to answer it, is if the CISCO_SPLIT_DNS is populated with
with a domain if there is only one domain defined?
It kinda of makes sense both ways for it to either be defined or not. If
CISCO_SPLIT_DNS isn't defined for a single domain I will need to test for the
existence of CISCO_DEF_DOMAIN as a fallback if CISCO_SPLIT_DNS is zero and
configure unbound appropriately.
I'll take a look through the source to try and suss it out, but given my shaky
c knowledge even if I did figure it out I would probably be asking here just to
make sure.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140917/58ebb04b/attachment.sig>
