On Wed, Sep 17, 2014 at 12:04 PM, Erinn Looney-Triggs <erinn.looneytriggs at gmail.com> wrote: > The question that has come up, and unfortunately with the environment I have, > I am unable to test to answer it, is if the CISCO_SPLIT_DNS is populated with > with a domain if there is only one domain defined? > > It kinda of makes sense both ways for it to either be defined or not. If > CISCO_SPLIT_DNS isn't defined for a single domain I will need to test for the > existence of CISCO_DEF_DOMAIN as a fallback if CISCO_SPLIT_DNS is zero and > configure unbound appropriately. These are two independent settings: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_groups.html#wp1135689 CISCO_SPLIT_DNS can be empty, or it could include a different list of domains. Some plausible configurations include: # default domain matches a local site name, but split DNS applies to the whole intranet CISCO_DEF_DOMAIN=nyc.example.com CISCO_SPLIT_DNS=example.com # all DNS requests go through $INTERNAL_IP4_DNS (which may or may not redirect # internet sites to a proxy) CISCO_DEF_DOMAIN=example.com CISCO_SPLIT_DNS= # use split DNS for all properties owned by the company CISCO_DEF_DOMAIN= CISCO_SPLIT_DNS="facebook.com,snapchat.com,instagram.com" > + OIFS=${IFS} > + IFS=',' > + domains=(${CISCO_SPLIT_DNS}) > + IFS=OIFS I know this is a work in progress, but note that arrays produce a "checkbashisms" warning. Maybe something like this would be OK: OIFS=${IFS} IFS=',' set $CISCO_SPLIT_DNS IFS=$OIFS for domain in $@; do [...] > elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then It would be nice to use "unbound-control -q status" here, but unfortunately it doesn't look like that works in all versions.
