On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote: > > > We need to be careful to distinguish between 'search domain' > > (CISCO_DEF_DOMAIN) and 'domains to use this DNS server for' > > (CISCO_SPLIT_DNS). They are completely different things, and should not > > be conflated. > > Ok, that's useful to know. It has been difficult for me to find? > documentation of the environment variables. > > So, is your advice that we should continue to use CISCO_DEF_DOMAIN? For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is distinctly non-trivial. If you're putting together a custom dnsmasq configuration then I suppose vpnc-script might be able to manage that, but otherwise it just isn't something that "simple" system configuration can do. > The?reason I originally shied away from that is that script.c handles? > CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even? > know if it was _supposed_ to be able to have multiple entries or if? > having space-separated entries in a single string worked by accident. Historically, it was always a single string, because that's all we ever got out of Cisco AnyConnect. Then Juniper started offering a single string but it was comma-separated IIRC, so we turned the commas into spaces and it magically Just Worked in /etc/resolv.conf without changing vpnc-script. So yeah... it kind of worked by accident. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4938 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170815/cbe08b51/attachment.bin>
