On 2017-08-14 17:25, David Woodhouse wrote: > On Mon, 2017-08-14 at 17:11 -0700, Corey Hickey wrote: >> >>> We need to be careful to distinguish between 'search domain' >>> (CISCO_DEF_DOMAIN) and 'domains to use this DNS server for' >>> (CISCO_SPLIT_DNS). They are completely different things, and should not >>> be conflated. >> >> Ok, that's useful to know. It has been difficult for me to find >> documentation of the environment variables. >> >> So, is your advice that we should continue to use CISCO_DEF_DOMAIN? > > For search domains in /etc/resolv.conf, yes. Using CISCO_SPLIT_DNS is > distinctly non-trivial. If you're putting together a custom dnsmasq > configuration then I suppose vpnc-script might be able to manage that, > but otherwise it just isn't something that "simple" system > configuration can do. > >> The reason I originally shied away from that is that script.c handles >> CISCO_DEF_DOMAIN as a single string rather than a list--so I didn't even >> know if it was _supposed_ to be able to have multiple entries or if >> having space-separated entries in a single string worked by accident. > > Historically, it was always a single string, because that's all we ever > got out of Cisco AnyConnect. Then Juniper started offering a single > string but it was comma-separated IIRC, so we turned the commas into > spaces and it magically Just Worked in /etc/resolv.conf without > changing vpnc-script. So yeah... it kind of worked by accident. Thanks for your answers. I will work up another patch when I get the time. -Corey
