I found what I would call a bug in resolvconf today, though probably most people don't run a VPN server like I wanted to, so no one ever noticed before.
The internal DNS server at one of my clients somehow loses its connection to folks connected via the VPN. That is an unsolved problem, and I haven't been able to figure out why that happens. So, I now host the DNS outside of the building, even though they are local (192.168.x.x) ips.
In my Cisco settings, I still set default-domain, but no longer set split-dns nor dns-servers. vpnc (and cvpnd) don't run resolvconf if there isn't a dns-server line. Windows does the right thing. So, I could either manually set the search line, or better yet, I added the vpnc-script-post-connect-action and vpnc-script-post-disconnect-action scripts. I just realized that maybe that is a Debian specific thing, but oh well, everyone should be running the best distribution anyway....
Here are the scripts:
/etc/vpnc/vpnc-script-post-connect-action
#!/bin/sh
case "$DNS_UPDATE" in
*no|*NO|*No|*nO)
;;
*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
$MODIFYRESOLVCONF
fi
;;
esac
/etc/vpnc/vpnc-script-post-disconnect-action
#!/bin/sh
case "$DNS_UPDATE" in
*no|*NO|*No|*nO)
;;
*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
$RESTORERESOLVCONF
fi
;;
esac
Posted by
Jon Daley on
January 14, 2008, 11:06 pm
| Read 31642 times
Category
Programming:
[
first]
[
previous]
[
next]
[
newest]
Wish I could follow you on this one . . . a great reminder of how God has blessed us with different gifts and interests. We rejoice in knowing Groshlink.net is in good hands.
For once, the spammer got it right... I'd add that a modulated fgps with a grommeted defrag-v script for Comanche might be another way to effectively decentralize the DOS attack on the multiplexed DNA, especially if you're using an iPod.