VPNC / Resolvconf / Set search string – January 14, 2008

I found what I would call a bug in resolvconf today, though probably most people don't run a VPN server like I wanted to, so no one ever noticed before.

The internal DNS server at one of my clients somehow loses its connection to folks connected via the VPN.  That is an unsolved problem, and I haven't been able to figure out why that happens.  So, I now host the DNS outside of the building, even though they are local (192.168.x.x) ips.

In my Cisco settings, I still set default-domain, but no longer set split-dns nor dns-servers.  vpnc (and cvpnd) don't run resolvconf if there isn't a dns-server line.  Windows does the right thing.  So, I could either manually set the search line, or better yet, I added the vpnc-script-post-connect-action and vpnc-script-post-disconnect-action scripts.  I just realized that maybe that is a Debian specific thing, but oh well, everyone should be running the best distribution anyway....

Here are the scripts:

/etc/vpnc/vpnc-script-post-connect-action
#!/bin/sh
case "$DNS_UPDATE" in
        *no|*NO|*No|*nO)
        ;;
        *)
        if [ -n "$CISCO_DEF_DOMAIN" ]; then
                $MODIFYRESOLVCONF
        fi
        ;;
esac


/etc/vpnc/vpnc-script-post-disconnect-action
#!/bin/sh
case "$DNS_UPDATE" in
        *no|*NO|*No|*nO)
        ;;
        *)
        if [ -n "$CISCO_DEF_DOMAIN" ]; then
                $RESTORERESOLVCONF
        fi
        ;;
esac