Re: vpnc and determining correct routes

[Derek Atkins <warlord MIT EDU>]

Dan Williams <dcbw redhat com> writes:

> The next problem is split DNS; do people care about that?  Ideally we
> only query the VPN nameservers for names in a certain domain (passed
> vpnc as CISCO_DEF_DOMAIN).  Sometimes though, admins don't push the
> default domain and you have to manually fill it in for a split network
> setup.  But that requires using named as a local caching nameserver,
> which people, for some inconceivable reason, are very vocally against.
> So right now all DNS queries go over the VPN.

That's not true.  SplitDNS works just fine in 0.6; the problem
is that vpnc doesn't pass the "additional DNS options" out, and
NM can't override it, so there's no way to add "additional"
SplitDNS domains to the configuration.

> So basically, we have to modify the user interface to:
>
> - Add a "Never route these over VPN" entry
> - Add an "Override default domain name" entry
> - Modify the vpnc service daemon to push split networks to NM
> - Make NM do split DNS if requested

This latter already seems to happen...

> This stuff won't get into 0.6.4, but I'd certainly accept patches for
> 0.7/HEAD.  If I could find time to work on it in between dbus-ifying
> wpa_supplicant, the new config framework, and multiple active devices,
> I'd take a look at it :)
>
> Dan

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available