From 2da11e969319877c314bea3abcd3d28efdf1f4da Mon Sep 17 00:00:00 2001 From: Heiko Hund Date: Wed, 8 May 2024 17:44:44 +0200 Subject: [PATCH] dns option: handle allow_local_dns_resolvers This flag was introduced to allow clients to decide if they want to ignore non-split DNS option pushed to them. So, to be compatible with the previous behavior with --dhcp-option, we act on the flag as wenn when there are no resolve-domains specified. Signed-off-by: Heiko Hund --- openvpn/tun/win/client/tunsetup.hpp | 13 +++++++++++-- openvpn/tun/win/nrpt.hpp | 5 +++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/openvpn/tun/win/client/tunsetup.hpp b/openvpn/tun/win/client/tunsetup.hpp index 0de3ef755..c921d4fa9 100644 --- a/openvpn/tun/win/client/tunsetup.hpp +++ b/openvpn/tun/win/client/tunsetup.hpp @@ -634,6 +634,12 @@ class Setup : public SetupBase { domains.push_back("." + dom.domain); } + if (domains.empty() && allow_local_dns_resolvers) + { + // This empty domain tells the NRPT code that + // no '.' rule should be created + domains.push_back(""); + } const bool dnssec = server.dnssec == DnsServer::Security::Yes; @@ -744,8 +750,11 @@ class Setup : public SetupBase } } } - if (dsfx.empty() && !allow_local_dns_resolvers) - dsfx.emplace_back("."); + + // This empty domain tells the NRPT code that + // no '.' rule should be created + if (dsfx.empty() && allow_local_dns_resolvers) + dsfx.emplace_back(""); // DNS server list std::vector dserv; diff --git a/openvpn/tun/win/nrpt.hpp b/openvpn/tun/win/nrpt.hpp index 26b1ceaf2..0df0f4a23 100644 --- a/openvpn/tun/win/nrpt.hpp +++ b/openvpn/tun/win/nrpt.hpp @@ -424,6 +424,11 @@ class Nrpt */ void execute(std::ostream &log) override { + // Don't add anything if there is only one empty domain. This + // is the way to tell us that no '.' rules should be added + if (domains_.size() == 1 && domains_[0] == "") + return; + // Convert domains into a wide MULTI_SZ string std::wstring domains; if (domains_.empty())