From patchwork Wed Dec 10 07:29:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4671 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:29c3:b0:7b1:439f:bdf with SMTP id g3csp1878875max; Tue, 9 Dec 2025 23:30:13 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUSosLOeZQZtRJWq6yvWby8pfHqZa3eR5YB8Xi6vzCNic3Te0nEppW36Uv/1X7mZdK/9Y/UG9UJoNY=@openvpn.net X-Google-Smtp-Source: AGHT+IH50vrmXD9HsZ0A7DCiacJ+2S6yXaYEhpXtrHluA7/vgZT3R2BPnd56JN2e7lqtud7qdsER X-Received: by 2002:a05:6808:c3f4:b0:453:5828:a4b1 with SMTP id 5614622812f47-4558692da9fmr1237324b6e.55.1765351812882; Tue, 09 Dec 2025 23:30:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1765351812; cv=none; d=google.com; s=arc-20240605; b=BYiUWharM785EFKOi9moGzLCZb8dCpnZejtm0keWMMyHwkaWJL/QIDOcUmq85wT8zB uVN9sAMtdj4zQAxKiHBakokteNISFmE+2fqDrOLCkkj+2G6PqLLU8R9FCHzezYiFL+3X nOb7Mnhk3skJ4j2ESaP7w1/1yuEogY1Zkdd6i3DOfwULG0JN952wYzmLZSgyL/5/fPYm wLxbD4XMa5dKnw4fZDrY5TvU4AROlurfY+XR+wF5zh1/5SFcaYBWlnEo+048tJM33xRI TQRSqDtK3Y+K1SBWFmlSoTwz0DfQ/4BtOEdNS9VKWUx+nQT2JTh2ehZyqslKGGD9oR4p aqkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=b9DZpfgCeIHWBA+MKRAmrYUj6fg8lQdw6N8YU33J0+I=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=U+yggE9Lr/1tBTdHd3tPE9wbRNpE6Ln2kwOh7FMr17h2Jcfob925Wu6nx7bixra5E0 K/Jt3IdgvoZm2fvNz3QmrbT9boXgkPBfOQ+ZtfF11dkGbOIMXoEBeSkYYQmXdKawjX3I KYvKFCYdn+2c0tvCrqsRITxGFDEnLibz2jeS8zccJ7OaWjE6AMqhmwkPYe9bWlkJ5v8S 64hqWrnC4YpYWLd3rEq/HmP3LQXormYfX2WZm34ufPMTfXW8NEVi5Olnfk83Jw20wv3a aJlFOEi/ibbby82K/n6zPJNZV5HX2Yna/i5Hem0+ZjfSQpvifDhOphi5xdqeixbF8q0N C9aA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=H8XD6YMx; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ATTAX7Pa; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L9A7lAga; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-45584082bcasi1267233b6e.50.2025.12.09.23.30.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Dec 2025 23:30:12 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=H8XD6YMx; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ATTAX7Pa; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=L9A7lAga; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=b9DZpfgCeIHWBA+MKRAmrYUj6fg8lQdw6N8YU33J0+I=; b=H8XD6YMxdKDdgRkeyNVtRYXcaR fKyNtRKoJtarsKJUR0l6fhVGisFiZR/PVUu0NPDj5W4KYA7lVVHlFqleze9+XXQ5qMPPcwK93Ufy+ 7aVwGCQOpCqgBcEPWzFylgkH2NMzfw4htO9H1Vedp8XOB3eqlr6SWUsTcGwwUzvD6a6o=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vTEeC-0007Mo-V0; Wed, 10 Dec 2025 07:30:05 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vTEeB-0007Mh-2H for openvpn-devel@lists.sourceforge.net; Wed, 10 Dec 2025 07:30:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Yk28lJxaocgGKOVBq0H/cLmYaIid5D1mrE12CdXsSp0=; b=ATTAX7PaXp74BzPhB5E1mNaLKu UrrgrnqyIMWJUSr7gwEE5cenjGdrqfSy5KvwPKnoJUt1hbs/eI+bX3xZho13UOoApREdNhkLS93TG KAhvPt+5xyPo/756pPIJi4ePiLkxAj0sSKnXI0wElKlpRZ0Zi4lGVbDxlqHs2x/4yeYQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Yk28lJxaocgGKOVBq0H/cLmYaIid5D1mrE12CdXsSp0=; b=L9A7lAgaLIygfZdVSvgbW/MGvG h/4QaY2/97CF4gHjbXKYUlouYN42f7v0oN0qz8l2AQijPrBEn+62CMKByjyFAosJ26lQFvS2suNxi u3UgcqmtYEZp08r7Mq3nFbrAuOvZlD3E+N11HvQvIDpoOB7HmwUaVLKgjt9TYIczOzHE=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vTEeA-00048S-7r for openvpn-devel@lists.sourceforge.net; Wed, 10 Dec 2025 07:30:03 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5BA7TqGq025771 for ; Wed, 10 Dec 2025 08:29:52 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5BA7Tq5g025770 for openvpn-devel@lists.sourceforge.net; Wed, 10 Dec 2025 08:29:52 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 Dec 2025 08:29:44 +0100 Message-ID: <20251210072951.25753-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Heiko Hund With NRPT the adapter name server configuration is not needed theoretically. However DNS config is not showing with traditional tools like ipconfig if they are left out. More importantly if there are [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vTEeA-00048S-7r Subject: [Openvpn-devel] [PATCH v1] iservice: set adapter DNS only with search domains X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1851105542472248880?= X-GMAIL-MSGID: =?utf-8?q?1851105542472248880?= From: Heiko Hund With NRPT the adapter name server configuration is not needed theoretically. However DNS config is not showing with traditional tools like ipconfig if they are left out. More importantly if there are no DNS servers configured for an adapter the adapter specific search domains are not recognized by the Windows resolver. However, adding the servers to the adapter has the side effect, that general look-ups are now also done using this adapter, which might come as unexpected and yield wrong results, if there is some trickery happening with the default DNS, for example. As a workaround, set the adapter DNS only when strictly needed. Change-Id: I6debe8bbedd5a08da417bfee1243a43ef6df7980 Signed-off-by: Heiko Hund Acked-by: Selva Nair Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1429 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1429 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Selva Nair diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 6f04f6b..9327dfa 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -2869,11 +2869,19 @@ goto out; } - /* Set name servers */ - err = SetNameServerAddresses(iid, msg->addresses); - if (err) + /* + * Set DNS on the adapter for search domains to be considered. + * If split DNS is configured, do this only when search domains + * are given, so that look-ups for other domains do not go over + * the VPN all the time. + */ + if (msg->search_domains[0] || !msg->resolve_domains[0]) { - goto out; + err = SetNameServerAddresses(iid, msg->addresses); + if (err) + { + goto out; + } } /* Set search domains, if any */