From patchwork Thu Apr 30 16:32:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4917 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:cc85:b0:84a:48f:a1fd with SMTP id md5csp1023052mab; Thu, 30 Apr 2026 09:33:11 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ9q7Q9iUYvK7oZAijFhuIQXnwYH09fCBAmJZxNgY58CIpZgZo0lywrA9KYyZEyCCkczDve00N/cN0Q=@openvpn.net X-Received: by 2002:a05:6830:3499:b0:7dc:c749:ade3 with SMTP id 46e09a7af769-7deba0ccfa5mr2495088a34.3.1777566791556; Thu, 30 Apr 2026 09:33:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1777566791; cv=none; d=google.com; s=arc-20240605; b=RDpmKzu84VlG39YycTPF7rMaiiXmEfNGkNfmOjJkqA2SZwIrG3XhOqyjPe89S6m2iZ EpnyxcIGDHmsutBsdKJsLa+iIFl1TR/GfKiYlk0REGjpTIyS7LgKnaBKUIW3RGbrf+xn OdtIRsNSANkEoZunyXHGlBEeOKbflBBAgvYicfkBP9JW4kqtJjudA7UHwl6sha9QYZs0 dljuP/LUEhKk5qT5ja++AaWRPEr0NEW+I2UGyNaV/NhsqV3o0r2XPAWaqzQBsc8i1DA3 lk8vKPdb9ZP1sDslLAVu3WhK4y6hgc2uhKBDK2wO9r+L6Z4G81MQhlWZXClpJ5QLNMHE FPbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=aoamUrTP0GpoR2Hl18OovhsVNyL9Zy3z5wc2MnAua6Y=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ac3EOvgt+12E5c0RmVRARxGkBYF7W6opmsQHcqcN108Zln4qD0cLWuzE9hlxKGbRTB QLhnJKwZZxnz0BOJomR94jvXT7VYRl/pVO0T1HIjnmEDUC4LP8UR292JdFPogtDsdWrb tcHT9V3jJ4jInQheb0ubxLQkeDEavrN93nCYlzIyiEp7Q2O7nIhsIiE0Xjbo6RLJTVgq VXpjOQy7eFGnli9zbNvMDvvgpg7qap/HaAPM+BJkPiLJmb3Y9H0a6KDghkQ4lzDSl+E8 TGX38/tTBE4sPhdCDDnOqJrZXebHsMYCreF91LsN/Iut29n9kDhHlx85erg7m4aC5DU/ 69EA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=aY0WKBm+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=f5QLUIm9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=T3x9NWXt; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7deca77e69bsi225294a34.15.2026.04.30.09.33.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Apr 2026 09:33:11 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=aY0WKBm+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=f5QLUIm9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=T3x9NWXt; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=aoamUrTP0GpoR2Hl18OovhsVNyL9Zy3z5wc2MnAua6Y=; b=aY0WKBm+Yyyrzs1iyskPSfwMnv Nc9bth3zaXdCQ2B6sewOVtW333+FkdXhA5L51KZVOlkZ6TsAYuoNi3PsbtdinaWsm6+innONi9zLp 2Kcm4tTa+IykVxKbVoaIp89KFsIal+3uXCYEmm/4v574AX6KBByfNlm7J54a7Jv03aIU=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wIUJw-0000xc-Bw; Thu, 30 Apr 2026 16:33:00 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wIUJu-0000xW-Sl for openvpn-devel@lists.sourceforge.net; Thu, 30 Apr 2026 16:32:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KSE5fp3o3BN+Ls3rSZyA5TTrUIjNOpXmWan6gUYQwuM=; b=f5QLUIm9prCmb61Iuu+ZzsYWT0 m1kHXr7Ry4s2MwaaDIEKihOtAa3ditsVAuIUcQ19iRIB5/CKHgi3fSBu7ddGh/HSozVviXw571HNR U0GYSNB4dF24flSWGPK7yVVUi1wSEiO8h65w6g1+pZItGSzVc0/XwebviJ/FLAp/GfQw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=KSE5fp3o3BN+Ls3rSZyA5TTrUIjNOpXmWan6gUYQwuM=; b=T3x9NWXtMWvgOp0rm/TUOQi9om K7/hBv4DorXGS1z7LPh0d1pxRZmxIRAE21yAGGjMj41YBKS63Wh4KrZJDEt0SVYqySjBZFvzhLOba XHDPJaWlFYfcmb8/k/nNOFjlsgHV7Rzo47gaKhjNMpDWgDdLSAKwiBrDP4LEGeiIbi04=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wIUJs-0004Yj-Ri for openvpn-devel@lists.sourceforge.net; Thu, 30 Apr 2026 16:32:58 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63UGWoOY013653 for ; Thu, 30 Apr 2026 18:32:50 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63UGWoUs013652 for openvpn-devel@lists.sourceforge.net; Thu, 30 Apr 2026 18:32:50 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 30 Apr 2026 18:32:43 +0200 Message-ID: <20260430163249.13638-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openv [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wIUJs-0004Yj-Ri Subject: [Openvpn-devel] [PATCH v2] DNS server documentation update X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1863913875916456529?= X-GMAIL-MSGID: =?utf-8?q?1863913875916456529?= From: Selva Nair Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Signed-off-by: Selva Nair Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 1664eed..3ad9104 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -216,7 +216,8 @@ DNS server options it must be between 0 and 127. The server id is used to group options and also for ordering the list of configured DNS servers; lower numbers come first. DNS servers being pushed to a client replace - already configured DNS servers with the same server id. + already configured DNS servers with the same server id. Only the group of + options corresponding to the lowest server id is applied. The ``address`` option configures the IPv4 and / or IPv6 address(es) of the DNS server. Up to eight addresses can be specified per DNS server. @@ -249,6 +250,19 @@ so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today to migrate from ``--dhcp-option``. + Windows only: + + #. If tap-windows6 is in use, dns servers are set by DHCP by default. + In this case only ``--dns search-domains`` and ``--dns server n address ..`` + with the lowest value of ``n`` are interpreted. All other ``--dns`` options + are ignored. Use of the dco driver is the recommended way to make use of these + new features. + + #. If ``--dns server n resolve-domains`` is in use, the DNS server addresses + corresponding to ``n`` are set on the interface only if ``search-domains`` is + also specified. Otherwise these DNS addresses are used only for NRPT rules for + split-DNS. + --explicit-exit-notify n In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In