From patchwork Wed Dec  4 16:00:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "ralf_lici (Code Review)" <gerrit@openvpn.net>
X-Patchwork-Id: 3973
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:a393:b0:5dc:2311:f747 with SMTP id
 jg19csp282440mab;
        Wed, 4 Dec 2024 08:01:05 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCVS8sZTYvTWglEWp/RcUHBSD/PxSRUY5p1wFbcVf+ln9xgIzYboH4kjEK4Ev8Qt/MoIb2ad2jAiZPU=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IFAiTE0Y2may9sXCL/4gEdDdwwqH68YwE93+92Pp2YHpf6gSTF5Y/pOdoY4snGonQV2g523
X-Received: by 2002:a05:6602:2cc5:b0:837:f951:38ce with SMTP id
 ca18e2360f4ac-8445b5770famr875614439f.8.1733328065444;
        Wed, 04 Dec 2024 08:01:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1733328065; cv=none;
        d=google.com; s=arc-20240605;
        b=PVwN8g7UI9nMzgPyVpIH0oceEkzDwICy4HI0LbZQA7o75HWKMBkl90QAXPxLW4O6o7
         BYKw4HRR5tGQwq8C74emFwtKnKSQTjjmUeX8C6TGtA6a0SemMlbOibu/kxhNr2wI6rYT
         E8WaIoAYAKtqtiU43G/DY5dR0NoaiMrJjwVoXWX/BU1zUlBWl3djMufynqGT2qalI0eD
         uACHUmQ1RerljHNVgg6QpYJ5mLMibF5tklEk0s2fajW9+E1MbBgrLCUl10YMIz+F8kPP
         iy1Bj5puHauN/+kSZ+MO+GQ7CT4a/6JFu91/ApIjdS6xAcq4SXGK9lMDDPpkALsKtpLM
         NmYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
         :mime-version:message-id:references:auto-submitted:to:date:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=c+GtGYOWtwaLbzE2iK7gwOUo/V/Vm0q4S4KAGVb6kj0=;
        fh=U7wEyxtwz2o5+UdevFSA47vNeG9knhWH0KV//QhD5a0=;
        b=GDHkN4P6jzjPupEUd6e/T4p/Jn6ydT+7TK2pPodd8OUL/A5B7Y8B9KGA5zNS+H828w
         UzrxccqGj+NG3iQoJBzo+MZnSbGqnznzBu7BLR9VqT6NuOja22PsoTen4EBzrplmiYeA
         zvDGaaaFxBLMifLVACXZ35me+cZ+Tj1IG+D1fUQyXgMqZZvu8kS1DBX7cZaOhx5f9w9p
         NyX0YuAVrx8efMXlZuEBg/QN5vJJh9vtnPWJBtlROwdZakeDnPG6p+dKvtE/19Cizo2T
         NgCsjAkHdU0W8HnJU4bOAubCz1xWzx3uFls8qoJ6xk48iL2oADKVLOnBxlAd7LcTbSQx
         0kQA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=dBCh2sIk;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Obyf9ONa;
       dkim=neutral (body hash did not verify) header.i=@openvpn.net
 header.s=google header.b=LIk13RcI;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
       dara=fail header.i=@openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 ca18e2360f4ac-84405fa0692si917001439f.87.2024.12.04.08.01.05
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 04 Dec 2024 08:01:05 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=dBCh2sIk;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=Obyf9ONa;
       dkim=neutral (body hash did not verify) header.i=@openvpn.net
 header.s=google header.b=LIk13RcI;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net;
       dara=fail header.i=@openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1tIro7-0000NS-3E;
	Wed, 04 Dec 2024 16:00:55 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gerrit@openvpn.net>) id 1tIro5-0000NF-FX
 for openvpn-devel@lists.sourceforge.net;
 Wed, 04 Dec 2024 16:00:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
 :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
 From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=3+ZYRav7jvMWbdCiQO+eHMMwYoauAqa9LJCogqDPTvc=; b=dBCh2sIkvjTw/ahiVdvqjKYilq
 LM4gtmE/Uarz21cx5o8xOlZS3mvCeo8LZOQTLsbTqfH6elIO9M/jM+3IXysSqTBUhYAiG4jcL3GJD
 1ItQ7Dvan0yJ/1XS9qxaL3RCgxwh9ck/cw77hFE+71vkea17Zj6ncAG18QMqaxI3zwwU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
 References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
 :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
 Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=3+ZYRav7jvMWbdCiQO+eHMMwYoauAqa9LJCogqDPTvc=; b=O
 byf9ONav9/vQBEcPUBvT/ZPbe+PJx+oVQVgd6rxaW9VUSU3mo78jFv1LdGtt6q9kckNchFXPLmJtb
 GW0xG5hHFxTv66TCVu357RWqgFUgeP3je3qT7Lm+McNuRoYSA1VHuz3jvGDBH/bIGuGWXRQWSiJbm
 hi5h/YsAbRYVK4lo=;
Received: from mail-wm1-f50.google.com ([209.85.128.50])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1tIro3-0001Kw-Pm for openvpn-devel@lists.sourceforge.net;
 Wed, 04 Dec 2024 16:00:53 +0000
Received: by mail-wm1-f50.google.com with SMTP id
 5b1f17b1804b1-434a95095efso6725245e9.0
 for <openvpn-devel@lists.sourceforge.net>;
 Wed, 04 Dec 2024 08:00:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=openvpn.net; s=google; t=1733328045; x=1733932845;
 darn=lists.sourceforge.net;
 h=user-agent:content-disposition:content-transfer-encoding
 :mime-version:message-id:reply-to:references:subject
 :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
 :subject:date:message-id:reply-to;
 bh=3+ZYRav7jvMWbdCiQO+eHMMwYoauAqa9LJCogqDPTvc=;
 b=LIk13RcIL9Nrg4kh9S+M9PtDk31/8X29OwY9UqNSuGms6RoApw3/zchfVsgdYBjTn+
 Pzf0rlZsoi3k8ju2ZU5Psnb/65FUwZRAo22akSd03HhLUvmomlky4R/MjLtK1VfHwXLb
 LAPKA5JVl6Ve8n0qYsZnwqJZv7Pk2jeKvG1kCNqv8LnW6kUtA/YBj33rh8s4SIqvwj+l
 cekAzZVa+fkejtriXBA/K5d5W7E919Mr8ARGTu7d5//ZNmIT5YYPsfHWsSR++RsfjdXF
 PA3JJku1TcVLMy+6bXqjgqgXnZSqS1bHZoUrVrnZUBGeFsDx1h3dypdw/+NlDXi0sI/s
 J7ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1733328045; x=1733932845;
 h=user-agent:content-disposition:content-transfer-encoding
 :mime-version:message-id:reply-to:references:subject
 :list-unsubscribe:list-id:auto-submitted:cc:to:date:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=3+ZYRav7jvMWbdCiQO+eHMMwYoauAqa9LJCogqDPTvc=;
 b=eFVwV6MKA7HCT0qrRhSKMCwR8aftf+Gx0vOSXX2wgYl4xvwTyt7rLFeluBp706PhZ/
 wdnuXs3WvrlT7/Nnr17Xmft1xVe19esmdP4tm4n25MV2Buj7wBqsgFPpi2dPjTEkLYpF
 pF9lQr2ZHXVQYOQUTQIRcnIa/eV6IFQFcmvFtTclVoMpdUWJJpFkGItce2Ufj+iDdg56
 fQ5i/WTpYyMcgeGDQZpg5273bjNqr1yLny9sMa5pVwIkUM18HlJMSGtBiOul0CqFXKhm
 ihgJ/BXHxVVY4vRotbeIRpT0rZC8/cEdkju3rLeHNXJ8i/0NnyW7r8LqZqWqeJABBEr6
 0T/Q==
X-Gm-Message-State: AOJu0YzkxrOpZZWr19FSfjqAhPuENWYRTGv7ebA3cnVsoHnG6s0W9wEj
 PdREiiyTUhr64uBy+fQkqLNnhkGk3jgrlPf/OjQDhx2DXRPVZqsnCfIjhcZelpjHb9OtzlHskEc
 F
X-Gm-Gg: ASbGncsrU+TSOuFrb3UyChHB0zupy1P11ARE0lqSxG3NlFDenHEMz+YmW9Zv6cfJpTr
 TA+Lm1b+8X3j5P6FFaJz01Wxi/+W6KWuJXR5avfcx/Rgr+TY0xGad5g/2gjjAyzZuEtRPc/LyE0
 GSXyu290ps0TLjCmtE8JLdLc2fMdWYMql+5MXd17+mc1U6RhP/L8w/aOXoQMTE0ef+4pG1xVL/e
 NoWBLTSFTrbrYEHJHBvDvN1Qy3PLx56hbaK74TOkr+MGc977ftx+yLDk389ZE/3/13k1b0gfbRb
 6Tz5YxKGy+H8BeUzaPjH+23+mXSKEsG4dPYmMPlvNQ==
X-Received: by 2002:a05:6000:156e:b0:385:e45b:92a2 with SMTP id
 ffacd0b85a97d-385e45b940emr14089867f8f.7.1733328044385;
 Wed, 04 Dec 2024 08:00:44 -0800 (PST)
Received: from gerrit.openvpn.in
 (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-385f0056637sm9854595f8f.15.2024.12.04.08.00.43
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 04 Dec 2024 08:00:43 -0800 (PST)
From: "d12fk (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "d12fk (Code Review)" <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Wed, 4 Dec 2024 16:00:42 +0000
To: plaisthos <arne-openvpn@rfc2549.org>, flichtenheld <frank@lichtenheld.com>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: Id2bed0908e84c19b8fb6fe806376316793e550b4
X-Gerrit-Change-Number: 825
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/825?usp=email>
X-Gerrit-Commit: f6456fbf23064e3279e226a43a89cc75dbd5ff0e
References: 
 <gerrit.1733328040000.Id2bed0908e84c19b8fb6fe806376316793e550b4@gerrit.openvpn.net>
Message-ID: <51a3e4271eccec02ef4ecdd0031cd84457832677-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Attention is currently required from: flichtenheld,
 plaisthos.
 Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [209.85.128.50 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [209.85.128.50 listed in bl.score.senderscore.com]
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.128.50 listed in list.dnswl.org]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.128.50 listed in wl.mailspike.net]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 WEIRD_PORT             URI: Uses non-standard port number for HTTP
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
 Colors in HTML
X-Headers-End: 1tIro3-0001Kw-Pm
Subject: [Openvpn-devel] [M] Change in openvpn[master]: dns: do not use
 netsh to set name server addresses
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: heiko@openvpn.net, arne-openvpn@rfc2549.org,
 openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1817526209476255569?=
X-GMAIL-MSGID: =?utf-8?q?1817526209476255569?=
X-getmail-filter-classifier: gerrit message type newchange

Attention is currently required from: flichtenheld, plaisthos.

Hello plaisthos, flichtenheld,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/825?usp=email

to review the following change.


Change subject: dns: do not use netsh to set name server addresses
......................................................................

dns: do not use netsh to set name server addresses

Instead of spawning a netsh process, set the name server addresses
directly in the registry hive of the VPN interface.

This is a first step to get rid of the use of command line tools in the
service and move to a more API driven style of modifying the VPN adapter
configuration.

Change-Id: Id2bed0908e84c19b8fb6fe806376316793e550b4
Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net>
---
M src/openvpnserv/interactive.c
1 file changed, 41 insertions(+), 115 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/825/1

diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c
index cad8b02..8d000f1 100644
--- a/src/openvpnserv/interactive.c
+++ b/src/openvpnserv/interactive.c
@@ -1024,65 +1024,6 @@
 }
 
 /**
- * Run the command: netsh interface $proto $action dns $if_name $addr [validate=no]
- * @param  action      "delete" or "add"
- * @param  proto       "ipv6" or "ip"
- * @param  if_name     "name_of_interface"
- * @param  addr         IPv4 (for proto = ip) or IPv6 address as a string
- *
- * If addr is null and action = "delete" all addresses are deleted.
- */
-static DWORD
-netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_name, const wchar_t *addr)
-{
-    DWORD err = 0;
-    int timeout = 30000; /* in msec */
-    wchar_t argv0[MAX_PATH];
-    wchar_t *cmdline = NULL;
-
-    if (!addr)
-    {
-        if (wcscmp(action, L"delete") == 0)
-        {
-            addr = L"all";
-        }
-        else /* nothing to do -- return success*/
-        {
-            goto out;
-        }
-    }
-
-    /* Path of netsh */
-    swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
-
-    /* cmd template:
-     * netsh interface $proto $action dns $if_name $addr [validate=no]
-     */
-    const wchar_t *fmt = L"netsh interface %ls %ls dns \"%ls\" %ls";
-
-    /* max cmdline length in wchars -- include room for worst case and some */
-    size_t ncmdline = wcslen(fmt) + wcslen(if_name) + wcslen(addr) + 32 + 1;
-    cmdline = malloc(ncmdline*sizeof(wchar_t));
-    if (!cmdline)
-    {
-        err = ERROR_OUTOFMEMORY;
-        goto out;
-    }
-
-    swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr);
-
-    if (IsWindows7OrGreater())
-    {
-        wcscat_s(cmdline, ncmdline, L" validate=no");
-    }
-    err = ExecCommand(argv0, cmdline, timeout);
-
-out:
-    free(cmdline);
-    return err;
-}
-
-/**
  * Run the command: netsh interface ip $action wins $if_name [static] $addr
  * @param  action      "delete", "add" or "set"
  * @param  if_name     "name_of_interface"
@@ -1139,22 +1080,6 @@
     return err;
 }
 
-/* Delete all IPv4 or IPv6 dns servers for an interface */
-static DWORD
-DeleteDNS(short family, wchar_t *if_name)
-{
-    wchar_t *proto = (family == AF_INET6) ? L"ipv6" : L"ip";
-    return netsh_dns_cmd(L"delete", proto, if_name, NULL);
-}
-
-/* Add an IPv4 or IPv6 dns server to an interface */
-static DWORD
-AddDNS(short family, wchar_t *if_name, wchar_t *addr)
-{
-    wchar_t *proto = (family == AF_INET6) ? L"ipv6" : L"ip";
-    return netsh_dns_cmd(L"add", proto, if_name, addr);
-}
-
 static BOOL
 CmpWString(LPVOID item, LPVOID str)
 {
@@ -1810,7 +1735,6 @@
 HandleDNSConfigMessage(const dns_cfg_message_t *msg, undo_lists_t *lists)
 {
     DWORD err = 0;
-    wchar_t addr[46]; /* large enough to hold string representation of an ipv4 / ipv6 address */
     undo_type_t undo_type = (msg->family == AF_INET6) ? undo_dns4 : undo_dns6;
     int addr_len = msg->addr_len;
 
@@ -1832,10 +1756,11 @@
         msgptr->domains[_countof(msg->domains)-1] = '\0';
     }
 
-    wchar_t *wide_name = utf8to16(msg->iface.name); /* utf8 to wide-char */
-    if (!wide_name)
+    WCHAR iid[64];
+    err = InterfaceIdString(msg->iface.name, iid, _countof(iid));
+    if (err)
     {
-        return ERROR_OUTOFMEMORY;
+        return err;
     }
 
     /* We delete all current addresses before adding any
@@ -1843,12 +1768,12 @@
      */
     if (addr_len > 0 || msg->header.type == msg_del_dns_cfg)
     {
-        err = DeleteDNS(msg->family, wide_name);
+        err = ResetNameServers(iid, msg->family);
         if (err)
         {
-            goto out;
+            return err;
         }
-        free(RemoveListItem(&(*lists)[undo_type], CmpWString, wide_name));
+        free(RemoveListItem(&(*lists)[undo_type], CmpAny, iid));
     }
 
     if (msg->header.type == msg_del_dns_cfg)
@@ -1860,40 +1785,43 @@
             err = SetDnsSearchDomains(msg->iface.name, NULL, &gpol, lists);
         }
         ApplyDnsSettings(gpol);
-        goto out;  /* job done */
+        return err;  /* job done */
     }
 
-    for (int i = 0; i < addr_len; ++i)
-    {
-        if (msg->family == AF_INET6)
-        {
-            RtlIpv6AddressToStringW(&msg->addr[i].ipv6, addr);
-        }
-        else
-        {
-            RtlIpv4AddressToStringW(&msg->addr[i].ipv4, addr);
-        }
-        err = AddDNS(msg->family, wide_name, addr);
-        if (i == 0 && err)
-        {
-            goto out;
-        }
-        /* We do not check for duplicate addresses, so any error in adding
-         * additional addresses is ignored.
-         */
-    }
-
-    err = 0;
-
     if (msg->addr_len > 0)
     {
-        wchar_t *tmp_name = _wcsdup(wide_name);
-        if (!tmp_name || AddListItem(&(*lists)[undo_type], tmp_name))
+        /* prepare the comma separated address list */
+        CHAR addrs[256]; /* large enough to hold four IPv4 / IPv6 address strings */
+        size_t offset = 0;
+        for (int i = 0; i < addr_len; ++i)
         {
-            free(tmp_name);
-            DeleteDNS(msg->family, wide_name);
-            err = ERROR_OUTOFMEMORY;
-            goto out;
+            if (i != 0)
+            {
+                addrs[offset++] = ',';
+            }
+            if (msg->family == AF_INET6)
+            {
+                RtlIpv6AddressToStringA(&msg->addr[i].ipv6, addrs + offset);
+            }
+            else
+            {
+                RtlIpv4AddressToStringA(&msg->addr[i].ipv4, addrs + offset);
+            }
+            offset += strlen(addrs);
+        }
+
+        err = SetNameServers(iid, msg->family, addrs);
+        if (err)
+        {
+            return err;
+        }
+
+        wchar_t *tmp_iid = _wcsdup(iid);
+        if (!tmp_iid || AddListItem(&(*lists)[undo_type], tmp_iid))
+        {
+            free(tmp_iid);
+            ResetNameServers(iid, msg->family);
+            return ERROR_OUTOFMEMORY;
         }
     }
 
@@ -1904,8 +1832,6 @@
     }
     ApplyDnsSettings(gpol);
 
-out:
-    free(wide_name);
     return err;
 }
 
@@ -2286,11 +2212,11 @@
                     break;
 
                 case undo_dns4:
-                    DeleteDNS(AF_INET, item->data);
+                    ResetNameServers(item->data, AF_INET);
                     break;
 
                 case undo_dns6:
-                    DeleteDNS(AF_INET6, item->data);
+                    ResetNameServers(item->data, AF_INET6);
                     break;
 
                     break;