dns option: fix split DNS on Windows

Unlike OpenVPN v2, v3 support split DNS already, so we need to make sure that --dns options are added in a way that results in NRPT rules to be set. At this time that means the --dns resolve-domains are added as search domains and --dns search-domains (only the first one really) as an adapter specific domain suffix. Signed-off-by: Heiko Hund <heiko@openvpn.net>
2024-09-20 04:02:15 +02:00 · 2023-08-31 13:28:55 +02:00 · 2023-08-31 13:28:55 +02:00 · 6f538ca0fd
commit 6f538ca0fd
parent a5914b80fa
1 changed files with 10 additions and 4 deletions
--- a/openvpn/tun/client/tunprop.hpp
+++ b/openvpn/tun/client/tunprop.hpp
@ -546,8 +546,9 @@ class TunProp
        DnsOptions dns_options(opt);
        for (const auto &domain : dns_options.search_domains)
        {
-            if (!tb->tun_builder_add_search_domain(domain))
-                throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed");
+            if (!tb->tun_builder_set_adapter_domain_suffix(domain))
+                throw tun_prop_dhcp_option_error("tun_builder_set_adapter_domain_suffix");
+            break; // use only the first domain for now
        }
        for (const auto &keyval : dns_options.servers)
        {
@ -564,6 +565,11 @@ class TunProp
                    throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed");
                flags |= F_ADD_DNS;
            }
+            for (const auto &domain : server.domains)
+            {
+                if (!tb->tun_builder_add_search_domain(domain))
+                    throw tun_prop_dhcp_option_error("tun_builder_add_search_domain failed");
+            }
        }

        OptionList::IndexMap::const_iterator dopt = opt.map().find("dhcp-option"); // DIRECTIVE
@ -589,7 +595,7 @@ class TunProp
                            throw tun_prop_dhcp_option_error("tun_builder_add_dns_server failed");
                        flags |= F_ADD_DNS;
                    }
-                    else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.search_domains.empty())
+                    else if ((type == "DOMAIN" || type == "DOMAIN-SEARCH") && dns_options.servers.empty())
                    {
                        o.min_args(3);
                        for (size_t j = 2; j < o.size(); ++j)
@ -603,7 +609,7 @@ class TunProp
                            }
                        }
                    }
-                    else if (type == "ADAPTER_DOMAIN_SUFFIX")
+                    else if (type == "ADAPTER_DOMAIN_SUFFIX" && dns_options.search_domains.empty())
                    {
                        o.exact_args(3);
                        const std::string &adapter_domain_suffix = o.get(2, 256);