[Openvpn-devel] [S] Change in openvpn[master]: mac dns: compare servers before restoring backup

Tue, 15 Jul 2025 07:04:23 -0700 

cron2 has submitted this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email )

Change subject: mac dns: compare servers before restoring backup
......................................................................

mac dns: compare servers before restoring backup

In case anything changed the global DNS server addresses, while the
tunnel was connected, do not restore the backup of the global DNS
configuration we made when connecting. Doing so would likely change
DNS to something unexpected. Instead just clear the backup and leave
a message in the log.

Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Signed-off-by: Heiko Hund <he...@ist.eigentlich.net>
Acked-by: Frank Lichtenheld <fr...@lichtenheld.com>
Message-Id: <20250711152309.286177-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32110.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
M distro/dns-scripts/macos-dns-updown.sh
1 file changed, 14 insertions(+), 4 deletions(-)




diff --git a/distro/dns-scripts/macos-dns-updown.sh 
b/distro/dns-scripts/macos-dns-updown.sh
index 56f1009..73bbee9 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -111,6 +111,10 @@
     property_value State:/Network/Global/DNS SearchDomains
 }

+function get_server_addresses {
+    property_value "$(primary_dns_key)" ServerAddresses
+}
+
 function set_search_domains {
     [ -n "$1" ] || return
     local dns_key=$(primary_dns_key)
@@ -239,11 +243,10 @@

 function unset_dns {
     local n="$(find_compat_profile)"
-    local addresses="$(addresses_string $n)"
-    local search_domains="$(search_domains_string $n)"
     local match_domains="$(match_domains_string $n)"

     if [ -n "$match_domains" ]; then
+        local search_domains="$(search_domains_string $n)"
         echo "remove ${itf_dns_key}" | /usr/sbin/scutil
         unset_search_domains "$search_domains"
     else
@@ -252,8 +255,15 @@
         [[ "${dns_backup_key}" =~ ${dev}/ ]] || return

         local cmds=""
-        cmds+="get ${dns_backup_key}\n"
-        cmds+="set $(primary_dns_key)\n"
+        local servers="$(get_server_addresses)"
+        local addresses="$(addresses_string $n)"
+        # Only restore backup if the server addresses match
+        if [ "${servers}" = "${addresses}" ]; then
+            cmds+="get ${dns_backup_key}\n"
+            cmds+="set $(primary_dns_key)\n"
+        else
+            echo "not restoring global DNS configuration, server addresses 
have changed"
+        fi
         cmds+="remove ${dns_backup_key}\n"
         echo -e "${cmds}" | /usr/sbin/scutil
     fi

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Gerrit-Change-Number: 1075
Gerrit-PatchSet: 5
Gerrit-Owner: d12fk <he...@openvpn.net>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-MessageType: merged

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to