Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(282) |
Sep
(620) |
Oct
(793) |
Nov
(682) |
Dec
(373) |
| 2026 |
Jan
(355) |
Feb
(284) |
Mar
(602) |
Apr
(418) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Gert D. <ge...@gr...> - 2026-04-30 16:32:58
|
From: Selva Nair <sel...@gm...> Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1646 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst index 1664eed..3ad9104 100644 --- a/doc/man-sections/client-options.rst +++ b/doc/man-sections/client-options.rst @@ -216,7 +216,8 @@ DNS server options it must be between 0 and 127. The server id is used to group options and also for ordering the list of configured DNS servers; lower numbers come first. DNS servers being pushed to a client replace - already configured DNS servers with the same server id. + already configured DNS servers with the same server id. Only the group of + options corresponding to the lowest server id is applied. The ``address`` option configures the IPv4 and / or IPv6 address(es) of the DNS server. Up to eight addresses can be specified per DNS server. @@ -249,6 +250,19 @@ so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today to migrate from ``--dhcp-option``. + Windows only: + + #. If tap-windows6 is in use, dns servers are set by DHCP by default. + In this case only ``--dns search-domains`` and ``--dns server n address ..`` + with the lowest value of ``n`` are interpreted. All other ``--dns`` options + are ignored. Use of the dco driver is the recommended way to make use of these + new features. + + #. If ``--dns server n resolve-domains`` is in use, the DNS server addresses + corresponding to ``n`` are set on the interface only if ``search-domains`` is + also specified. Otherwise these DNS addresses are used only for NRPT rules for + split-DNS. + --explicit-exit-notify n In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 15:49:34
|
Attention is currently required from: plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 2: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:49:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 15:36:58
|
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld
Change subject: DNS server documentation update
......................................................................
DNS server documentation update
Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Signed-off-by: Selva Nair <sel...@gm...>
---
M doc/man-sections/client-options.rst
1 file changed, 15 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/1646/2
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
index 1664eed..3ad9104 100644
--- a/doc/man-sections/client-options.rst
+++ b/doc/man-sections/client-options.rst
@@ -216,7 +216,8 @@
DNS server options it must be between 0 and 127. The server id is used
to group options and also for ordering the list of configured DNS servers;
lower numbers come first. DNS servers being pushed to a client replace
- already configured DNS servers with the same server id.
+ already configured DNS servers with the same server id. Only the group of
+ options corresponding to the lowest server id is applied.
The ``address`` option configures the IPv4 and / or IPv6 address(es) of
the DNS server. Up to eight addresses can be specified per DNS server.
@@ -249,6 +250,19 @@
so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today
to migrate from ``--dhcp-option``.
+ Windows only:
+
+ #. If tap-windows6 is in use, dns servers are set by DHCP by default.
+ In this case only ``--dns search-domains`` and ``--dns server n address ..``
+ with the lowest value of ``n`` are interpreted. All other ``--dns`` options
+ are ignored. Use of the dco driver is the recommended way to make use of these
+ new features.
+
+ #. If ``--dns server n resolve-domains`` is in use, the DNS server addresses
+ corresponding to ``n`` are set on the interface only if ``search-domains`` is
+ also specified. Otherwise these DNS addresses are used only for NRPT rules for
+ split-DNS.
+
--explicit-exit-notify n
In UDP client mode or point-to-point mode, send server/peer an exit
notification if tunnel is restarted or OpenVPN process is exited. In
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Gerrit-Change-Number: 1646
Gerrit-PatchSet: 2
Gerrit-Owner: selvanair <sel...@gm...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
|
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 15:36:51
|
Attention is currently required from: flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: (1 comment) File doc/man-sections/client-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1646/comment/db05ca2a_9fca3206?usp=email : PS1, Line 253: Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by > Please make it an actual list in rst. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:36:36 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 15:11:39
|
Attention is currently required from: plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: Code-Review-1 (1 comment) File doc/man-sections/client-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1646/comment/bec2e88f_3369753c?usp=email : PS1, Line 253: Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by Please make it an actual list in rst. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 15:11:19 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 14:16:24
|
Attention is currently required from: plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email ) Change subject: DNS server documentation update ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: This was discussed in https://github.com/OpenVPN/openvpn/issues/937 but I forgot to submit it, it seems. Looks like its still relevant. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402 Gerrit-Change-Number: 1646 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Thu, 30 Apr 2026 14:16:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 14:12:45
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
to review the following change.
Change subject: DNS server documentation update
......................................................................
DNS server documentation update
Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Signed-off-by: Selva Nair <sel...@gm...>
---
M doc/man-sections/client-options.rst
1 file changed, 12 insertions(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/1646/1
diff --git a/doc/man-sections/client-options.rst b/doc/man-sections/client-options.rst
index 1664eed..5df881d 100644
--- a/doc/man-sections/client-options.rst
+++ b/doc/man-sections/client-options.rst
@@ -216,7 +216,8 @@
DNS server options it must be between 0 and 127. The server id is used
to group options and also for ordering the list of configured DNS servers;
lower numbers come first. DNS servers being pushed to a client replace
- already configured DNS servers with the same server id.
+ already configured DNS servers with the same server id. Only the group of
+ options corresponding to the lowest server id is applied.
The ``address`` option configures the IPv4 and / or IPv6 address(es) of
the DNS server. Up to eight addresses can be specified per DNS server.
@@ -249,6 +250,16 @@
so that ``--dns`` overrides ``--dhcp-option``. Thus, ``--dns`` can be used today
to migrate from ``--dhcp-option``.
+ Windows only: (i) If tap-windows6 is in use, dns servers are set by DHCP by
+ default. In this case only ``--dns search-domains`` and ``--dns server n address ..``
+ with the lowest value of ``n`` are interpreted. All other ``--dns`` options
+ are ignored. Use of the dco driver is the recommended way to make use of these
+ new features.
+ (ii) If ``--dns server n resolve-domains`` is in use, the DNS server addresses
+ corresponding to ``n`` are set on the interface only if ``search-domains`` is
+ also specified. Otherwise these DNS addresses are used only for NRPT rules for
+ split-DNS.
+
--explicit-exit-notify n
In UDP client mode or point-to-point mode, send server/peer an exit
notification if tunnel is restarted or OpenVPN process is exited. In
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1646?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I53b3f4c60897a1f4dd5efeb6575d525ffb082402
Gerrit-Change-Number: 1646
Gerrit-PatchSet: 1
Gerrit-Owner: selvanair <sel...@gm...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 13:41:22
|
selvanair has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Abandoned -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: abandon Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:24:00
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... dns-scripts: Fix dnssec values in comments and Copyright statement format - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36800.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/haikuos_file-dns-updown.sh M distro/dns-scripts/macos-dns-updown.sh M distro/dns-scripts/openresolv-dns-updown.sh M distro/dns-scripts/resolvconf_file-dns-updown.sh M distro/dns-scripts/systemd-dns-updown.sh 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:23:55
|
Comments only, but a bugfix nonetheless... well spotted.
Your patch has been applied to the master and release/2.7 branch.
commit 64fbcb69a38b7ae6e7e712e22192c64479fc7759 (master)
commit 6528ae0152c07b1710f9c1a892b0b50ea61d8c93 (release/2.7)
Author: Frank Lichtenheld
Date: Thu Apr 30 15:03:48 2026 +0200
dns-scripts: Fix dnssec values in comments and Copyright statement format
Signed-off-by: Frank Lichtenheld <fr...@li...>
Acked-by: Gert Doering <ge...@gr...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg36800.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:23:54
|
cron2 has uploaded a new patch set (#2) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by cron2 Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... dns-scripts: Fix dnssec values in comments and Copyright statement format - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36800.html Signed-off-by: Gert Doering <ge...@gr...> --- M distro/dns-scripts/haikuos_file-dns-updown.sh M distro/dns-scripts/macos-dns-updown.sh M distro/dns-scripts/openresolv-dns-updown.sh M distro/dns-scripts/resolvconf_file-dns-updown.sh M distro/dns-scripts/systemd-dns-updown.sh 5 files changed, 10 insertions(+), 10 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1645/2 diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 2 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 13:23:29
|
Attention is currently required from: d12fk, plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File src/openvpn/dns.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/41584b3e_2dda66f8?usp=email : PS1, Line 32: DNS_SECURITY_UNSET, > Well, in that case, UNSET stays, and with the immediate fix in, nothing in this patch may be abandon […] I would say so. If someone actually asks for DNS_SECURITY_OPTIONAL support on Windows, we could certainly look into it, but it feels like not worth the additional complexity to me at this point. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:23:12 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-30 13:14:25
|
Attention is currently required from: d12fk, flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File src/openvpn/dns.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/7125ebe8_1117383f?usp=email : PS1, Line 32: DNS_SECURITY_UNSET, > "UNSET is not handled anywhere." I looked into that and this is not true. […] Well, in that case, UNSET stays, and with the immediate fix in, nothing in this patch may be abandoned isn't it? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:14:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:12:46
|
cron2 has uploaded a new patch set (#2) to the change originally created by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by flichtenheld Change subject: dns: minimalist fix for dnssec setting ...................................................................... dns: minimalist fix for dnssec setting Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36797.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dns.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/44/1644/2 diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Gerrit-Change-Number: 1644 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:12:44
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email ) Change subject: dns: minimalist fix for dnssec setting ...................................................................... dns: minimalist fix for dnssec setting Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg36797.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/dns.c 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Gerrit-Change-Number: 1644 Gerrit-PatchSet: 2 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> |
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:12:25
|
Thanks for coming up with a minimal patch quickly, until we have decided
what "we really want there" and "what windows does".
Frank has tested this, and I have fixed my testbed to actually *show* the
problem - we do windows tests, but the way I had set up the "hidden DNS
things that only resolve if --dns is applied correctly" (unbound with a
local zone) was IPSEC-agnostic - if you ask "the authoritative server"
it will always tell you "yeah, all is valid!". So now we have an unbound
recursor in front of a local bind, with no DNSSEC, and "windows with
dnssec yes" will actually fail to resolve that...
.. and with your patch, we're back to "the system tests pass", so, good.
(Staring at the change also seems to make sense, but I said so for
the other fix as well... so I'm glad we have good before/after tests
this time)
Your patch has been applied to the master and release/2.7 branch.
commit 919f5ced7d2863d51981979a336407b6e0818fcd (master)
commit 9683e1fe273db94ab92e1da2fe55c7929fa7291a (release/2.7)
Author: Selva Nair
Date: Thu Apr 30 14:40:14 2026 +0200
dns: minimalist fix for dnssec setting
Signed-off-by: Selva Nair <sel...@gm...>
Acked-by: Frank Lichtenheld <fr...@li...>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg36797.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2026-04-30 13:04:23
|
From: Frank Lichtenheld <fr...@li...> - Fix the example value of dnssec to an actual valid one - Fix the formatting of the Copyright statements to be consistent with all other files in the project Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Signed-off-by: Frank Lichtenheld <fr...@li...> Acked-by: Gert Doering <ge...@gr...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1645 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <ge...@gr...> diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh index 6da0954..e19b2b7 100644 --- a/distro/dns-scripts/haikuos_file-dns-updown.sh +++ b/distro/dns-scripts/haikuos_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying Haiku OS resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh index fb17b2b0..fccc6b5 100644 --- a/distro/dns-scripts/macos-dns-updown.sh +++ b/distro/dns-scripts/macos-dns-updown.sh @@ -2,7 +2,7 @@ # # dns-updown - add/remove openvpn provided DNS information # -# (C) Copyright 2025 OpenVPN Inc <sa...@op...> +# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh index 1404819..4aca99f 100644 --- a/distro/dns-scripts/openresolv-dns-updown.sh +++ b/distro/dns-scripts/openresolv-dns-updown.sh @@ -1,8 +1,8 @@ #!/bin/sh # # Simple OpenVPN up/down script for openresolv integration -# (C) Copyright 2016 Baptiste Daroussin -# 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2016 Baptiste Daroussin +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -22,7 +22,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh index 70872c7..8d23ed6 100644 --- a/distro/dns-scripts/resolvconf_file-dns-updown.sh +++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh @@ -1,7 +1,7 @@ #!/bin/sh # # Simple OpenVPN up/down script for modifying /etc/resolv.conf -# (C) Copyright 2024 OpenVPN Inc <sa...@op...> +# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...> # # SPDX-License-Identifier: BSD-2-Clause # @@ -21,7 +21,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh index f91cde6..553056b 100644 --- a/distro/dns-scripts/systemd-dns-updown.sh +++ b/distro/dns-scripts/systemd-dns-updown.sh @@ -29,7 +29,7 @@ # dns_server_1_port_2 53 # dns_server_1_resolve_domain_1 mycorp.in # dns_server_1_resolve_domain_2 eu.mycorp.com -# dns_server_1_dnssec true +# dns_server_1_dnssec yes # dns_server_1_transport DoH # dns_server_1_sni dns.mycorp.in # |
|
From: cron2 (C. Review) <ge...@op...> - 2026-04-30 13:03:45
|
Attention is currently required from: flichtenheld, plaisthos. cron2 has posted comments on this change by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email ) Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b Gerrit-Change-Number: 1645 Gerrit-PatchSet: 1 Gerrit-Owner: flichtenheld <fr...@li...> Gerrit-Reviewer: cron2 <ge...@gr...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Thu, 30 Apr 2026 13:03:23 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 12:48:05
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email
to review the following change.
Change subject: dns-scripts: Fix dnssec values in comments and Copyright statement format
......................................................................
dns-scripts: Fix dnssec values in comments and Copyright statement format
- Fix the example value of dnssec to an actual valid one
- Fix the formatting of the Copyright statements to be
consistent with all other files in the project
Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M distro/dns-scripts/haikuos_file-dns-updown.sh
M distro/dns-scripts/macos-dns-updown.sh
M distro/dns-scripts/openresolv-dns-updown.sh
M distro/dns-scripts/resolvconf_file-dns-updown.sh
M distro/dns-scripts/systemd-dns-updown.sh
5 files changed, 10 insertions(+), 10 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1645/1
diff --git a/distro/dns-scripts/haikuos_file-dns-updown.sh b/distro/dns-scripts/haikuos_file-dns-updown.sh
index 6da0954..e19b2b7 100644
--- a/distro/dns-scripts/haikuos_file-dns-updown.sh
+++ b/distro/dns-scripts/haikuos_file-dns-updown.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for modifying Haiku OS resolv.conf
-# (C) Copyright 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index fb17b2b0..fccc6b5 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -2,7 +2,7 @@
#
# dns-updown - add/remove openvpn provided DNS information
#
-# (C) Copyright 2025 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2025-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/openresolv-dns-updown.sh b/distro/dns-scripts/openresolv-dns-updown.sh
index 1404819..4aca99f 100644
--- a/distro/dns-scripts/openresolv-dns-updown.sh
+++ b/distro/dns-scripts/openresolv-dns-updown.sh
@@ -1,8 +1,8 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for openresolv integration
-# (C) Copyright 2016 Baptiste Daroussin
-# 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2016 Baptiste Daroussin
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -22,7 +22,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/resolvconf_file-dns-updown.sh b/distro/dns-scripts/resolvconf_file-dns-updown.sh
index 70872c7..8d23ed6 100644
--- a/distro/dns-scripts/resolvconf_file-dns-updown.sh
+++ b/distro/dns-scripts/resolvconf_file-dns-updown.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# Simple OpenVPN up/down script for modifying /etc/resolv.conf
-# (C) Copyright 2024 OpenVPN Inc <sa...@op...>
+# Copyright (C) 2024-2026 OpenVPN Inc <sa...@op...>
#
# SPDX-License-Identifier: BSD-2-Clause
#
@@ -21,7 +21,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
diff --git a/distro/dns-scripts/systemd-dns-updown.sh b/distro/dns-scripts/systemd-dns-updown.sh
index f91cde6..553056b 100644
--- a/distro/dns-scripts/systemd-dns-updown.sh
+++ b/distro/dns-scripts/systemd-dns-updown.sh
@@ -29,7 +29,7 @@
# dns_server_1_port_2 53
# dns_server_1_resolve_domain_1 mycorp.in
# dns_server_1_resolve_domain_2 eu.mycorp.com
-# dns_server_1_dnssec true
+# dns_server_1_dnssec yes
# dns_server_1_transport DoH
# dns_server_1_sni dns.mycorp.in
#
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1645?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Id6832e3f56420debc8b19d0144d53ca41abb678b
Gerrit-Change-Number: 1645
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: Gert D. <ge...@gr...> - 2026-04-30 12:40:35
|
From: Selva Nair <sel...@gm...> Github: fixes OpenVPN/openvpn#1024 Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Signed-off-by: Selva Nair <sel...@gm...> Acked-by: Frank Lichtenheld <fr...@li...> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1644 This mail reflects revision 1 of this Change. Signed-off-by line for the author was added as per our policy. Acked-by according to Gerrit (reflected above): Frank Lichtenheld <fr...@li...> diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index ce23f1f..954ed52 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -442,7 +442,7 @@ .header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t), 0 }, .iface = { .index = tt->adapter_index, .name = "" }, - .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec, + .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0, }; strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name)); |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 12:08:00
|
Attention is currently required from: d12fk, plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File src/openvpn/dns.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/cfa08e49_08aa2a52?usp=email : PS1, Line 32: DNS_SECURITY_UNSET, > As "dns server n dnssec foo" is not a mandatory option, UNSET is useless and error-prone. […] "UNSET is not handled anywhere." I looked into that and this is not true. We never use `DNS_SECURITY_UNSET` explicitly in the code. But a lot of the DNS options code does things like `if (s->dnssec)` so we have actually a lot of implicit checks for it. E.g. when running the dns script we put nothing in the environment when it is UNSET, and only put "yes", "no", "optional" if explicitly set. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 12:07:48 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: flichtenheld (C. Review) <ge...@op...> - 2026-04-30 10:07:31
|
Attention is currently required from: plaisthos, selvanair. flichtenheld has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email ) Change subject: dns: minimalist fix for dnssec setting ...................................................................... Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115 Gerrit-Change-Number: 1644 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: selvanair <sel...@gm...> Gerrit-Comment-Date: Thu, 30 Apr 2026 10:07:04 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-29 23:01:27
|
Attention is currently required from: d12fk, flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File include/openvpn-msg.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/ab4a60cb_6dad4a8a?usp=email : PS1, Line 114: nrpt_dnssec_required = 1 << 1, > Correct.. […] See http://gerrit.openvpn.net/c/openvpn/+/1644 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 29 Apr 2026 23:01:11 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-29 22:59:31
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email
to review the following change.
Change subject: dns: minimalist fix for dnssec setting
......................................................................
dns: minimalist fix for dnssec setting
Github: fixes OpenVPN/openvpn#1024
Change-Id: I0cb093e0116e92d874162d51be777aa43674c115
---
M src/openvpn/dns.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/44/1644/1
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index ce23f1f..954ed52 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -442,7 +442,7 @@
.header = { (add ? msg_add_nrpt_cfg : msg_del_nrpt_cfg), sizeof(nrpt_dns_cfg_message_t),
0 },
.iface = { .index = tt->adapter_index, .name = "" },
- .flags = server->dnssec == DNS_SECURITY_NO ? 0 : nrpt_dnssec,
+ .flags = server->dnssec == DNS_SECURITY_YES ? nrpt_dnssec : 0,
};
strncpynt(nrpt.iface.name, tt->actual_name, sizeof(nrpt.iface.name));
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1644?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0cb093e0116e92d874162d51be777aa43674c115
Gerrit-Change-Number: 1644
Gerrit-PatchSet: 1
Gerrit-Owner: selvanair <sel...@gm...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
|
|
From: selvanair (C. Review) <ge...@op...> - 2026-04-29 20:52:44
|
Attention is currently required from: d12fk, flichtenheld, plaisthos. selvanair has posted comments on this change by selvanair. ( http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email ) Change subject: dns: correctly handle dnssec settings ...................................................................... Patch Set 1: (1 comment) File include/openvpn-msg.h: http://gerrit.openvpn.net/c/openvpn/+/1643/comment/1e00a0b2_cb21ee82?usp=email : PS1, Line 114: nrpt_dnssec_required = 1 << 1, > NRPT seems to have two separate settings `DnsSecEnabled` and `DnsSecValidationRequired`. […] Correct.. I interpret DNSSecEnabled to mean optional as that causes the resolver to set DO flag in queries but not enforce validation. But unsure what use is that. Its not true "opportunistic" DNSSEC if that's what optional means. A minimal patch that ignores documentation mismatches, and other niceties should be possible. Let me see.. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1643?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id514b06223cb55295c92b1fa6727f03d6e06befe Gerrit-Change-Number: 1643 Gerrit-PatchSet: 1 Gerrit-Owner: selvanair <sel...@gm...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: d12fk <he...@op...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 29 Apr 2026 20:52:34 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Comment-In-Reply-To: selvanair <sel...@gm...> |
154 messages has been excluded from this view by a project administrator.
