I'm working on a VPN configuration utility which needs to temporarily
change the DNS servers and search domains while the VPN connection is
active (VPN traffic goes over a separate interface). In Panther, I
did this by editing resolv.conf. In Tiger, very few programs seem to
When I try to modify the SCDynamicStore (kSCDynamicStoreDomainState,
kSCCompNetwork, kSCCompGlobal, kSCEntNetDNS), and call
SCDynamicStoreNotifyValue for good measure the changes stick, but
nothing happens. If I don't run as root, I get kSCStatusAccessError
when I try to write to it, and if I retrieve the entry later, it does
come back as I stored it, but the output of scutil --dns (and the
resolver behavior) does not change.
Ideally I could associate the nameserver and search domain overrides
with the interface, so when the interface goes down, the values
associated with the previous interface are restored. However, the
default route is not going to go through the VPN interface in most
cases (in fact, the nameserver is on the public Internet), so I don't
think it will be considered "primary". The VPN interface does show
up as State:/Network/Interface/<iface>/IPv4 for example, but not in
the output of SCNetworkInterfaceCopyAll().
If necessary, I can leave a daemon running to maintain state. (I
tried that too, keeping the connection to the SCDynamicStore open,
but it didn't help.) It is OK if my changes are relatively brittle -
for example, I can use notifications to see if the user does
something like change locations/sets and reinstall my changes or not,
as appropriate if the VPN connection can be reestablished.
What is the right way to do this?
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden