$ORIGIN .
$TTL 86400 ; 1 day
example.ua IN SOA ns01.example.ua. hostmaster.example.ua. (
2020092201 28800
7200
1814400
3200 )
NS ns01.example.ua.
NS ns03.example.ua.
$ORIGIN example.ua.
js01 IN A 76.76.76.215
ns01 IN A 76.76.76.2
msn IN CNAME js01.example.ua.
irc IN CNAME js01.example.ua.
icq IN CNAME js01.example.ua.
sms IN CNAME js01.example.ua.
pubsub IN CNAME js01.example.ua.
vjud IN CNAME js01.example.ua.
conference IN CNAME js01.example.ua.
proxy IN CNAME js01.example.ua.
tests NS ns01.example.ua.
$ORIGIN _tcp.example.ua.
_jabber IN SRV 10 0 5269 js01.example.ua.
_xmpp-server IN SRV 10 0 5269 js01.example.ua.
_xmpp-client IN SRV 10 0 5222 js01.example.ua.I believe this is because of added validation to ipconnect2 (which provides the ip utility) in version 5.x (Not sure which version specifically)
vpnc-script, which is used by openconnect, builds CIDR IPv4 addresses and sends them to the ip utility for routing. ip at version 4.x ignores the netmask length information, but ip at version 5.x regards it as invalid.
I used the downgrade AUR package to bring my ipconnect2 to version 4.20, which seems to work.The script /etc/vpnc/vpnc-script uses the now unsupported ip get route $NETWORK/$NETMASKLEN syntax. I fixed that by changing the line 261 to
$IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output | sed -e "s/^$NETWORK\$/$NETWORK\/$NETMASKLEN/"`server:
verbosity: 1
interface: 0.0.0.0
do-ip4: yes
access-control: 0.0.0.0/0 allow
chroot: ""
hide-version: yes
key-cache-size: 0
cache-max-ttl: 0
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-domain: "site.com"
local-zone: "10.in-addr.arpa." nodefault
local-zone: "16.172.in-addr.arpa." nodefault
local-zone: "168.192.in-addr.arpa." nodefault
local-data: "ntp.site.com IN A 10.10.10.1"
## Если нет записи в local-data то дальше резолвим домены site.com на 1.1.1.1
forward-zone:
name: "site.com"
forward-addr: 1.1.1.1
## Все остальное резолвим на 1.1.1.1
forward-zone:
name: "."
forward-addr: 1.1.1.1