dns option: handle allow_local_dns_resolvers

This flag was introduced to allow clients to decide if they want to
ignore non-split DNS option pushed to them. So, to be compatible with
the previous behavior with --dhcp-option, we act on the flag as wenn
when there are no resolve-domains specified.

Signed-off-by: Heiko Hund <heiko@openvpn.net>

openvpn/tun/win/client/tunsetup.hpp

@@ -634,6 +634,12 @@ class Setup : public SetupBase
                 {
                     domains.push_back("." + dom.domain);
                 }
+                if (domains.empty() && allow_local_dns_resolvers)
+                {
+                    // This empty domain tells the NRPT code that
+                    // no '.' rule should be created
+                    domains.push_back("");
+                }
 
                 const bool dnssec = server.dnssec == DnsServer::Security::Yes;
 
@@ -744,8 +750,11 @@ class Setup : public SetupBase
                             }
                         }
                     }
-                    if (dsfx.empty() && !allow_local_dns_resolvers)
-                        dsfx.emplace_back(".");
+
+                    // This empty domain tells the NRPT code that
+                    // no '.' rule should be created
+                    if (dsfx.empty() && allow_local_dns_resolvers)
+                        dsfx.emplace_back("");
 
                     // DNS server list
                     std::vector<std::string> dserv;

openvpn/tun/win/nrpt.hpp

@@ -424,6 +424,11 @@ class Nrpt
          */
         void execute(std::ostream &log) override
         {
+            // Don't add anything if there is only one empty domain. This
+            // is the way to tell us that no '.' rules should be added
+            if (domains_.size() == 1 && domains_[0] == "")
+                return;
+
             // Convert domains into a wide MULTI_SZ string
             std::wstring domains;
             if (domains_.empty())