diff --git a/net/openconnect/files/vpnc-script b/net/openconnect/files/vpnc-script
index 2a7debcad..1217eea89 100755
--- a/net/openconnect/files/vpnc-script
+++ b/net/openconnect/files/vpnc-script
@@ -46,8 +46,7 @@ HOOKS_DIR=/etc/openconnect
 
 # Section B: Split DNS handling
 
-# 1) Maybe dnsmasq can do something like that
-# 2) Parse dns packets going out via tunnel and redirect them to original dns-server
+# 1) We parse CISCO_SPLIT_DNS and use dnsmasq to set it
 
 do_connect() {
 	if [ -n "$CISCO_BANNER" ]; then
@@ -82,8 +81,23 @@ do_connect() {
 		[[ "$addr" != "$mask" ]] && proto_add_ipv6_address "$addr" "$mask"
 	fi
 
-	[ -n "$INTERNAL_IP4_DNS" ] && proto_add_dns_server "$INTERNAL_IP4_DNS"
-	[ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN"
+	if [ -n "$CISCO_SPLIT_DNS" ] && [ -d "/tmp/dnsmasq.d/" ];then
+		SDNS=`echo $CISCO_SPLIT_DNS|sed 's/,/\n/g'`
+		DNSMASQ_FILE="/tmp/dnsmasq.d/openconnect.$TUNDEV"
+		rm -f $DNSMASQ_FILE
+		echo "$SDNS" | while read i; do
+			if [ -n "$INTERNAL_IP4_DNS" ];then
+				echo "server=/$i/$INTERNAL_IP4_DNS" >> $DNSMASQ_FILE
+			fi
+			if [ -n "$INTERNAL_IP6_DNS" ];then
+				echo "server=/$i/$INTERNAL_IP6_DNS" >> $DNSMASQ_FILE
+			fi
+		done
+		/etc/init.d/dnsmasq restart
+	else
+		[ -n "$INTERNAL_IP4_DNS" ] && proto_add_dns_server "$INTERNAL_IP4_DNS"
+		[ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN"
+	fi
 
 	if [ -n "$CISCO_SPLIT_INC" ]; then
 		i=0
@@ -120,6 +134,7 @@ do_connect() {
 }
 
 do_disconnect() {
+	rm -f "/tmp/dnsmasq.d/openconnect.$TUNDEV"
 	proto_init_update "$TUNDEV" 0
 	proto_send_update "$INTERFACE"
 }