--- openswan-2.6.37.orig/Makefile.inc	2011-10-28 23:11:53.000000000 +0200
+++ openswan-2.6.37/Makefile.inc	2011-12-01 17:30:31.000000000 +0100
@@ -169,7 +169,7 @@ INSTALL=install
 # how backup names are composed.
 # Note that the install procedures will never overwrite an existing config
 # file, which is why -b is not specified for them.
-INSTBINFLAGS=-b --suffix=.old
+INSTBINFLAGS=
 INSTSUIDFLAGS=--mode=u+rxs,g+rx,o+rx --group=root -b --suffix=.old
 INSTMANFLAGS=
 INSTCONFFLAGS=
@@ -279,12 +279,12 @@ RH_KERNELSRC?=/lib/modules/2.6.9-1.681_F
 # Note you need a locally running bind9 nameserver with lwres{} enabled
 # to use this, or have the "lwres" package installed and running.
 # This only affects conns that use DNS for keys in lookups.
-USE_LWRES?=false
+USE_LWRES?=true
 
 # Do a new lookup every time a connection is (re)started. This works better
 # on hosts with some dyndns service, since DPD will cause a new dns lookup,
 # but it could be a potential security issue if receiving spoofed dns.
-USE_DYNAMICDNS?=true
+USE_DYNAMICDNS?=false
 
 # Do we want all the configuration files like ipsec.conf and ipsec.secrets
 # and any certificates to be in a single directory defined by