You are correct, PF creates a DNS black hole and funnels everyone to its self.
However, I believe you are correct in assuming the DNS cache is cleared when the user I switched to a new vlan (and hence, subnet). We are using this method and have never seen an issue with DNS caching on the clients. One thing we HAVE seen is Google chrome throwing a bit of a hissy fit if you try to redirect google.com to the captive portal ... it seems that chrome is smart enough to figure out that you are redirecting and throws up a nasty warning. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU -----Original Message----- From: Brian Candler [mailto:[email protected]] Sent: Wednesday, September 19, 2012 11:03 AM To: [email protected] Subject: Re: [PacketFence-users] Registration in routed networks On Wed, Sep 19, 2012 at 03:39:32PM +0000, Brian Candler wrote: > (2) PF DNS returns a fake IP address for all hostnames. After digging through the source, I believe this is indeed what happens. --------- ; Registration network DNS configuration ; This file is manipulated on PacketFence's startup before being given to named $TTL 3600 . IN SOA %%hostname%%. %%incharge%% ( 2009020901 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire 86400 ; default_ttl ) IN NS %%hostname%%. *. IN A %%A_blackhole%% IN MX 5 %%hostname%%. %%PTR_blackhole%% IN PTR %%hostname%% --------- However I'm surprised at the DNS TTL of 24 hours, given that Windows clients cache DNS responses themselves. Is the assumption that once a client has been dropped into a new VLAN and re-DHCP'd, that it will clear its local cache? Or perhaps PF acts as a proxy for any requests which hit its own IP? (I can't see how though, ProxyPass is Off) Thanks, Brian. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
