Can confirm that the dns logs indicate that systemd-resolved is not
falling back from UDP+EDNS0 to UDP in response to these NXDOMAIN
answers.
The existing patch only implements this fallback when the portal name
being looked up includes 'secure' as a substring:
+ if (DNS_PACKET_RCODE(p) == DNS_RCODE_NXDOMAIN &&
t->current_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
+
+ char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+ dns_resource_key_to_string(t->key, key_str, sizeof
key_str);
+ if (strstr(key_str, "secure") != NULL) {
+ t->current_feature_level =
t->current_feature_level - 1;
+
+ log_warning("Server returned error %s,
suspecting DNS violation DVE-2018-0001, retrying transaction with reduced
feature level %s.",
The packet capture shows a number of DNS lookups, but not containing the
substring 'secure'; and none that appear to correspond to the captive
portal itself. This may require a different sort of solution than the
previous bug, I'm not sure.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1766969
Title:
DNS cannot be resolved in Hotel Hotspot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1766969/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
