Bug #233
BIND 9 behaves REALLY REALLY badly when in a walled garden
| Status: | In Progress | Start date: | 08/17/2011 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Jim Gettys |
% Done: | 0% |
|
| Category: | DNS | Spent time: | 4.00 hours | |
| Target version: | Cerowrt-1.0-rc8 | Estimated time: | 16.00 hours |
Description
When I am in this hotel, where DNS (and most packets) are blocked off-net until I click through a captive portal, BIND 9 will not resolve any names, and my laptop cannot either.
I propose that some checking script be in place which does a DNS lookup to the ge00-provided name server addresses, and if it returns data, then BIND be configured normally. If this look-up fails, BIND should be configured as a forwarder to the dhcp-provided name servers.
History
Updated by Michael Graff almost 2 years ago
Evan and I have a patch to BIND 9 that may help here, a lot. Evan can likely get it to you. I recommend just using it in this release, and if needed make it a knob later.
The problem is that BIND 9 issues upstream queries with recursion desired = 0, and then we get back strange answers from captive, walled garden DNS servers which habitually lie.
The "fix" is to just take what we get. It's either right (in which case validation may work) or bad (in which case it will not).
Possibly one should add UI options to enable/disable validation and enable/disable "just forward to my ISP" options for BIND.
Updated by Dave Täht almost 2 years ago
I'd like more detail on this patch, and to get it into rc6, if it makes sense. I would hope that the vast majority of users are not testing in hotels, however...
Updated by Michael Graff almost 2 years ago
I didn't intend to test it in a hotel, but it was where I was living while in California last week. :)
I'd ask Evan if he can send it along.
Updated by Dave Täht almost 2 years ago
- Target version set to 14
I have this (1 line) patch, somewhere in my mail, but can't find it anywhere, nor remember who it came from.
what is stopping this patch from ending up in bind itself? Carrying out of tree patches is no fun.
Updated by Evan Hunt almost 2 years ago
The patch will end up in BIND as a switch you can turn on, eventually. It's not really proper pinky-raised DNS, so I don't think it should be on by default with no ability to turn it off.
Updated by Jim Gettys over 1 year ago
- Category set to DNS
- Status changed from New to In Progress
- Assignee set to Jim Gettys
- Priority changed from Normal to High
- Target version changed from 14 to Cerowrt-1.0-rc8
- Estimated time set to 16.00
Even weirder, sometimes I see bind work; but most recently mostly not.
I set up the forwarder's file manually, and it worked some of the time. Needs to be setable in a bind UI