Bug #233

BIND 9 behaves REALLY REALLY badly when in a walled garden

Added by Michael Graff on Aug 17, 2011. Updated on Nov 18, 2011.
In Progress High Jim Gettys


When I am in this hotel, where DNS (and most packets) are blocked off-net until I click through a captive portal, BIND 9 will not resolve any names, and my laptop cannot either.

I propose that some checking script be in place which does a DNS lookup to the ge00-provided name server addresses, and if it returns data, then BIND be configured normally. If this look-up fails, BIND should be configured as a forwarder to the dhcp-provided name servers.


Updated by Michael Graff on Aug 22, 2011.
Evan and I have a patch to BIND 9 that may help here, a lot. Evan can likely get it to you. I recommend just using it in this release, and if needed make it a knob later.

The problem is that BIND 9 issues upstream queries with recursion desired = 0, and then we get back strange answers from captive, walled garden DNS servers which habitually lie.

The “fix” is to just take what we get. It’s either right (in which case validation may work) or bad (in which case it will not).

Possibly one should add UI options to enable/disable validation and enable/disable “just forward to my ISP” options for BIND.

Updated by Dave Täht on Aug 23, 2011.
I’d like more detail on this patch, and to get it into rc6, if it makes sense. I would hope that the vast majority of users are not testing in hotels, however…
Updated by Michael Graff on Aug 23, 2011.
I didn’t intend to test it in a hotel, but it was where I was living while in California last week. :)

I’d ask Evan if he can send it along.

Updated by Dave Täht on Sep 17, 2011.
I have this (1 line) patch, somewhere in my mail, but can’t find it anywhere, nor remember who it came from.

what is stopping this patch from ending up in bind itself? Carrying out of tree patches is no fun.

Updated by Evan Hunt on Sep 17, 2011.
The patch will end up in BIND as a switch you can turn on, eventually. It’s not really proper pinky-raised DNS, so I don’t think it should be on by default with no ability to turn it off.
Updated by Jim Gettys on Nov 18, 2011.
Even weirder, sometimes I see bind work; but most recently mostly not.

I set up the forwarder’s file manually, and it worked some of the time. Needs to be setable in a bind UI

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent Updates

Apr 12, 2024 Wiki page
What Can I Do About Bufferbloat?
Dec 3, 2022 Wiki page
Codel Wiki
Jun 11, 2022 Wiki page
More about Bufferbloat
Jun 11, 2022 Wiki page
Tests for Bufferbloat
Dec 7, 2021 Wiki page
Getting SQM Running Right

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine


Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
The Cake shaper
CeroWrt (where it all started)

Network Performance Related Resources

Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".