Comment 3 for bug 1766969

Revision history for this message
Steve Langasek (vorlon) wrote : Re: DNS cannot be resolved in Hotel Hotspot

Can confirm that the dns logs indicate that systemd-resolved is not falling back from UDP+EDNS0 to UDP in response to these NXDOMAIN answers.

The existing patch only implements this fallback when the portal name being looked up includes 'secure' as a substring:

+ if (DNS_PACKET_RCODE(p) == DNS_RCODE_NXDOMAIN && t->current_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) {
+
+ char key_str[DNS_RESOURCE_KEY_STRING_MAX];
+ dns_resource_key_to_string(t->key, key_str, sizeof key_str);
+ if (strstr(key_str, "secure") != NULL) {
+ t->current_feature_level = t->current_feature_level - 1;
+
+ log_warning("Server returned error %s, suspecting DNS violation DVE-2018-0001, retrying transaction with reduced feature level %s.",

The packet capture shows a number of DNS lookups, but not containing the substring 'secure'; and none that appear to correspond to the captive portal itself. This may require a different sort of solution than the previous bug, I'm not sure.