2017-10-25 08:35:14 |
Mark Shuttleworth |
bug |
|
|
added bug |
2017-10-25 10:52:41 |
Dimitri John Ledkov |
systemd (Ubuntu): status |
New |
Incomplete |
|
2017-11-06 12:23:16 |
Matthew Alberti |
bug |
|
|
added subscriber mistermatt2u |
2017-11-20 02:19:01 |
oiugews |
bug |
|
|
added subscriber oiugews |
2017-11-21 15:22:41 |
Jeremy Bícha |
bug |
|
|
added subscriber Jeremy Bicha |
2017-11-21 15:28:43 |
Will Cooke |
systemd (Ubuntu): status |
Incomplete |
New |
|
2017-11-21 15:29:01 |
Will Cooke |
systemd (Ubuntu): status |
New |
Confirmed |
|
2017-11-21 15:29:09 |
Will Cooke |
bug |
|
|
added subscriber Will Cooke |
2017-11-27 18:56:03 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu): status |
Confirmed |
Triaged |
|
2017-11-27 18:56:05 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu): importance |
Undecided |
High |
|
2017-11-27 18:56:33 |
Mathieu Trudel-Lapierre |
attachment added |
|
resolved.log https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+attachment/5015333/+files/resolved.log |
|
2017-11-27 18:57:12 |
Mathieu Trudel-Lapierre |
attachment removed |
resolved.log https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+attachment/5015333/+files/resolved.log |
|
|
2017-11-28 00:21:33 |
Steve Langasek |
bug |
|
|
added subscriber Steve Langasek |
2017-12-12 10:21:56 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Bionic |
|
2017-12-12 10:21:56 |
Dimitri John Ledkov |
bug task added |
|
systemd (Ubuntu Bionic) |
|
2017-12-12 10:21:56 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Artful |
|
2017-12-12 10:21:56 |
Dimitri John Ledkov |
bug task added |
|
systemd (Ubuntu Artful) |
|
2017-12-12 10:29:13 |
Dimitri John Ledkov |
nominated for series |
|
Ubuntu Zesty |
|
2017-12-12 10:29:13 |
Dimitri John Ledkov |
bug task added |
|
systemd (Ubuntu Zesty) |
|
2017-12-12 10:33:43 |
Dimitri John Ledkov |
systemd (Ubuntu Bionic): status |
Triaged |
Fix Committed |
|
2018-01-02 09:44:23 |
Launchpad Janitor |
systemd (Ubuntu Zesty): status |
New |
Confirmed |
|
2018-01-02 09:44:23 |
Launchpad Janitor |
systemd (Ubuntu Artful): status |
New |
Confirmed |
|
2018-01-02 09:47:12 |
Axel |
bug |
|
|
added subscriber Axel |
2018-01-11 17:05:46 |
Nafallo Bjälevik |
bug |
|
|
added subscriber Nafallo Bjälevik |
2018-01-18 15:54:13 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Bionic): status |
Fix Committed |
Triaged |
|
2018-01-18 15:54:16 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Artful): status |
Confirmed |
Triaged |
|
2018-01-18 15:54:24 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Zesty): status |
Confirmed |
Won't Fix |
|
2018-01-18 15:54:28 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Artful): importance |
Undecided |
High |
|
2018-01-18 15:54:34 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Bionic): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
2018-01-18 15:54:36 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Artful): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
2018-01-25 14:51:20 |
Mathieu Trudel-Lapierre |
nominated for series |
|
Ubuntu Xenial |
|
2018-01-25 14:51:20 |
Mathieu Trudel-Lapierre |
bug task added |
|
systemd (Ubuntu Xenial) |
|
2018-01-25 14:51:27 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Xenial): status |
New |
Triaged |
|
2018-01-25 14:51:29 |
Mathieu Trudel-Lapierre |
systemd (Ubuntu Xenial): importance |
Undecided |
High |
|
2018-02-01 10:54:32 |
Luis Arias |
bug |
|
|
added subscriber Luis Arias |
2018-02-08 10:54:43 |
Martin Packman |
bug |
|
|
added subscriber Martin Packman |
2018-02-15 19:50:14 |
Francis Ginther |
tags |
|
id-5a1c75741121466ff62dc286 |
|
2018-02-21 07:11:05 |
Hennie Louw |
bug |
|
|
added subscriber Hennie Louw |
2018-03-07 07:02:05 |
Mario Limonciello |
bug |
|
|
added subscriber Mario Limonciello |
2018-03-27 12:22:38 |
Francis Ginther |
tags |
id-5a1c75741121466ff62dc286 |
id-5a1c75741121466ff62dc286 id-5ab9403dee8a8479eed4dba6 |
|
2018-04-06 13:15:37 |
Dimitri John Ledkov |
systemd (Ubuntu Bionic): status |
Triaged |
Fix Committed |
|
2018-04-06 13:15:39 |
Dimitri John Ledkov |
systemd (Ubuntu Bionic): assignee |
Mathieu Trudel-Lapierre (cyphermox) |
Dimitri John Ledkov (xnox) |
|
2018-04-06 13:15:41 |
Dimitri John Ledkov |
systemd (Ubuntu Artful): assignee |
Mathieu Trudel-Lapierre (cyphermox) |
|
|
2018-04-06 13:31:03 |
Dimitri John Ledkov |
description |
I have an odd network situation that I have so far managed to narrow down to the inability to resolve a domain via systemd-resolved which is resolvable with nslookup. If I use nslookup against the two nameservers on this network I get answers for the domain, but ping says it is unable to resolve the same domain (as do browsers and crucially the captive portal mechanism).
Here are details:
NSLOOKUP:
~$ nslookup securelogin.arubanetworks.com 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
~$ nslookup securelogin.arubanetworks.com 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
PING:
~$ ping securelogin.arubanetworks.com
ping: securelogin.arubanetworks.com: Name or service not known
mark@mark-X1Y2:~$
DIG:
~$ dig @208.67.222.222 securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; AUTHORITY SECTION:
arubanetworks.com. 1991 IN SOA dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400
;; Query time: 34 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Oct 25 10:31:10 CEST 2017
;; MSG SIZE rcvd: 144
MORE DIG:
~$ dig securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Oct 25 10:34:01 CEST 2017
;; MSG SIZE rcvd: 58 |
[Impact]
* Certain WiFi captive portals do not support EDNS0 queries, as per RFC.
* Instead of responding with the captive portal IP address, they resond with domain not found
* This prevents the user from hitting the captive portal login page, able to authenticate, and gain access to the internets.
[The Fix]
* As per tcp dumps, the problem arrises from receiving NXDOMAIN when queried with EDNS0
* And receiving the right response without EDNS0
* The solution was to downgrade transactions, and retry EDNS0 + NXDOMAIN result without EDNS0 with a hope of getting the right answer.
[Test Case]
* systemd-resolve securelogin.example.com
* journalctl -b -u systemd-resolve | grep DVE-2018
You should obverse that a warning message that transaction was retried with a reduced feature level e.g. UDP or TCP.
After this test case is performed the result will be cached, therefore to revert to pristine state perform
* systemd-resolve --flush-caches
[Regression Potential]
* The code retries, and then caches, NXDOMAIN results for certain queries (those that have 'secure' in them) with and without EDNS0.
* Thus initial query for these domains may take longer, but hopefully will manage to receive the correct response.
* Manufacturers are encouraged to correctly support EDNS0 queries, with flag D0 set to zero.
[Other Info]
* This issue is tracked as a dns-violation at
https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md
[Original Bug report]
I have an odd network situation that I have so far managed to narrow down to the inability to resolve a domain via systemd-resolved which is resolvable with nslookup. If I use nslookup against the two nameservers on this network I get answers for the domain, but ping says it is unable to resolve the same domain (as do browsers and crucially the captive portal mechanism).
Here are details:
NSLOOKUP:
~$ nslookup securelogin.arubanetworks.com 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
~$ nslookup securelogin.arubanetworks.com 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
PING:
~$ ping securelogin.arubanetworks.com
ping: securelogin.arubanetworks.com: Name or service not known
mark@mark-X1Y2:~$
DIG:
~$ dig @208.67.222.222 securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; AUTHORITY SECTION:
arubanetworks.com. 1991 IN SOA dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400
;; Query time: 34 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Oct 25 10:31:10 CEST 2017
;; MSG SIZE rcvd: 144
MORE DIG:
~$ dig securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Oct 25 10:34:01 CEST 2017
;; MSG SIZE rcvd: 58 |
|
2018-04-13 11:24:24 |
Launchpad Janitor |
systemd (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2018-04-13 12:27:20 |
Tony |
systemd (Ubuntu Bionic): assignee |
Dimitri John Ledkov (xnox) |
Tony (toekneemi) |
|
2018-04-13 12:49:24 |
Jeremy Bícha |
systemd (Ubuntu Bionic): assignee |
Tony (toekneemi) |
|
|
2018-04-16 08:22:43 |
Axel |
attachment added |
|
Forwarding to Captive-Portal login not working. https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+attachment/5117769/+files/Bildschirmfoto%20von%202018-04-16%2009-57-16.png |
|
2018-04-19 20:04:16 |
MJWood0 |
bug |
|
|
added subscriber MJWood0 |
2018-04-25 19:20:56 |
Pete |
bug |
|
|
added subscriber Pete |
2018-10-08 13:54:08 |
Dimitri John Ledkov |
systemd (Ubuntu Artful): status |
Triaged |
Won't Fix |
|
2018-10-21 22:59:23 |
Bryan Quigley |
bug |
|
|
added subscriber Bryan Quigley |
2019-10-13 22:04:16 |
Haw Loeung |
bug |
|
|
added subscriber The Canonical Sysadmins |
2019-10-13 22:11:53 |
Haw Loeung |
removed subscriber The Canonical Sysadmins |
|
|
|
2020-01-03 15:06:35 |
Jan Schmidt |
bug |
|
|
added subscriber Jan Schmidt |
2020-06-01 09:14:11 |
Matthew Alberti |
removed subscriber Matthew Alberti |
|
|
|