[Bug 1727237] Re: systemd-resolved is not finding a domain

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Mon Nov 27 18:55:53 UTC 2017 

So I managed to reproduce this in a way that looks correct (Starbucks
WiFi here uses Datavalet but fails in a way that looks the same: it
thinks you're logged in once you clicked the "Login" button on the
captive portal page once, but then updates DNS, but still attempts to
look up secure.datavalet.io (but this is no longer resolving because
we're in the public side now); and once you try to hit another site, you
did not get to the "landing" page on the public side so it thinks you're
still unauthenticated.

One one hand, this looks like just really terrible behavior of the
captive portal, and it "worked" only because we were pretty slow to deal
with the changing settings; or because we were caching the DNS responses
for just long enough.

I got logs from my reproducer as well as packet captures, and I will
have to comb through them to figure out if there's anything really
obscure and wrong, but my initial guess is that this is an issue related
to DNS caching. Probably the cache is invalidated when the IP changes as
we get to the public side, but ought to retain the resolution address
for the portal.

It needs a little more investigation and testing, but I think this
qualifies as "Triaged" now; and should have some fix or workaround to
deal with Aruba and Datavalet, both are reasonably common hotspot
infrastructure.

** Changed in: systemd (Ubuntu)
       Status: Confirmed => Triaged

** Changed in: systemd (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1727237

Title:
  systemd-resolved is not finding a domain

Status in systemd package in Ubuntu:
  Triaged

Bug description:
  I have an odd network situation that I have so far managed to narrow
  down to the inability to resolve a domain via systemd-resolved which
  is resolvable with nslookup. If I use nslookup against the two
  nameservers on this network I get answers for the domain, but ping
  says it is unable to resolve the same domain (as do browsers and
  crucially the captive portal mechanism).

  Here are details:

  NSLOOKUP:

  ~$ nslookup securelogin.arubanetworks.com 208.67.220.220
  Server:		208.67.220.220
  Address:	208.67.220.220#53

  Non-authoritative answer:
  Name:	securelogin.arubanetworks.com
  Address: 172.22.240.242

  ~$ nslookup securelogin.arubanetworks.com 208.67.222.222
  Server:		208.67.222.222
  Address:	208.67.222.222#53

  Non-authoritative answer:
  Name:	securelogin.arubanetworks.com
  Address: 172.22.240.242

  
  PING:

  ~$ ping securelogin.arubanetworks.com
  ping: securelogin.arubanetworks.com: Name or service not known
  mark at mark-X1Y2:~$ 

  
  DIG:

  ~$ dig @208.67.222.222 securelogin.arubanetworks.com

  ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4096
  ;; QUESTION SECTION:
  ;securelogin.arubanetworks.com.	IN	A

  ;; AUTHORITY SECTION:
  arubanetworks.com.	1991	IN	SOA	dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400

  ;; Query time: 34 msec
  ;; SERVER: 208.67.222.222#53(208.67.222.222)
  ;; WHEN: Wed Oct 25 10:31:10 CEST 2017
  ;; MSG SIZE  rcvd: 144

  
  MORE DIG:

  ~$ dig securelogin.arubanetworks.com

  ; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;securelogin.arubanetworks.com.	IN	A

  ;; Query time: 0 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Wed Oct 25 10:34:01 CEST 2017
  ;; MSG SIZE  rcvd: 58

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+subscriptions

More information about the foundations-bugs mailing list