[Group.of.nepali.translators] [Bug 1727237] Re: systemd-resolved is not finding a domain
** Changed in: systemd (Ubuntu Artful) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1727237 Title: systemd-resolved is not finding a domain Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Triaged Status in systemd source package in Zesty: Won't Fix Status in systemd source package in Artful: Won't Fix Status in systemd source package in Bionic: Fix Released Bug description: [Impact] * Certain WiFi captive portals do not support EDNS0 queries, as per RFC. * Instead of responding with the captive portal IP address, they resond with domain not found * This prevents the user from hitting the captive portal login page, able to authenticate, and gain access to the internets. [The Fix] * As per tcp dumps, the problem arrises from receiving NXDOMAIN when queried with EDNS0 * And receiving the right response without EDNS0 * The solution was to downgrade transactions, and retry EDNS0 + NXDOMAIN result without EDNS0 with a hope of getting the right answer. [Test Case] * systemd-resolve securelogin.example.com * journalctl -b -u systemd-resolve | grep DVE-2018 You should obverse that a warning message that transaction was retried with a reduced feature level e.g. UDP or TCP. After this test case is performed the result will be cached, therefore to revert to pristine state perform * systemd-resolve --flush-caches [Regression Potential] * The code retries, and then caches, NXDOMAIN results for certain queries (those that have 'secure' in them) with and without EDNS0. * Thus initial query for these domains may take longer, but hopefully will manage to receive the correct response. * Manufacturers are encouraged to correctly support EDNS0 queries, with flag D0 set to zero. [Other Info] * This issue is tracked as a dns-violation at https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md [Original Bug report] I have an odd network situation that I have so far managed to narrow down to the inability to resolve a domain via systemd-resolved which is resolvable with nslookup. If I use nslookup against the two nameservers on this network I get answers for the domain, but ping says it is unable to resolve the same domain (as do browsers and crucially the captive portal mechanism). Here are details: NSLOOKUP: ~$ nslookup securelogin.arubanetworks.com 208.67.220.220 Server: 208.67.220.220 Address: 208.67.220.220#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 ~$ nslookup securelogin.arubanetworks.com 208.67.222.222 Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 PING: ~$ ping securelogin.arubanetworks.com ping: securelogin.arubanetworks.com: Name or service not known mark@mark-X1Y2:~$ DIG: ~$ dig @208.67.222.222 securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; AUTHORITY SECTION: arubanetworks.com.1991IN SOA dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400 ;; Query time: 34 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Wed Oct 25 10:31:10 CEST 2017 ;; MSG SIZE rcvd: 144 MORE DIG: ~$ dig securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Oct 25 10:34:01 CEST 2017 ;; MSG SIZE rcvd: 58 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1727237] Re: systemd-resolved is not finding a domain
This bug was fixed in the package systemd - 237-3ubuntu8 --- systemd (237-3ubuntu8) bionic; urgency=medium * Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001). (LP: #1727237) * resolved: Listen on both TCP and UDP by default. (LP: #1731522) * Recommend networkd-dispatcher (LP: #1762386) * Refresh patches -- Dimitri John LedkovThu, 12 Apr 2018 12:12:24 +0100 ** Changed in: systemd (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1727237 Title: systemd-resolved is not finding a domain Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Triaged Status in systemd source package in Zesty: Won't Fix Status in systemd source package in Artful: Triaged Status in systemd source package in Bionic: Fix Released Bug description: [Impact] * Certain WiFi captive portals do not support EDNS0 queries, as per RFC. * Instead of responding with the captive portal IP address, they resond with domain not found * This prevents the user from hitting the captive portal login page, able to authenticate, and gain access to the internets. [The Fix] * As per tcp dumps, the problem arrises from receiving NXDOMAIN when queried with EDNS0 * And receiving the right response without EDNS0 * The solution was to downgrade transactions, and retry EDNS0 + NXDOMAIN result without EDNS0 with a hope of getting the right answer. [Test Case] * systemd-resolve securelogin.example.com * journalctl -b -u systemd-resolve | grep DVE-2018 You should obverse that a warning message that transaction was retried with a reduced feature level e.g. UDP or TCP. After this test case is performed the result will be cached, therefore to revert to pristine state perform * systemd-resolve --flush-caches [Regression Potential] * The code retries, and then caches, NXDOMAIN results for certain queries (those that have 'secure' in them) with and without EDNS0. * Thus initial query for these domains may take longer, but hopefully will manage to receive the correct response. * Manufacturers are encouraged to correctly support EDNS0 queries, with flag D0 set to zero. [Other Info] * This issue is tracked as a dns-violation at https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md [Original Bug report] I have an odd network situation that I have so far managed to narrow down to the inability to resolve a domain via systemd-resolved which is resolvable with nslookup. If I use nslookup against the two nameservers on this network I get answers for the domain, but ping says it is unable to resolve the same domain (as do browsers and crucially the captive portal mechanism). Here are details: NSLOOKUP: ~$ nslookup securelogin.arubanetworks.com 208.67.220.220 Server: 208.67.220.220 Address: 208.67.220.220#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 ~$ nslookup securelogin.arubanetworks.com 208.67.222.222 Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 PING: ~$ ping securelogin.arubanetworks.com ping: securelogin.arubanetworks.com: Name or service not known mark@mark-X1Y2:~$ DIG: ~$ dig @208.67.222.222 securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; AUTHORITY SECTION: arubanetworks.com.1991IN SOA dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400 ;; Query time: 34 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Wed Oct 25 10:31:10 CEST 2017 ;; MSG SIZE rcvd: 144 MORE DIG: ~$ dig securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Oct 25 10:34:01 CEST 2017 ;; MSG SIZE rcvd: 58 To manage
[Group.of.nepali.translators] [Bug 1727237] Re: systemd-resolved is not finding a domain
Xenial is affected too (systemd v229 looks to be, in general), so when SRUing we might as well push the fix there too, even if resolved is not typically used on Xenial. ** Also affects: systemd (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Xenial) Status: New => Triaged ** Changed in: systemd (Ubuntu Xenial) Importance: Undecided => High -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1727237 Title: systemd-resolved is not finding a domain Status in systemd package in Ubuntu: Triaged Status in systemd source package in Xenial: Triaged Status in systemd source package in Zesty: Won't Fix Status in systemd source package in Artful: Triaged Status in systemd source package in Bionic: Triaged Bug description: I have an odd network situation that I have so far managed to narrow down to the inability to resolve a domain via systemd-resolved which is resolvable with nslookup. If I use nslookup against the two nameservers on this network I get answers for the domain, but ping says it is unable to resolve the same domain (as do browsers and crucially the captive portal mechanism). Here are details: NSLOOKUP: ~$ nslookup securelogin.arubanetworks.com 208.67.220.220 Server: 208.67.220.220 Address: 208.67.220.220#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 ~$ nslookup securelogin.arubanetworks.com 208.67.222.222 Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: securelogin.arubanetworks.com Address: 172.22.240.242 PING: ~$ ping securelogin.arubanetworks.com ping: securelogin.arubanetworks.com: Name or service not known mark@mark-X1Y2:~$ DIG: ~$ dig @208.67.222.222 securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; AUTHORITY SECTION: arubanetworks.com.1991IN SOA dns5.arubanetworks.com. hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400 ;; Query time: 34 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Wed Oct 25 10:31:10 CEST 2017 ;; MSG SIZE rcvd: 144 MORE DIG: ~$ dig securelogin.arubanetworks.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;securelogin.arubanetworks.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Oct 25 10:34:01 CEST 2017 ;; MSG SIZE rcvd: 58 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp