Can confirm that the dns logs indicate that systemd-resolved is not falling back from UDP+EDNS0 to UDP in response to these NXDOMAIN answers.
The existing patch only implements this fallback when the portal name being looked up includes 'secure' as a substring: + if (DNS_PACKET_RCODE(p) == DNS_RCODE_NXDOMAIN && t->current_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) { + + char key_str[DNS_RESOURCE_KEY_STRING_MAX]; + dns_resource_key_to_string(t->key, key_str, sizeof key_str); + if (strstr(key_str, "secure") != NULL) { + t->current_feature_level = t->current_feature_level - 1; + + log_warning("Server returned error %s, suspecting DNS violation DVE-2018-0001, retrying transaction with reduced feature level %s.", The packet capture shows a number of DNS lookups, but not containing the substring 'secure'; and none that appear to correspond to the captive portal itself. This may require a different sort of solution than the previous bug, I'm not sure. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1766969 Title: DNS cannot be resolved in Hotel Hotspot Status in systemd package in Ubuntu: Confirmed Bug description: I was asked to create a new bug for this in https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237 as it seems to be a different issue. I have installed the nightly image of Kubuntu Bionic from 25th of April. There systemd is in version 237-3ubuntu10. When connecting to the wifi hotspot in my hotel (Quality Hotel Augsburg) I cannot open the hotspot landing page that should give me access to the WIFI. With Windows and on an Iphone it's working. For the following distributions I can confirm it not working: Kubuntu 17.10 Kubuntu 18.04 (nightly image 25th of April 2018) The logs were taken on 18.04. Workaround: sudo systemctl disable systemd-resolved.service sudo service systemd-resolved stop sudo rm /etc/resolv.conf sudo nano /etc/NetworkManager/NetworkManager.conf >> add "dns=default" under [main] sudo service network-manager restart Then I can connect to the WIFI and I see the login page in Firefox. To capture some data I did the following: - connect to Hotspot - enter golem.de Case 1: Fresh default Kubuntu install With a default Kubuntu install it does not work. I can connect to the WIFI and get IP and DNS from DHCP but I cannot resolve any hostname. When trying to open the router ip directly in the browser it forwards to hotsplots.de which cannot be resolved. Case 2: With aforementioned Workaround I connect to the wifi, I open firefox and the login page shows up (if I havent been connected yet. In the capture I already was able to connect to the hotspot which allows immediately to connect to the webpage) PS: I'll be in this hotel till Friday 27th if more information are required. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1766969/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp