So I managed to reproduce this in a way that looks correct (Starbucks
WiFi here uses Datavalet but fails in a way that looks the same: it
thinks you're logged in once you clicked the "Login" button on the
captive portal page once, but then updates DNS, but still attempts to
look up secure.datavalet.io (but this is no longer resolving because
we're in the public side now); and once you try to hit another site, you
did not get to the "landing" page on the public side so it thinks you're
still unauthenticated.
One one hand, this looks like just really terrible behavior of the
captive portal, and it "worked" only because we were pretty slow to deal
with the changing settings; or because we were caching the DNS responses
for just long enough.
I got logs from my reproducer as well as packet captures, and I will
have to comb through them to figure out if there's anything really
obscure and wrong, but my initial guess is that this is an issue related
to DNS caching. Probably the cache is invalidated when the IP changes as
we get to the public side, but ought to retain the resolution address
for the portal.
It needs a little more investigation and testing, but I think this
qualifies as "Triaged" now; and should have some fix or workaround to
deal with Aruba and Datavalet, both are reasonably common hotspot
infrastructure.
** Changed in: systemd (Ubuntu)
Status: Confirmed => Triaged
** Changed in: systemd (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1727237
Title:
systemd-resolved is not finding a domain
Status in systemd package in Ubuntu:
Triaged
Bug description:
I have an odd network situation that I have so far managed to narrow
down to the inability to resolve a domain via systemd-resolved which
is resolvable with nslookup. If I use nslookup against the two
nameservers on this network I get answers for the domain, but ping
says it is unable to resolve the same domain (as do browsers and
crucially the captive portal mechanism).
Here are details:
NSLOOKUP:
~$ nslookup securelogin.arubanetworks.com 208.67.220.220
Server: 208.67.220.220
Address: 208.67.220.220#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
~$ nslookup securelogin.arubanetworks.com 208.67.222.222
Server: 208.67.222.222
Address: 208.67.222.222#53
Non-authoritative answer:
Name: securelogin.arubanetworks.com
Address: 172.22.240.242
PING:
~$ ping securelogin.arubanetworks.com
ping: securelogin.arubanetworks.com: Name or service not known
mark@mark-X1Y2:~$
DIG:
~$ dig @208.67.222.222 securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @208.67.222.222 securelogin.arubanetworks.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9416
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; AUTHORITY SECTION:
arubanetworks.com. 1991 IN SOA dns5.arubanetworks.com.
hostmaster.arubanetworks.com. 1323935888 3600 200 1209600 86400
;; Query time: 34 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Oct 25 10:31:10 CEST 2017
;; MSG SIZE rcvd: 144
MORE DIG:
~$ dig securelogin.arubanetworks.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> securelogin.arubanetworks.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;securelogin.arubanetworks.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Oct 25 10:34:01 CEST 2017
;; MSG SIZE rcvd: 58
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1727237/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
