[dns-operations] ... one of the more annoying captive portal breakages I've seen...

Warren Kumari warren at kumari.net
Wed Feb 19 21:06:25 UTC 2020


So, I'm sitting in a hotel in Melbourne (APRICOT20), trying to get
some work done[0].

They have a captive portal which a: logs you our fairly often and b:
requires you use their DNS server. Ugh, but OK.

..but, they have managed to invent some new, and interesting failure
mode - if I look up a name which isn't in the cache, I *immediatly*
get back a SERVFAIL. Ask the question a bunch more times, and after a
few seconds you start getting an answer.

$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47760
$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3344
$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48739
.... [ continues for ~4 seconds ]
$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3417
$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58153
$ dig www.snozzages.com  | grep status
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23212

So, this is annoying, but kind-of possibly, if you squint really hard, OK.
but, the other failure mode (which I'm having a hard time capturing at
the moment) goes:
NXDOMAIN
NXDOMAIN
NXDOMAIN
ANSWER!

This behavior is baffling - other than intentionally, how do you
managed to break something this badly / in this way!?

Oh, I just needed to rant a bit...

W
[0]: Yeah, ok, I was trying to reach Reddit.....

-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the dns-operations mailing list