Maintained by: NLnet Labs

[Unbound-users] Captive portal question

Tim Kindberg
Fri Apr 23 15:41:36 CEST 2010


Dear all,

I'm trying to work around my inability to configure Unbound as per my 
original message (below) and have encountered another problem. According 
to the manual, "Answers for local zones are authoritative DNS answers" 
but this seems not to be the case:

local-zone: "." redirect
local-data: ". IN A 192.168.0.1"

produces:

dig bbc.co.uk

; <<>> DiG 9.4.3-P3 <<>> bbc.co.uk
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55611
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bbc.co.uk.			IN	A

;; ANSWER SECTION:
.			3600	IN	A	192.168.0.1

;; Query time: 2 msec

-- i.e. no authoritative answer.

Again, am I missing something?

Best wishes,

Tim

Tim Kindberg wrote:
> Dear Unbound users,
> 
> I'm using unbound to build a somewhat unusual type of captive portal.
> It's a Linux box that acts as a restricted WiFi access point to a group
> of clients, and which has an outbound connection to the internet and
> knows DNS servers to use out there.
> 
> The portal lets users freely access one particular site on the internet;
> it forces accesses to another specific site back to itself; and it makes
> everything else go to a third specific site on the internet.  In other
> words, it behaves as follows:
> 
> 1. traffic to example1.org is to be resolved normally, i.e. ultimately
> by the DNS server on the internet that the captive portal machine knows
> about
> 2. traffic to example2.org is to be resolved to 192.168.0.1 (the captive
> portal machine)
> 3. everything else is to resolve to example3.org, a machine out on the
> internet
> 
> I've added the following to my conf file.  1 & 2 work fine but 3 doesn't
> work.  I'd be grateful for advice about what I'm doing wrong.
> 
> local-zone: "." redirect
> local-zone "example1.org." transparent
> local-zone "example2.org." static
> local-zone "example3.org." transparent
> local-data: ". IN CNAME example3.org."
> local-data: "example2.org. IN A 192.168.0.1"
> 
> dig bbc.co.uk gives:
> ; <<>> DiG 9.4.3-P3 <<>> bbc.co.uk
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7088
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;bbc.co.uk.            IN    A
> 
> ;; Query time: 1 msec
> 
> BTW, I now see that the documentation specifically says the CNAME local 
> data won't work, and advises me to use a stub zone.  But when I look at 
> the documentation for that, none of it seems to relate to what I'm 
> trying to achieve, i.e. the * -> example3.org mapping, except for the 
> exceptions identified above.
> 
> Cheers,
> 
> Tim
> 

-- 

Tim Kindberg
Matter 2 Media Ltd
w: matter2media.com
e: tim at matter2media.com
m: +44 (0)7954 582814
t: +44 (0)117 9095221