Maintained by: NLnet Labs

[Unbound-users] Captive portal question

bmanning at vacation.karoshi.com
Sat Apr 24 05:30:29 CEST 2010


 check again.  the aa bit is set.  this is an authoritative answer.

--bill


On Fri, Apr 23, 2010 at 02:41:36PM +0100, Tim Kindberg wrote:
> Dear all,
> 
> I'm trying to work around my inability to configure Unbound as per my 
> original message (below) and have encountered another problem. According 
> to the manual, "Answers for local zones are authoritative DNS answers" 
> but this seems not to be the case:
> 
> local-zone: "." redirect
> local-data: ". IN A 192.168.0.1"
> 
> produces:
> 
> dig bbc.co.uk
> 
> ; <<>> DiG 9.4.3-P3 <<>> bbc.co.uk
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55611
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;bbc.co.uk.			IN	A
> 
> ;; ANSWER SECTION:
> .			3600	IN	A	192.168.0.1
> 
> ;; Query time: 2 msec
> 
> -- i.e. no authoritative answer.
> 
> Again, am I missing something?
> 
> Best wishes,
> 
> Tim
> 
> Tim Kindberg wrote:
> >Dear Unbound users,
> >
> >I'm using unbound to build a somewhat unusual type of captive portal.
> >It's a Linux box that acts as a restricted WiFi access point to a group
> >of clients, and which has an outbound connection to the internet and
> >knows DNS servers to use out there.
> >
> >The portal lets users freely access one particular site on the internet;
> >it forces accesses to another specific site back to itself; and it makes
> >everything else go to a third specific site on the internet.  In other
> >words, it behaves as follows:
> >
> >1. traffic to example1.org is to be resolved normally, i.e. ultimately
> >by the DNS server on the internet that the captive portal machine knows
> >about
> >2. traffic to example2.org is to be resolved to 192.168.0.1 (the captive
> >portal machine)
> >3. everything else is to resolve to example3.org, a machine out on the
> >internet
> >
> >I've added the following to my conf file.  1 & 2 work fine but 3 doesn't
> >work.  I'd be grateful for advice about what I'm doing wrong.
> >
> >local-zone: "." redirect
> >local-zone "example1.org." transparent
> >local-zone "example2.org." static
> >local-zone "example3.org." transparent
> >local-data: ". IN CNAME example3.org."
> >local-data: "example2.org. IN A 192.168.0.1"
> >
> >dig bbc.co.uk gives:
> >; <<>> DiG 9.4.3-P3 <<>> bbc.co.uk
> >;; global options:  printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7088
> >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> >;; QUESTION SECTION:
> >;bbc.co.uk.            IN    A
> >
> >;; Query time: 1 msec
> >
> >BTW, I now see that the documentation specifically says the CNAME local 
> >data won't work, and advises me to use a stub zone.  But when I look at 
> >the documentation for that, none of it seems to relate to what I'm 
> >trying to achieve, i.e. the * -> example3.org mapping, except for the 
> >exceptions identified above.
> >
> >Cheers,
> >
> >Tim
> >
> 
> -- 
> 
> Tim Kindberg
> Matter 2 Media Ltd
> w: matter2media.com
> e: tim at matter2media.com
> m: +44 (0)7954 582814
> t: +44 (0)117 9095221
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users