Bug 4095 - support for roaming and captive portal detection
support for roaming and captive portal detection
Status: ASSIGNED
Product: unbound
Classification: Unclassified
Component: server
unspecified
x86_64 Linux
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-12 14:49 CEST by Martin
Modified: 2018-05-15 08:58 CEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin 2018-05-12 14:49:12 CEST
I'm using unbound as DNS forwarder on my laptop.

When I'm traveling, each time I am behind a captive portal, I have to manually set the name server to the one provided by the ISP:

    cat /var/run/NetworkManager/resolv.conf >> /etc/resolv.conf

This is only temporary. Once I'm logged in, I then manually remove the added nameserver from /etc/resolv.conf so as to restore DNS privacy-aware and secure mode.

How to automate this? What kind of captive portal detection is compatible with unbound?

(Firefox has such a feature in their new DNS-over-HTTPS feature, see https://bugzilla.mozilla.org/show_bug.cgi?id=1434852).
Comment 1 Wouter Wijngaards 2018-05-14 09:38:00 CEST
Hi Martin,

Sounds like this is more a question for the unbound-users mailing list.
Why don't you ask there, it may also inform other users of your solution?

Captive portals are awkward, I don't think there is a clean (no awkward UI) solution, but maybe.

Best regards, Wouter
Comment 2 Wouter Wijngaards 2018-05-14 09:59:45 CEST
Hi Martin,

The dnssec-trigger project aims to help with captive portal detection.  But it doesn't really run unbound as a forwarder.  It tries to use the normal DNS infrastructure, eg. the DHCP assigned DNS address (if DNSSEC works for it).

https://www.nlnetlabs.nl/projects/dnssec-trigger/about/

Best regards, Wouter
Comment 3 Martin 2018-05-14 22:28:36 CEST
Hi Wouter,

Thanks for your answer. I've posted the message to the list.

Do you mean that dnssec-trigger can be used without DNSSEC?

Best regards, --Martin
Comment 4 Wouter Wijngaards 2018-05-15 08:58:13 CEST
Hi Martin,

Actually yes, you could, but have to manually edit the config file, unbound.conf; even though the installer will turn it on.

But dnssec-trigger tries to set the upstream by detecting DNSSEC support in the upstream choices; and that will conflict with your config of unbound as a forwarder.

Best regards, Wouter