default local DNS caching name server

Przemek Klosowski przemek.klosowski at nist.gov
Fri Apr 11 20:32:37 UTC 2014


On 04/11/2014 03:14 PM, P J P wrote:
>> On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote:
>> It looks like your proposal is going to break things for people using
>> some wifi hotspots.
>    Why, how?
It's a hack designed to handle someone that just connected to the 
network and opened a browser, say.
Instead of blocking access, one runs a fake DNS system that responds 
with the captive portal's IP to every query.
The httpd service at that IP responds with an "enter your credentials to 
get network access" page to all URLs.

An example of such fake DNS server is the following code resolving all 
queries to 192.168.123.45

#!/usr/bin/perl

  use Net::DNS::Nameserver;
  use strict;
  use warnings;

  sub reply_handler {
      my ($qname, $qclass, $qtype, $peerhost) = @_;
      my ($rcode, @ans, @auth, @add);

      if ($qtype eq "A") {
          my ($ttl, $rdata) = (3600, "192.168.123.45");
          push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype $rdata");
          $rcode = "NOERROR";
      } else {
          $rcode = "NXDOMAIN";
      }

      # mark the answer as authoritive (by setting the 'aa' flag
      return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
  }

  my $ns = Net::DNS::Nameserver->new(
      LocalPort    => 53,
      ReplyHandler => \&reply_handler,
      Verbose      => 0,
  );

  if ($ns) {
      $ns->main_loop;
  } else {
     die "couldn't create nameserver object\n";
  }

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140411/9214050f/attachment.html>


More information about the devel mailing list