default local DNS caching name server

Dan Williams dcbw at
Mon Apr 14 16:06:24 UTC 2014

On Mon, 2014-04-14 at 12:00 -0400, Paul Wouters wrote:
> On Mon, 14 Apr 2014, Dan Williams wrote:
> > But another scenario I've seen:  older Netgear routers which intercept
> > "" as the setup page.  The instructions literally
> > are:
> >
> > 1) connect your computer to the router with a cable
> > 2) go to
> > 3) follow the setup guide instructions
> >
> > Any idea how dnssec-trigger + unbound would handle this?  Since it's
> > router setup, maybe spawning the whole new window for the "portal" would
> > work, but you'd want to make sure the window didn't go away or DNS
> > didn't change until the user was done setting up the router.
> I don't know what they do when you query for anything else. If there is
> no hotspot redirection on port 80/443 and their DNS server works
> properly, and your wifi was secure, you would then get their forward
> and the above would work. If it is an open wifi, we would not install

Since the user is setting things up, they can pick whether it's open or
protected wifi.  We don't control that.

> the forward and you would not get there. but in the current setup, you
> can pick "hotspot login" mode and it puts their DNS in place, and than
> you will reach it. Note that manual hotspot login sessions require you

Ok, that could be a problem.  This is a user setting up wifi on a router
they just bought, so it has no upstream connection yet, is not yet
configured at all, and they are just following the directions in the
printed brochure they got with the router.  Which obviously won't say
anything about "hotspot login" mode.

Also, this is the procedure you follow if you reset the router to
factory defaults, which support people sometimes tell you to do.  So
we'd run into the issue if/when the user contacted Netgear technical
support too.


> to manually mark them for "reprobe" as well because apparently we cannot
> probe for it because you manually overrode it. If you switch networks,
> and bring up the VPN, you'll encounter weird things. While still in
> hotspot mode, the VPN forward put into unbound is not active because you
> are not using unbound yet (until you hit reprobe to leave "hotspot
> signon" mode.
> Paul

More information about the devel mailing list