[Dnsmasq-discuss] dnssec and local caching dns in fedora and network manager

Mon Apr 14 15:47:33 UTC 2014

On Mon, Apr 14, 2014 at 8:38 AM, Dan Williams <dcbw at redhat.com> wrote:
> On Mon, 2014-04-14 at 09:31 +0100, Simon Kelley wrote:
>> On 13/04/14 21:24, Dave Taht wrote:
>> > interesting long thread over at the fedora project this weekend:
>> >
>> > https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html
>> >
>>
>> I'm quite a long way through it already. The main takehome seems to be
>> that captive portals are even more broken in the era of DNSSEC than
>> before. It's amazing that's even possible......
>
> They are quite awful.  They were always awful.  But with 10+ years of
> captive portal hackage, it's pretty much on the DNSSEC implementors to
> either (a) change every captive portal to work, or (b) figure out how to
> work around the problem.  A combination of the two is the right path,
> but nobody is going to get all captive portals to follow a spec.

Or c) make the legal and social environment such that the perceived need
for captive portals go away entirely.

https://www.openwireless.org/

> There is Hotspot 2.0 (and the older WISPR) that at least automates the
> process so that you *know* you're connected to a captive portal and
> sometimes you can automatically log in using the SIM card in your device
> or other cached credentials.  Usually used by phones and providers to
> automatically roam to WiFi networks your provider has affiliations with.
>
> This is where the standardization work is going on for hotspot stuff.
>
> Dan
>
>> Maybe the IETF should create a sane spec for such things....
>>
>>
>>
>> Simon.
>>
>> >
>> >
>> > ---------- Forwarded message ----------
>> > From: Chuck Anderson <cra at wpi.edu>
>> > Date: Sun, Apr 13, 2014 at 10:59 AM
>> > Subject: Re: [Cerowrt-devel] Full blown DNSSEC by default?
>> > To: cerowrt-devel at lists.bufferbloat.net
>> >
>> >
>> > On Sun, Apr 13, 2014 at 12:05:19PM +0200, Toke Høiland-Jørgensen wrote:
>> >>
>> >>> Is there a "D"?
>> >>
>> >> Running a full resolver in cerowrt? I've been running a dnssec-enabled bind for some time on my boxes (prior to dnssec support in dnsmasq).
>> >
>> > How do these proposals compare with unbound+dnssec-trigger in the
>> > Fedora world?  I stirred up a rats nest:
>> >
>> > https://lists.fedoraproject.org/pipermail/devel/2014-April/197755.html
>> >
>> > I realize these are slightly different use cases, but it may be
>> > helpful to learn from the different implementations, if for no other
>> > reason than to be sure they interoperate.  I'm going to turn on
>> > unbound+dnssec-trigger on my laptop and try it behind Cerowrt w/DNSSEC
>> > turned on to see what happens...
>> > _______________________________________________
>> > Cerowrt-devel mailing list
>> > Cerowrt-devel at lists.bufferbloat.net
>> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>> >
>> >
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-- 
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article