Developer

Hello!

I have tried to search support case for mishandling of DNS request in captive portal mode. It were reported publicly as defect DVE-2018-0001. I work as a Software Engineer at Red Hat and were looking for a way to remove workaround implemented in systemd-resolved on Linux systems. But first I wanted to check whether such issue were reported to responsible vendor, which is some Aruba network device. Unfortunately I have no idea what the device offering this broken service is. Some details are on Ubuntu bug.

Its DNS communication is clearly broken and response does not follow RFC 6891: Extension Mechanisms for DNS (EDNS(0)). It does not follow even original RFC 1035. Working around such brokenes on side of systemd-resolved (or any other DNS cache) is wrong. It should be fixed on the devices.

However I got stuck in corporate hell on Aruba support. It seems I am unable to query support in any way to ask whether this defect has known identifier. And whether it was fixed already in existing software. Not without having customer identificators.

Could you please help me finding any indication this has been solved? Ideally a public link, which could be added to github issue as a pointer where it was fixed. I were unable to find it.

. 

------------------------------
Petr Menšík
Software Engineer @ Red Hat
------------------------------

This issue seems addressed in ArubaOS 8.6.0.17: AOS-222843:
The Captive Portal page for some Linux clients displayed an Authentication failed message after a user entered the login credentials. This issue occurred when the AP failed to relay the DNS response. The fix ensures that Linux clients can authenticate successfully using the Captive Portal page. This issue was observed in APs running Aruba Instant 8.6.0.0 or later versions.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Mar 24, 2023 06:31 AM
From: pemensik
Subject: Captive portal issue DVE-2018-0001

Hello!

I have tried to search support case for mishandling of DNS request in captive portal mode. It were reported publicly as defect DVE-2018-0001. I work as a Software Engineer at Red Hat and were looking for a way to remove workaround implemented in systemd-resolved on Linux systems. But first I wanted to check whether such issue were reported to responsible vendor, which is some Aruba network device. Unfortunately I have no idea what the device offering this broken service is. Some details are on Ubuntu bug.

Its DNS communication is clearly broken and response does not follow RFC 6891: Extension Mechanisms for DNS (EDNS(0)). It does not follow even original RFC 1035. Working around such brokenes on side of systemd-resolved (or any other DNS cache) is wrong. It should be fixed on the devices.

However I got stuck in corporate hell on Aruba support. It seems I am unable to query support in any way to ask whether this defect has known identifier. And whether it was fixed already in existing software. Not without having customer identificators.

Could you please help me finding any indication this has been solved? Ideally a public link, which could be added to github issue as a pointer where it was fixed. I were unable to find it.

. 

------------------------------
Petr Menšík
Software Engineer @ Red Hat
------------------------------