On 04/11/2014 03:14 PM, P J P wrote:

On Saturday, 12 April 2014 12:40 AM, Bruno Wolff III wrote:
It looks like your proposal is going to break things for people using 
some wifi hotspots.

  Why, how?

It's a hack designed to handle someone that just connected to the network and opened a browser, say.
Instead of blocking access, one runs a fake DNS system that responds with the captive portal's IP to every query.
The httpd service at that IP responds with an "enter your credentials to get network access" page to all URLs.

An example of such fake DNS server is the following code resolving all queries to 192.168.123.45

#!/usr/bin/perl

use Net::DNS::Nameserver;
use strict;
use warnings;

sub reply_handler {
    my ($qname, $qclass, $qtype, $peerhost) = @_;
    my ($rcode, @ans, @auth, @add);

    if ($qtype eq "A") {
        my ($ttl, $rdata) = (3600, "192.168.123.45");
        push @ans, Net::DNS::RR->new("$qname $ttl $qclass $qtype $rdata");
        $rcode = "NOERROR";
    } else {
         $rcode = "NXDOMAIN";
    }

    # mark the answer as authoritive (by setting the 'aa' flag
    return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
}

my $ns = Net::DNS::Nameserver->new(
     LocalPort    => 53,
     ReplyHandler => \&reply_handler,
     Verbose      => 0,
);

if ($ns) {
     $ns->main_loop;
} else {
    die "couldn't create nameserver object\n";
}