[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#582916: Testing eglibc 2.17-7

Thomas Hood <jdthood@gmail.com> writes:

> After "iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP" the output of
> the program is the same whether hosts="www.google.com." or "karme.de.".

from the test:

"to easily reproduce, fake packet loss/overloaded dns server
on linux do something like:
# iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP 
# iptables -I OUTPUT -p udp -m udp --dport 53 -j LOG --log-prefix "DROP DNS REQUEST " 
# iptables -I OUTPUT -p udp -m udp --dport 53 -m limit --limit 10/sec -j ACCEPT 
first
"

all 3 lines are needed!
if you drop all dns requests the test doesn't work
if you use all 3 lines dns requests are rate limited (because of
iptables -I you have to read that in reverse order)

afair, the idea was that there is a high probability that at some time
the request for the a record is droped but the aaaa request gets through

jens

PS: i also did write a dns-proxy for a more precise test (i think i
linked it somewhere?)
Reply to: