Bug#582916: Testing eglibc 2.17-7
Thomas Hood <jdthood@gmail.com> writes:
> After "iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP" the output of
> the program is the same whether hosts="www.google.com." or "karme.de.".
from the test:
"to easily reproduce, fake packet loss/overloaded dns server
on linux do something like:
# iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP
# iptables -I OUTPUT -p udp -m udp --dport 53 -j LOG --log-prefix "DROP DNS REQUEST "
# iptables -I OUTPUT -p udp -m udp --dport 53 -m limit --limit 10/sec -j ACCEPT
first
"
all 3 lines are needed!
if you drop all dns requests the test doesn't work
if you use all 3 lines dns requests are rate limited (because of
iptables -I you have to read that in reverse order)
afair, the idea was that there is a high probability that at some time
the request for the a record is droped but the aaaa request gets through
jens
PS: i also did write a dns-proxy for a more precise test (i think i
linked it somewhere?)
Reply to: