Thomas Hood <jdth...@gmail.com> writes: > After "iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP" the output of > the program is the same whether hosts="www.google.com." or "karme.de.".
from the test: "to easily reproduce, fake packet loss/overloaded dns server on linux do something like: # iptables -I OUTPUT -p udp -m udp --dport 53 -j DROP # iptables -I OUTPUT -p udp -m udp --dport 53 -j LOG --log-prefix "DROP DNS REQUEST " # iptables -I OUTPUT -p udp -m udp --dport 53 -m limit --limit 10/sec -j ACCEPT first " all 3 lines are needed! if you drop all dns requests the test doesn't work if you use all 3 lines dns requests are rate limited (because of iptables -I you have to read that in reverse order) afair, the idea was that there is a high probability that at some time the request for the a record is droped but the aaaa request gets through jens PS: i also did write a dns-proxy for a more precise test (i think i linked it somewhere?) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
