(We created the Comcast Innovation Fund to support important research into the future of the Internet, with a focus on broadband, security and open-source development. In this series, we highlight grantees and their work.)
Last year, we were excited to fund an open source development project being conducted by Domain Name System Operations, Analysis and Research Consortium (DNS-OARC) for a new tool to help technologists better understand and respond to distributed denial of service (DDoS) attacks. This week, DNS-OARC made that tool available to the global technology community.
As announced by DNS-OARC here, they have released a new open source tool for the real-time replay of captured DNS traffic into a test environment, which they have named "drool". The code, along with build and usage instructions, is available now at https://github.com/DNS-OARC/drool.
Drool can replay DNS traffic from packet capture (PCAP) files and send it to a specified server, with the option to manipulate the timing between packets, as well as loop packets infinitely or for a set number of iterations. This tool is planned to produce a minimum of 200,000 UDP packets per second and 10,000 TCP sessions per second on common hardware.
The purpose of drool is to simulate Distributed Denial of Service (DDoS) attacks on the DNS and measure normal DNS querying. For example, the tool could enable you to take a snapshot of a DDoS and be able to replay it later to test if new code or hardening techniques are useful, safe & effective. Another example is to be able to replay a packet stream for a bug that is sequence- and/or timing-related in order to validate the efficacy of subsequent bug fixes.
DNS-OARC’s release is in beta now, and they are asking the community to test it and provide feedback. The full release will comprise a BSD licensed software tool for UNIX systems along with documentation.
Congratulations to DNS-OARC on their beta release. We look forward to updates!