drool (Release 1.0.0-beta.2) — a DNS Replay Tool

A new tool for the real-time replay of captured DNS traffic into a test environment

DNS-OARC is pleased to announce beta availability of a new tool for the
real-time replay of captured DNS traffic into a test environment,
“drool”. This work has been generously funded by the Comcast Innovation
’s grant programme, for public open-source release.

drool can replay DNS traffic from packet capture (PCAP) files and send
it to a specified server, with the option to manipulate the timing
between packets, as well as loop packets infinitely or for a set number
of iterations. This tool is planned to produce a minimum of 200,000 UDP
packets per second and 10,000 TCP sessions per second on common hardware.


The purpose is to simulate Distributed Denial of Service (DDoS) attacks
on the DNS and measure normal DNS querying. For example, the tool could
enable you to take a snapshot of a DDoS and be able to replay it later
to test if new code or hardening techniques are useful, safe &
effective. Another example is to be able to replay a packet stream for a
bug that is sequence- and/or timing-related in order to validate the
efficacy of subsequent bug fixes. The full release will comprise a BSD
licensed software tool for UNIX systems along with documentation.


The beta code, along with build and usage instructions, became available from OARC’s github repository from 25th March:

Release Notes

Testing and feedback from the community of this tool (developed by Jerry
of OARC) is encouraged.

A Thank You

OARC would like to thank Comcast for their project specification and funding support of this work.