subject:"\[dns\-operations\] Program\/library\/framework for testing robustness of servers"

Re: [dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Shannon Weyrick via dns-operations

--- Begin Message ---
Flamethrower does include random packet and random qname generators (which
may include nonprintable characters), which were made for this type of
testing: https://www.mankier.com/1/flame#Generators-randompkt



Shannon Weyrick

*VP Research *| NS1

phone: ( <(111)111->855) 438 - 6766 ext 704
site: NS1.com 
email: sweyr...@ns1.com


 


On Mon, Jun 20, 2022 at 9:20 AM Stephane Bortzmeyer 
wrote:

> I maintain an experimental authoritative DNS server and I would like
> to test its robustness. dnsperf and flamethrower are great to test its
> performance, zonemaster and dnsviz are perfect to test its correctness
> in face of legal input but I would like to see how it reacts to
> *illegal*, malformed input. (An example of such input is
>  >.)
>
> Since most DNS libraries are made to prevent the programmer for
> issuing illegal DNS requests, it is not obvious to write such a test.
>
> Are you aware of libraries / programs / frameworks to exercice, in a
> hard way, the robustness of a server?
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
--- End Message ---
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Daniel Karrenberg


Salut Stephane,

https://meetings.ripe.net/ripe-43/presentations/ripe43-dnr-distel/sld001.html

This is the idea.Prepare file to replay with fuzzer or use real world 
malformed queries. ;-)


The separate tools are still all available. I could dig into my archive 
and see if I still have the scripts and the patches to tcpreplay. If I 
remember correctly the changes were to replay UDP and to re-compute 
checksums.


Cordialment

Daniel




On 20-06-2022 09:14, Stephane Bortzmeyer wrote:

I maintain an experimental authoritative DNS server and I would like
to test its robustness. dnsperf and flamethrower are great to test its
performance, zonemaster and dnsviz are perfect to test its correctness
in face of legal input but I would like to see how it reacts to
*illegal*, malformed input. (An example of such input is
.)

Since most DNS libraries are made to prevent the programmer for
issuing illegal DNS requests, it is not obvious to write such a test.

Are you aware of libraries / programs / frameworks to exercice, in a
hard way, the robustness of a server?
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations



___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Mukund Sivaraman

On Mon, Jun 20, 2022 at 03:01:05PM +0530, Mukund Sivaraman wrote:
> As an example of a fuzzer, AFL is very good for detecting illegal
> malformed inputs:

Re-reading, that doesn't sound very correct. AFL is very good for
*preparing* illegal malformed inputs, and how a process "watched" by it
reacts to such input. It finds ways into different execution paths
within a process by manipulating the input.

Mukund


> 
> https://lcamtuf.coredump.cx/afl/
> 
>   Mukund
> 
> 
> On Mon, Jun 20, 2022 at 06:06:41PM +1000, Mark Andrews wrote:
> > You use a fuzzing framework.  You seed the fuzzer with legal messages and 
> > let it
> > generate other inputs but modifying those seeds.
> > 
> > > On 20 Jun 2022, at 17:14, Stephane Bortzmeyer  wrote:
> > > 
> > > I maintain an experimental authoritative DNS server and I would like
> > > to test its robustness. dnsperf and flamethrower are great to test its
> > > performance, zonemaster and dnsviz are perfect to test its correctness
> > > in face of legal input but I would like to see how it reacts to
> > > *illegal*, malformed input. (An example of such input is
> > > .)
> > > 
> > > Since most DNS libraries are made to prevent the programmer for
> > > issuing illegal DNS requests, it is not obvious to write such a test.
> > > 
> > > Are you aware of libraries / programs / frameworks to exercice, in a
> > > hard way, the robustness of a server?
> > > ___
> > > dns-operations mailing list
> > > dns-operations@lists.dns-oarc.net
> > > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > 
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> > 
> > 
> > ___
> > dns-operations mailing list
> > dns-operations@lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations


signature.asc
Description: PGP signature
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Mukund Sivaraman

As an example of a fuzzer, AFL is very good for detecting illegal
malformed inputs:

https://lcamtuf.coredump.cx/afl/

Mukund


On Mon, Jun 20, 2022 at 06:06:41PM +1000, Mark Andrews wrote:
> You use a fuzzing framework.  You seed the fuzzer with legal messages and let 
> it
> generate other inputs but modifying those seeds.
> 
> > On 20 Jun 2022, at 17:14, Stephane Bortzmeyer  wrote:
> > 
> > I maintain an experimental authoritative DNS server and I would like
> > to test its robustness. dnsperf and flamethrower are great to test its
> > performance, zonemaster and dnsviz are perfect to test its correctness
> > in face of legal input but I would like to see how it reacts to
> > *illegal*, malformed input. (An example of such input is
> > .)
> > 
> > Since most DNS libraries are made to prevent the programmer for
> > issuing illegal DNS requests, it is not obvious to write such a test.
> > 
> > Are you aware of libraries / programs / frameworks to exercice, in a
> > hard way, the robustness of a server?
> > ___
> > dns-operations mailing list
> > dns-operations@lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
> 
> 
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations


signature.asc
Description: PGP signature
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Mark Andrews

You use a fuzzing framework.  You seed the fuzzer with legal messages and let it
generate other inputs but modifying those seeds.

> On 20 Jun 2022, at 17:14, Stephane Bortzmeyer  wrote:
> 
> I maintain an experimental authoritative DNS server and I would like
> to test its robustness. dnsperf and flamethrower are great to test its
> performance, zonemaster and dnsviz are perfect to test its correctness
> in face of legal input but I would like to see how it reacts to
> *illegal*, malformed input. (An example of such input is
> .)
> 
> Since most DNS libraries are made to prevent the programmer for
> issuing illegal DNS requests, it is not obvious to write such a test.
> 
> Are you aware of libraries / programs / frameworks to exercice, in a
> hard way, the robustness of a server?
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org


___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] Program/library/framework for testing robustness of servers

2022-06-20 Thread Stephane Bortzmeyer

I maintain an experimental authoritative DNS server and I would like
to test its robustness. dnsperf and flamethrower are great to test its
performance, zonemaster and dnsviz are perfect to test its correctness
in face of legal input but I would like to see how it reacts to
*illegal*, malformed input. (An example of such input is
.)

Since most DNS libraries are made to prevent the programmer for
issuing illegal DNS requests, it is not obvious to write such a test.

Are you aware of libraries / programs / frameworks to exercice, in a
hard way, the robustness of a server?
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Re: [dns-operations] Program/library/framework for testing robustness of servers

Re: [dns-operations] Program/library/framework for testing robustness of servers

Re: [dns-operations] Program/library/framework for testing robustness of servers

Re: [dns-operations] Program/library/framework for testing robustness of servers

Re: [dns-operations] Program/library/framework for testing robustness of servers

[dns-operations] Program/library/framework for testing robustness of servers

6 matches

Site Navigation

Mail list logo

Footer information