[dns-operations] "drool" DNS Replay tool, Beta availability announcement

Keith Mitchell keith at dns-oarc.net
Fri Mar 24 19:18:48 UTC 2017

DNS-OARC is pleased to announce beta availability of a new tool for the
real-time replay of captured DNS traffic into a test environment,
"drool". This work has been generously funded by the Comcast Innovation
Fund's grant programme, for public open-source release.

drool can replay DNS traffic from packet capture (PCAP) files and send
it to a specified server, with the option to manipulate the timing
between packets, as well as loop packets infinitely or for a set number
of iterations. This tool is planned to produce a minimum of 200,000 UDP
packets per second and 10,000 TCP sessions per second on common hardware.

The purpose is to simulate Distributed Denial of Service (DDoS) attacks
on the DNS and measure normal DNS querying. For example, the tool could
enable you to take a snapshot of a DDoS and be able to replay it later
to test if new code or hardening techniques are useful, safe &
effective. Another example is to be able to replay a packet stream for a
bug that is sequence- and/or timing-related in order to validate the
efficacy of subsequent bug fixes. The full release will comprise a BSD
licensed software tool for UNIX systems along with documentation.

The beta code, along with build and usage instructions, will be
available from OARC's github repository from 25th March at:


Testing and feedback from the community of this tool (developed by Jerry
Lundström) is encouraged.

OARC would like to thank Comcast for their project specification and
funding support of this work.

Keith Mitchell

More information about the dns-operations mailing list