[dns-operations] Program/library/framework for testing robustness of servers

Mukund Sivaraman muks at mukund.org
Mon Jun 20 09:42:09 UTC 2022


On Mon, Jun 20, 2022 at 03:01:05PM +0530, Mukund Sivaraman wrote:
> As an example of a fuzzer, AFL is very good for detecting illegal
> malformed inputs:

Re-reading, that doesn't sound very correct. AFL is very good for
*preparing* illegal malformed inputs, and how a process "watched" by it
reacts to such input. It finds ways into different execution paths
within a process by manipulating the input.

		Mukund


> 
> https://lcamtuf.coredump.cx/afl/
> 
> 		Mukund
> 
> 
> On Mon, Jun 20, 2022 at 06:06:41PM +1000, Mark Andrews wrote:
> > You use a fuzzing framework.  You seed the fuzzer with legal messages and let it
> > generate other inputs but modifying those seeds.
> > 
> > > On 20 Jun 2022, at 17:14, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> > > 
> > > I maintain an experimental authoritative DNS server and I would like
> > > to test its robustness. dnsperf and flamethrower are great to test its
> > > performance, zonemaster and dnsviz are perfect to test its correctness
> > > in face of legal input but I would like to see how it reacts to
> > > *illegal*, malformed input. (An example of such input is
> > > <https://lists.dns-oarc.net/pipermail/dns-operations/2022-May/021657.html>.)
> > > 
> > > Since most DNS libraries are made to prevent the programmer for
> > > issuing illegal DNS requests, it is not obvious to write such a test.
> > > 
> > > Are you aware of libraries / programs / frameworks to exercice, in a
> > > hard way, the robustness of a server?
> > > _______________________________________________
> > > dns-operations mailing list
> > > dns-operations at lists.dns-oarc.net
> > > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> > 
> > -- 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
> > 
> > 
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220620/eff9808c/attachment.sig>


More information about the dns-operations mailing list