From Fedora Project Wiki

(Created page with "{{QA/Test_Case |description=This test case cover DNS-over-SSL when standard DNS port 53 is blocked. |setup= Block DNS queries except to localhost to simulate restricted networ...")
 
 
(One intermediate revision by one other user not shown)
Line 9: Line 9:
  
 
{{command|iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited}}
 
{{command|iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited}}
 +
 +
Right-click on dnssec-trigger applet and select "reprobe"
 +
 
|actions=
 
|actions=
 
# Run: {{command|dig @127.0.0.1 fedoraproject.org SOA +dnssec}}
 
# Run: {{command|dig @127.0.0.1 fedoraproject.org SOA +dnssec}}
Line 16: Line 19:
 
# Web should work flawlessly.
 
# Web should work flawlessly.
 
}}
 
}}
 +
 +
Note: Don't forget to remove the rules if you're testing on a real system.
 +
 
[[Category:NetworkManager_Test_Cases]]
 
[[Category:NetworkManager_Test_Cases]]

Latest revision as of 09:27, 23 September 2014

Description

This test case cover DNS-over-SSL when standard DNS port 53 is blocked.

Setup

Block DNS queries except to localhost to simulate restricted network environment.

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p tcp --dport 53 -j REJECT --reject-with icmp-admin-prohibited

iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited

Right-click on dnssec-trigger applet and select "reprobe"

How to test

  1. Run: dig @127.0.0.1 fedoraproject.org SOA +dnssec
  2. Browse web, open your favorite webpages.

Expected Results

  1. You should get output containing "ANSWER SECTION" without any error.
  2. Web should work flawlessly.



Note: Don't forget to remove the rules if you're testing on a real system.