From Fedora Project Wiki

Revision as of 09:27, 23 September 2014 by Pavlix (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


This test case cover DNS-over-SSL when standard DNS port 53 is blocked.


Block DNS queries except to localhost to simulate restricted network environment.

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p tcp --dport 53 -j REJECT --reject-with icmp-admin-prohibited

iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited

Right-click on dnssec-trigger applet and select "reprobe"

How to test

  1. Run: dig @ SOA +dnssec
  2. Browse web, open your favorite webpages.

Expected Results

  1. You should get output containing "ANSWER SECTION" without any error.
  2. Web should work flawlessly.

Note: Don't forget to remove the rules if you're testing on a real system.