From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=This test case cover DNS-over-SSL when standard DNS port 53 is blocked. |setup= Block DNS queries except to localhost to simulate restricted networ...") |
No edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 9: | Line 9: | ||
{{command|iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited}} | {{command|iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited}} | ||
Right-click on dnssec-trigger applet and select "reprobe" | |||
|actions= | |actions= | ||
# Run: {{command|dig @127.0.0.1 fedoraproject.org SOA +dnssec}} | # Run: {{command|dig @127.0.0.1 fedoraproject.org SOA +dnssec}} | ||
| Line 16: | Line 19: | ||
# Web should work flawlessly. | # Web should work flawlessly. | ||
}} | }} | ||
Note: Don't forget to remove the rules if you're testing on a real system. | |||
[[Category:NetworkManager_Test_Cases]] | [[Category:NetworkManager_Test_Cases]] | ||
Latest revision as of 09:27, 23 September 2014
Description
This test case cover DNS-over-SSL when standard DNS port 53 is blocked.
Setup
Block DNS queries except to localhost to simulate restricted network environment.
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j REJECT --reject-with icmp-admin-prohibited
iptables -A OUTPUT -p udp --dport 53 -j REJECT --reject-with icmp-admin-prohibited
Right-click on dnssec-trigger applet and select "reprobe"
How to test
- Run:
dig @127.0.0.1 fedoraproject.org SOA +dnssec - Browse web, open your favorite webpages.
Expected Results
- You should get output containing "ANSWER SECTION" without any error.
- Web should work flawlessly.
Note: Don't forget to remove the rules if you're testing on a real system.