dnsmeter doesn't send queries nor spoof source ip addresses #40

SrX · 2025-03-11T21:39:25Z

dnsmeter doesn't send queries nor spoof source ip addresses. Other tools like dig works fine in the same environment and ips.

Sending queries to 8.8.8.8 not getting any responce back.

[root@myhost ~]# dnsmeter -q 10.160.0.81 -z 8.8.8.8:53 -p qset.txt -n1 -r 10
INFO: Loading and precompile payload. This could take some time...
INFO: 14 queries loaded
###############################################################################
# Start Session with Threads: 1, Queryrate: 10, Timeslot: 100.000000 ms
runtime: 10 s, timeslice: 0.100000 s, total timeslices: 100, Qpts: 1, Source: 8.8.8.8:53
00:00:01 Queries send:       6, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:02 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:03 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:04 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:05 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:06 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:07 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:08 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:09 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:10 Queries send:      10, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:11 Queries send:       4, rcv:       0, Data send:      0 KB, rcv:      0 KB
00:00:12 Queries send:       0, rcv:       0, Data send:      0 KB, rcv:      0 KB
===============================================================================
network if  Pkt send: 0, rcv: 0, Data send: 0 KB, rcv: 0 KB
DNS Queries send:        100, Qps:      10, Data send:       5 KB =      0 MBit
DNS Queries rcv:           0, Qps:       0, Data rcv:        0 KB =      0 MBit
DNS Queries lost:        100 = 100.000 %
DNS rtt average: 0.0000 ms, min: 0.0000 ms, max: 0.0000 ms
DNS truncated: 0
DNS RCODES:

tcpdump show packets in the interface, but not responses

[root@myhost ~]# tcpdump -i eth0 port 53 -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:20:36.529899 IP 10.160.0.81.47082 > 8.8.8.8.53: 5298+ AAAA? malicious.dnsfilter.zone. (42)
21:20:36.629992 IP 10.160.0.81.6642 > 8.8.8.8.53: 6299+ TXT? facebook.com. (30)
21:20:36.730030 IP 10.160.0.81.22291 > 8.8.8.8.53: 7299+ AAAA? google.com. (28)
21:20:36.829990 IP 10.160.0.81.21372 > 8.8.8.8.53: 8299+ AAAA? adult.dnsfilter.dev. (37)
21:20:36.929942 IP 10.160.0.81.1682 > 8.8.8.8.53: 9299+ A? www.Domain. (28)
21:20:37.029988 IP 10.160.0.81.30949 > 8.8.8.8.53: 10299+ A? linkedin.com. (30)
21:20:37.130004 IP 10.160.0.81.54237 > 8.8.8.8.53: 11299+ AAAA? instagram.com. (31)
21:20:37.229953 IP 10.160.0.81.20333 > 8.8.8.8.53: 12299+ AAAA? adult.dnsfilter.zone. (38)
21:20:37.329956 IP 10.160.0.81.19442 > 8.8.8.8.53: 13299+ TXT? googletagmanager.com. (38)
21:20:37.429968 IP 10.160.0.81.61902 > 8.8.8.8.53: 14299+ A? www.microsoft.com. (35)
21:20:37.529957 IP 10.160.0.81.48390 > 8.8.8.8.53: 15299+ A? www.twitter.com. (33)
21:20:37.629943 IP 10.160.0.81.38739 > 8.8.8.8.53: 16299+ TXT? www.apple.com. (31)

query set file has this content

[root@myhost ~]# head qset.txt
malicious.dnsfilter.zone AAAA
facebook.com TXT
google.com AAAA
adult.dnsfilter.dev AAAA
www.Domain A
linkedin.com A
instagram.com AAAA
adult.dnsfilter.zone AAAA
googletagmanager.com TXT
www.microsoft.com A

doing query with dig works, even using same IP for binding.

[root@myhost ~]# dig -b 10.160.0.81 @8.8.8.8 hola.com

; <<>> DiG 9.16.23-RH <<>> -b 10.160.0.81 @8.8.8.8 hola.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12102
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hola.com.			IN	A

;; ANSWER SECTION:
hola.com.		60	IN	A	18.100.128.101
hola.com.		60	IN	A	51.92.114.144
hola.com.		60	IN	A	51.94.42.156

;; Query time: 10 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Mar 11 21:20:54 UTC 2025
;; MSG SIZE  rcvd: 85

tcpdump show responce coming back for dig cmd

[root@myhost ~]# tcpdump -i eth0 port 53 -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

21:20:54.373559 IP 10.160.0.81.47665 > 8.8.8.8.53: 12102+ [1au] A? hola.com. (49)
21:20:54.383254 IP 8.8.8.8.53 > 10.160.0.81.47665: 12102 3/0/1 A 18.100.128.101, A 51.92.114.144, A 51.94.42.156 (85)

current OS and kernel

[root@myhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 9.4 (Plow)

[root@myhost ~]# uname -a
Linux myhost 5.15.0-206.153.7.el9uek.x86_64 #2 SMP Thu May 9 15:59:05 PDT 2024 x86_64 x86_64 x86_64 GNU/Linux

dnsmeter version

[root@myhost ~]# dnsmeter --help
dnsmeter 1.0.2

dnsmeter installed from corp repository

[root@myhost ~]# yum info dnsmeter
Installed Packages
Name         : dnsmeter
Version      : 1.0.2
Release      : 1.el9
Architecture : x86_64
Size         : 198 k
Source       : dnsmeter-1.0.2-1.el9.src.rpm
Repository   : @System
From repo    : copr:copr.fedorainfracloud.org:group_dnsoarc:dnsmeter
Summary      : DNS performance and infrastructure testing
URL          : https://www.dns-oarc.net/tools/dnsmeter
License      : GPL-3.0
Description  : DNSMeter is a tool for testing performance of nameserver and/or
             : infrastructure around it.
             : It generates dns queries and sends them via UDP to a target nameserver
             : and counts the answers.

strace shows some "invalid arguments`

[root@myhost ~]# strace dnsmeter -q 10.160.0.81 -z 8.8.8.8:53 -p qset.txt -n1 -r 10
execve("/bin/dnsmeter", ["dnsmeter", "-q", "10.160.0.81", "-z", "8.8.8.8:53", "-p", "qset."..., "-n1", "-r", "10"], 0x7ffc4337cb58 /* 24 vars */) = 0
brk(NULL)                               = 0x563b3b9d2000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffdf9e1ead0) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=14835, ...}) = 0
mmap(NULL, 14835, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f0f4a133000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpcre.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260#\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=488664, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f4a131000
mmap(NULL, 487696, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f4a0b9000
mmap(0x7f0f4a0bb000, 356352, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0f4a0bb000
mmap(0x7f0f4a112000, 118784, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x59000) = 0x7f0f4a112000
mmap(0x7f0f4a12f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x75000) = 0x7f0f4a12f000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libidn2.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320$\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=130952, ...}) = 0
mmap(NULL, 131080, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f4a098000
mmap(0x7f0f4a09a000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f0f4a09a000
mmap(0x7f0f4a09e000, 102400, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f0f4a09e000
mmap(0x7f0f4a0b7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e000) = 0x7f0f4a0b7000
mmap(0x7f0f4a0b8000, 8, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f4a0b8000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320F\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=70936, ...}) = 0
mmap(NULL, 80456, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f4a084000
mmap(0x7f0f4a088000, 36864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f0f4a088000
mmap(0x7f0f4a091000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f0f4a091000
mmap(0x7f0f4a094000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0x7f0f4a094000
mmap(0x7f0f4a096000, 6728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f4a096000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpcap.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260q\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=319656, ...}) = 0
mmap(NULL, 316288, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f4a036000
mprotect(0x7f0f4a03c000, 282624, PROT_NONE) = 0
mmap(0x7f0f4a03c000, 167936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f0f4a03c000
mmap(0x7f0f4a065000, 110592, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2f000) = 0x7f0f4a065000
mmap(0x7f0f4a081000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4a000) = 0x7f0f4a081000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libstdc++.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\23\n\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2314696, ...}) = 0
mmap(NULL, 2263040, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49e0d000
mmap(0x7f0f49ea6000, 1097728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x99000) = 0x7f0f49ea6000
mmap(0x7f0f49fb2000, 471040, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a5000) = 0x7f0f49fb2000
mmap(0x7f0f4a025000, 57344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x217000) = 0x7f0f4a025000
mmap(0x7f0f4a033000, 10240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f4a033000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\323\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=914240, ...}) = 0
mmap(NULL, 893184, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49d32000
mmap(0x7f0f49d3f000, 458752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f0f49d3f000
mmap(0x7f0f49daf000, 376832, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7d000) = 0x7f0f49daf000
mmap(0x7f0f49e0b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd8000) = 0x7f0f49e0b000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0206\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=112216, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f49d30000
mmap(NULL, 111304, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49d14000
mprotect(0x7f0f49d17000, 94208, PROT_NONE) = 0
mmap(0x7f0f49d17000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f0f49d17000
mmap(0x7f0f49d2a000, 12288, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7f0f49d2a000
mmap(0x7f0f49d2e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f0f49d2e000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\227\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0 \0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0"..., 48, 848) = 48
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0p\17\300\366b\20g\3\263M\354\5\0\255\10\327"..., 68, 896) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2592656, ...}) = 0
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
mmap(NULL, 2133936, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49b0b000
mprotect(0x7f0f49b33000, 1892352, PROT_NONE) = 0
mmap(0x7f0f49b33000, 1527808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x28000) = 0x7f0f49b33000
mmap(0x7f0f49ca8000, 360448, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19d000) = 0x7f0f49ca8000
mmap(0x7f0f49d01000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f5000) = 0x7f0f49d01000
mmap(0x7f0f49d07000, 53168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f49d07000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libunistring.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\00002\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1591920, ...}) = 0
mmap(NULL, 1591504, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49986000
mmap(0x7f0f49997000, 229376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0x7f0f49997000
mmap(0x7f0f499cf000, 1273856, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x49000) = 0x7f0f499cf000
mmap(0x7f0f49b06000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17f000) = 0x7f0f49b06000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libibverbs.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\206\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137856, ...}) = 0
mmap(NULL, 131936, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f49965000
mmap(0x7f0f4996c000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x7f0f4996c000
mmap(0x7f0f4997f000, 20480, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a000) = 0x7f0f4997f000
mmap(0x7f0f49984000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7f0f49984000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libnl-route-3.so.200", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\26\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=617656, ...}) = 0
mmap(NULL, 610688, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f498cf000
mprotect(0x7f0f498ed000, 442368, PROT_NONE) = 0
mmap(0x7f0f498ed000, 299008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e000) = 0x7f0f498ed000
mmap(0x7f0f49936000, 139264, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x67000) = 0x7f0f49936000
mmap(0x7f0f49959000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x89000) = 0x7f0f49959000
mmap(0x7f0f49962000, 8576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f0f49962000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\233\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=146368, ...}) = 0
mmap(NULL, 143864, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f0f498ab000
mmap(0x7f0f498b3000, 65536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8000) = 0x7f0f498b3000
mmap(0x7f0f498c3000, 36864, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f0f498c3000
mmap(0x7f0f498cc000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x20000) = 0x7f0f498cc000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f498a9000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f498a7000
arch_prctl(ARCH_SET_FS, 0x7f0f498a7b80) = 0
set_tid_address(0x7f0f498a7e50)         = 59692
set_robust_list(0x7f0f498a7e60, 24)     = 0
rseq(0x7f0f498a8520, 0x20, 0, 0x53053053) = 0
mprotect(0x7f0f49d01000, 16384, PROT_READ) = 0
mprotect(0x7f0f498cc000, 8192, PROT_READ) = 0
mprotect(0x7f0f49d2e000, 4096, PROT_READ) = 0
mprotect(0x7f0f49959000, 16384, PROT_READ) = 0
mprotect(0x7f0f49984000, 4096, PROT_READ) = 0
mprotect(0x7f0f49b06000, 16384, PROT_READ) = 0
mprotect(0x7f0f49e0b000, 4096, PROT_READ) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0f498a5000
mprotect(0x7f0f4a025000, 53248, PROT_READ) = 0
mprotect(0x7f0f4a081000, 8192, PROT_READ) = 0
mprotect(0x7f0f4a094000, 4096, PROT_READ) = 0
mprotect(0x7f0f4a0b7000, 4096, PROT_READ) = 0
mprotect(0x7f0f4a12f000, 4096, PROT_READ) = 0
mprotect(0x563b3b32a000, 8192, PROT_READ) = 0
mprotect(0x7f0f4a16b000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f0f4a133000, 14835)           = 0
getrandom("\x32\xab\xca\xf4\xfd\x57\x3d\xe0", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x563b3b9d2000
brk(0x563b3b9f3000)                     = 0x563b3b9f3000
newfstatat(AT_FDCWD, "/etc/libnl/classid", {st_mode=S_IFREG|0644, st_size=1130, ...}, 0) = 0
openat(AT_FDCWD, "/etc/libnl/classid", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1130, ...}) = 0
read(3, "################################"..., 4096) = 1130
read(3, "", 4096)                       = 0
close(3)                                = 0
futex(0x7f0f4a0336bc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f0f4a0336c8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
getpid()                                = 59692
newfstatat(AT_FDCWD, "/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=98, ...}, 0) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
read(3, "multi on\n", 4096)             = 9
read(3, "", 4096)                       = 0
close(3)                                = 0
futex(0x7f0f49d0e48c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
read(3, "; Created by cloud-init automati"..., 4096) = 98
read(3, "", 4096)                       = 0
uname({sysname="Linux", nodename="myhost", ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=98, ...}) = 0
close(3)                                = 0
getpid()                                = 59692
openat(AT_FDCWD, "qset.txt", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=260, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=260, ...}) = 0
lseek(3, 0, SEEK_SET)                   = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=260, ...}) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
write(1, "INFO: Loading and precompile pay"..., 67INFO: Loading and precompile payload. This could take some time...
) = 67
read(3, "malicious.dnsfilter.zone AAAA\nfa"..., 4096) = 260
lseek(3, 260, SEEK_SET)                 = 260
read(3, "", 4096)                       = 0
futex(0x7f0f49d2f070, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(1, "INFO: 14 queries loaded\n", 24INFO: 14 queries loaded
) = 24
close(3)                                = 0
rt_sigaction(SIGINT, {sa_handler=0x563b3b319790, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f0f49b496f0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGKILL, {sa_handler=0x563b3b319790, sa_mask=[KILL], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f0f49b496f0}, 0x7ffdf9e1c8e0, 8) = -1 EINVAL (Invalid argument)
socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IP)) = 3
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 4
setsockopt(4, SOL_IP, IP_HDRINCL, [1], 4) = 0
write(1, "################################"..., 80###############################################################################
) = 80
write(1, "# Start Session with Threads: 1,"..., 72# Start Session with Threads: 1, Queryrate: 10, Timeslot: 100.000000 ms
) = 72
openat(AT_FDCWD, "/proc/stat", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(5, "cpu  836799 71889 309188 1493397"..., 1024) = 1024
close(5)                                = 0
sysinfo({uptime=377449, loads=[5344, 7968, 7680], totalram=8319188992, freeram=2638000128, sharedram=2366570496, bufferram=3239936, totalswap=4294963200, freeswap=4294963200, procs=535, totalhigh=0, freehigh=0, mem_unit=1}) = 0
openat(AT_FDCWD, "/proc/net/dev", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
fstat(5, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
lseek(5, 0, SEEK_SET)                   = 0
read(5, "Inter-|   Receive               "..., 1024) = 704
read(5, "", 1024)                       = 0
close(5)                                = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f0f49b91f80, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0f49b496f0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0f490a4000
mprotect(0x7f0f490a5000, 8388608, PROT_READ|PROT_WRITE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8)   = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0f498a4910, parent_tid=0x7f0f498a4910, exit_signal=0, stack=0x7f0f490a4000, stack_size=0x7fff00, tls=0x7f0f498a4640} => {parent_tid=[59693]}, 88) = 59693
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0f488a3000
mprotect(0x7f0f488a4000, 8388608, PROT_READ|PROT_WRITE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8)   = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0f490a3910, parent_tid=0x7f0f490a3910, exit_signal=0, stack=0x7f0f488a3000, stack_size=0x7fff00, tls=0x7f0f490a3640} => {parent_tid=[59694]}, 88) = 59694
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
runtime: 10 s, timeslice: 0.100000 s, total timeslices: 100, Qpts: 1, Source: 8.8.8.8:53
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=500000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
write(1, "00:00:01 Queries send:       7, "..., 8300:00:01 Queries send:       7, rcv:       0, Data send:      0 KB, rcv:      0 KB
) = 83
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
write(1, "00:00:02 Queries send:       8, "..., 8300:00:02 Queries send:       8, rcv:       0, Data send:      0 KB, rcv:      0 KB
) = 83
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, NULL) = 0
...truncated..
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=0, tv_nsec=100000000}, ^Cstrace: Process 59692 detached
 <detached ...>
Stopping...

[root@myhost ~]# ===============================================================================
network if  Pkt send: 0, rcv: 0, Data send: 0 KB, rcv: 0 KB
DNS Queries send:         60, Qps:       6, Data send:       3 KB =      0 MBit
DNS Queries rcv:           0, Qps:       0, Data rcv:        0 KB =      0 MBit
DNS Queries lost:         60 = 100.000 %
DNS rtt average: 0.0000 ms, min: 0.0000 ms, max: 0.0000 ms
DNS truncated: 0
DNS RCODES:

The text was updated successfully, but these errors were encountered:

jelu · 2025-03-26T14:20:44Z

So, think I found out why it's not working...

I just tested from a VM that has nat'ed addresses and I am seeing the internal address being sent out without going through masq, this is on the host0/dom0/controller:

15:11:07.703693 IP (tos 0x0, ttl 63, id 65518, offset 0, flags [none], proto UDP (17), length 56)
    192.168.122.20.10368 > 9.9.9.9.53: 16989+ AAAA? google.com. (28)

and of course that's not gonna find it's way back...

So even if -q is not spoofing, it's still sending RAW packets which are not nat/masq'ed. And it kinda fits because this tool was primarily written to do high performance testing inside a controlled and contained network which allows and routes the spoofed traffic correctly.

You are probably better of using other tools, such as dnsperf which is much better suited for use from normal userland.

jelu closed this as completed Mar 26, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dnsmeter doesn't send queries nor spoof source ip addresses #40

dnsmeter doesn't send queries nor spoof source ip addresses #40

SrX commented Mar 11, 2025

jelu commented Mar 26, 2025

dnsmeter doesn't send queries nor spoof source ip addresses #40

dnsmeter doesn't send queries nor spoof source ip addresses #40

Comments

SrX commented Mar 11, 2025

jelu commented Mar 26, 2025