Linux DNS spoof
Linux DNS spoof injects chaos to mimic DNS resolution on a Linux machine.
Use cases
- Induces DNS spoof on the target Linux machines.
- Resolves DNS target host names (or domains) to other IPs provided as user input.
note
- This fault can be executed on Ubuntu 16 or higher, Debian 10 or higher, CentOS 7 or higher, RHEL 7 or higher, Fedora 30 or higher, and openSUSE LEAP 15.4 or higher.
- The
linux-chaos-infrastructure
systemd service should be in an active state, and the infrastructure should be inCONNECTED
state.
Fault permissions
The fault uses the root
Linux user and root
user group.
Fault tunables
Mandatory tunables
Tunable | Description | Notes |
---|---|---|
spoofMap | Map of the target host names. | For example, '{"abc.com":"spoofabc.com"}' where key is the host name to be spoofed and value is the host name to which the key is spoofed. |
Optional tunables
Tunable | Description | Notes |
---|---|---|
upstreamServer | Upstream server for the custom DNS interceptor server. | Provided if there is no upstream server present with the local DNS resolver. |
dnsPort | UDP port for the DNS interceptor server. | Default: 53 |
duration | Duration through which chaos is injected into the target resource (in seconds). | Default: 30s |
rampTime | Period to wait before and after injecting chaos (in seconds). | Default: 0s |
SpoofMap
The spoofMap
input variable maps the domain names to the target host names. For example, '{"abc.com":"spoofabc.com"}' where the key is the host name to be spoofed and the value is the host name to which the key is spoofed (or redirected).
The following YAML snippet illustrates the use of this environment variable:
# target host names for spoofing
apiVersion: litmuchaos.io/v1alpha1
kind: LinuxFault
metadata:
name: linux-dns-spoof
labels:
name: dns-spoof
spec:
dnsChaos/inputs:
spoofMap: '{"abc.com":"spoofabc.com"}'