DNS over TLS - sandeeprenjith/dnsblast GitHub Wiki
To use DNS over TLS use the flag "-proto" with the value "tls".
The main thing to consider when testing DNS over TLS is the certificate to trust the server. DNS blast can be used with certificate validation enabled or disabled. By default validation is enabled.
To disable validation use the "-noverify" flag. . If you choose to enable certificate validation, the appropriate certificate should be added in the client system's certificate store. On Ubuntu, this is "/etc/ssl/certs".
Note: The certificate could be the server's self signed cert or the chain/intermediate/root certs of the CA which signed the server's cert.
Below is an example with validation disabled.
$ ./dnsblast -s 192.168.130.9 -r 1000 -q 5 -l 10 -proto tls -noverify
EXECUTING TEST
+-----------------------------------------------------------+
2020/03/17 23:04:12 QPS/Thread: 60 Latency: 50.851416ms
2020/03/17 23:04:13 QPS/Thread: 125 Latency: 47.947592ms
2020/03/17 23:04:14 QPS/Thread: 65 Latency: 135.650515ms
2020/03/17 23:04:15 QPS/Thread: 65 Latency: 183.080666ms
2020/03/17 23:04:16 QPS/Thread: 260 Latency: 59.845601ms
2020/03/17 23:04:17 QPS/Thread: 70 Latency: 263.263ms
2020/03/17 23:04:18 QPS/Thread: 190 Latency: 110.816497ms
2020/03/17 23:04:19 QPS/Thread: 70 Latency: 340.689239ms
2020/03/17 23:04:20 QPS/Thread: 205 Latency: 135.080422ms
2020/03/17 23:04:21 QPS/Thread: 150 Latency: 203.129887ms
2020/03/17 23:04:22 QPS/Thread: 150 Latency: 226.546754ms
2020/03/17 23:04:23 QPS/Thread: 65 Latency: 557.589303ms
2020/03/17 23:04:24 QPS/Thread: 80 Latency: 488.157827ms
+-----------------------------------------------------------+
REPORT
+---------------------+-------------------------+
| Target Server | tls://192.168.130.9:853 |
| Test | Uncached Responses |
| Send Rate | 1000 Queries/Sec |
| Threads | 2 |
| Duration of test | 10 Sec |
| Protocol | TCP-TLS |
| Average Queries/Sec | 221 |
| Average Latency | 170.219066ms |
+---------------------+-------------------------+