Submitted by jelu on Mon, 03/27/2017 - 11:44

DNS Replay Tool

drool can replay DNS traffic from packet capture (PCAP) files and send it to a specified server, with options such as to manipulate the timing between packets, as well as loop packets infinitely or for a set number of iterations. This tool's goal is to be able to produce a high amount of UDP packets per second and TCP sessions per second on common hardware.

The purpose can be to simulate Distributed Denial of Service (DDoS) attacks on the DNS and measure normal DNS querying. For example, the tool could enable you to take a snapshot of a DDoS and be able to replay it later to test if new code or hardening techniques are useful, safe & effective. Another example is to be able to replay a packet stream for a bug that is sequence- and/or timing-related in order to validate the efficacy of subsequent bug fixes.

Distribution Packages

Packages for Debian, Ubuntu and RPM (CentOS, Fedora, RHEL, SLE and openSUSE) can be found here:


Here are the releases of drool with the latest at the top, read about the changes in the changelog.

File Date Size
drool-1.0.0-rc.1.tar.gz September 18, 2017 417K
drool-1.0.0-beta.4.tar.gz August 22, 2017 415K
drool-1.0.0-beta.3.tar.gz March 29, 2017 395K

See sha256.txt or sha512.txt for checksums.

The software is licensed under the BSD license.


See for instructions how to install the software and the included manual pages on how to run the software.

Code Repositories

You can clone the code repositories from GitHub:

$ git clone
$ cd drool
$ git submodule update --init