Search documentation
Fault Injection

DNS Experiment

The DNS experiment blocks all outgoing traffic over the standard DNS port (53), optionally constrained by supplied IP addresses. This experiment is equivalent to running a Blackhole experiment against port 53.


This experiment does not interact with iptables, and so it does not interfere with any existing iptables rulesets.

This experiment requires the NET_ADMIN capability, which is enabled by default at installation time. See capabilities(7)


IP Addresses-i IP addressFalse1.4.7Only impact traffic to these IP addresses. Also accepts CIDR values (i.e.
Device-d interfacesFalseDevice discovery0.0.1Impact traffic over these network interfaces. Comma separated lists and multiple arguments supported. You can define multiple interfaces starting with agent version 2.30.0.
Protocol-P {TCP, UDP, ICMP}Falseall1.4.7Only impact a specific protocol.
ProvidersWebUI and API OnlyFalse0.0.1External service providers to affect.
TagsWebUI and API OnlyFalse0.0.1Only impact traffic to hosts running Gremlin clients associated with these tags.
Length-l intFalse601.4.7The length of the experiment (seconds).