Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:08 UTC, end at Mon 2024-02-26 19:17:15 UTC. -- Feb 26 19:17:08.431273 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:17:08.449322 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:09.125836 osdx osdx-coredump[8043]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:09.137760 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:10.178375 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:10.302683 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:17:10.446253 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:10.596833 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:10.719313 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:10.774451 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:10.826191 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:17:11.031600 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:17:12.548930 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:12.671969 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:17:12.814152 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:17:12.936895 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:17:13.053438 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:17:13.176521 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:17:13.285327 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 26 19:17:13.402394 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 26 19:17:13.514408 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 26 19:17:13.634459 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 26 19:17:13.787633 osdx ca-certificates[8178]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:14.574813 osdx ca-certificates[9162]: 1 added, 0 removed; done. Feb 26 19:17:14.582587 osdx ca-certificates[9166]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:14.589425 osdx ca-certificates[9170]: done. Feb 26 19:17:14.770525 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:14.774480 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:14.782737 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:14.809017 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:14.809583 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Network connectivity detected Feb 26 19:17:14.810402 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Dropping privileges Feb 26 19:17:14.813427 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Network connectivity detected Feb 26 19:17:14.813632 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:14.813750 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:14.813888 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 26 19:17:14.814025 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Firefox workaround initialized Feb 26 19:17:14.814143 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:14] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjF27SS] Feb 26 19:17:14.833350 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:17:15.056487 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal show | cat'. Feb 26 19:17:15.080855 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:15] [NOTICE] [RD] OK (DoH) - rtt: 214ms Feb 26 19:17:15.080855 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:15] [NOTICE] Server with the lowest initial latency: RD (rtt: 214ms) Feb 26 19:17:15.080855 osdx dnscrypt-proxy[9223]: [2024-02-26 19:17:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:08 UTC, end at Mon 2024-02-26 19:17:18 UTC. -- Feb 26 19:17:08.414035 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/9107378b3879427292e8ecff8d61e29e) is 1.2M, max 9.7M, 8.5M free. Feb 26 19:17:08.431704 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:09.412760 osdx osdx-coredump[26840]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:09.423905 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:11.117955 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:11.241274 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 26 19:17:11.384316 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:11.492585 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service ssh'. Feb 26 19:17:11.657517 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:11.859587 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 26 19:17:11.878248 osdx sshd[26933]: Server listening on 0.0.0.0 port 22. Feb 26 19:17:11.878733 osdx sshd[26933]: Server listening on :: port 22. Feb 26 19:17:11.878975 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 26 19:17:11.904620 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:11.962558 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:11.999694 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:12.210630 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 26 19:17:15.487371 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:15.611725 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 26 19:17:15.725574 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 26 19:17:15.841777 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 26 19:17:15.965219 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 26 19:17:16.081473 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 26 19:17:16.198886 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 26 19:17:16.321934 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331'. Feb 26 19:17:16.463557 osdx ca-certificates[26996]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:17.245713 osdx ca-certificates[27978]: 1 added, 0 removed; done. Feb 26 19:17:17.253783 osdx ca-certificates[27985]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:17.259999 osdx ca-certificates[27988]: done. Feb 26 19:17:17.373699 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:17.377318 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:17.387352 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:17.411024 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:17.411688 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Network connectivity detected Feb 26 19:17:17.412411 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Dropping privileges Feb 26 19:17:17.415750 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Network connectivity detected Feb 26 19:17:17.419471 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:17.420042 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:17.420668 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:17.420826 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Firefox workaround initialized Feb 26 19:17:17.420945 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqsup_3] Feb 26 19:17:17.648344 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'. Feb 26 19:17:17.971879 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'. Feb 26 19:17:18.254976 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'. Feb 26 19:17:18.528423 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:18] [CRITICAL] [DUT0] may be a lying resolver Feb 26 19:17:18.528423 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:18] [NOTICE] [DUT0] OK (DoH) - rtt: 1022ms Feb 26 19:17:18.528423 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:18] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 1022ms) Feb 26 19:17:18.528423 osdx dnscrypt-proxy[27995]: [2024-02-26 19:17:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 26 19:17:18.543641 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDSviTmX_NyAT2mLsTsP2AxdY7lc6zvZVKkGm1N4DU4MQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDSviTmX_NyAT2mLsTsP2AxdY7lc6zvZVKkGm1N4DU4MQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:28 UTC, end at Mon 2024-02-26 19:17:35 UTC. -- Feb 26 19:17:28.428285 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:17:28.446016 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:29.125019 osdx osdx-coredump[10867]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:29.135792 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:30.175254 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:30.297899 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:17:30.439567 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:30.590421 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:30.711623 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:30.767741 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:30.819835 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:17:31.024844 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:17:32.569315 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:17:32.764596 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:32.887831 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:17:33.002592 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:17:33.131590 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDSviTmX_NyAT2mLsTsP2AxdY7lc6zvZVKkGm1N4DU4MQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Feb 26 19:17:33.240412 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 26 19:17:33.357533 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 26 19:17:33.473235 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 26 19:17:33.585599 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 26 19:17:33.707343 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 26 19:17:33.861664 osdx ca-certificates[11003]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:34.644370 osdx ca-certificates[11987]: 1 added, 0 removed; done. Feb 26 19:17:34.652059 osdx ca-certificates[11991]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:34.658866 osdx ca-certificates[11995]: done. Feb 26 19:17:34.835600 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:34.839515 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:34.848236 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:34.873953 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:34.874562 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Network connectivity detected Feb 26 19:17:34.875397 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Dropping privileges Feb 26 19:17:34.880526 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:17:34.883224 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Network connectivity detected Feb 26 19:17:34.883408 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:34.883529 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:34.883679 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 26 19:17:34.883824 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Firefox workaround initialized Feb 26 19:17:34.883939 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpEqNEtV] Feb 26 19:17:35.064901 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:35] [NOTICE] [RD] OK (DoH) - rtt: 133ms Feb 26 19:17:35.064901 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 133ms) Feb 26 19:17:35.064901 osdx dnscrypt-proxy[12048]: [2024-02-26 19:17:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 26 19:17:35.100669 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:28 UTC, end at Mon 2024-02-26 19:17:37 UTC. -- Feb 26 19:17:28.409418 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/9107378b3879427292e8ecff8d61e29e) is 1.2M, max 9.7M, 8.5M free. Feb 26 19:17:28.426780 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:29.403736 osdx osdx-coredump[29634]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:29.415402 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:31.114062 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:31.238752 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 26 19:17:31.382045 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:31.519447 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service ssh'. Feb 26 19:17:31.684687 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:31.892347 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 26 19:17:31.911790 osdx sshd[29727]: Server listening on 0.0.0.0 port 22. Feb 26 19:17:31.912319 osdx sshd[29727]: Server listening on :: port 22. Feb 26 19:17:31.912588 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 26 19:17:31.938414 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:31.995013 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:32.033348 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:32.241450 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 26 19:17:35.534128 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331'. Feb 26 19:17:35.743355 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:35.868264 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 26 19:17:35.981195 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 26 19:17:36.096009 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 26 19:17:36.229429 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Feb 26 19:17:36.366821 osdx ca-certificates[29790]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:37.148164 osdx ca-certificates[30774]: 1 added, 0 removed; done. Feb 26 19:17:37.156421 osdx ca-certificates[30779]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:37.162621 osdx ca-certificates[30782]: done. Feb 26 19:17:37.268119 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:37.271941 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:37.282614 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:37.305711 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:37.306266 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Network connectivity detected Feb 26 19:17:37.306996 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Dropping privileges Feb 26 19:17:37.310506 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Network connectivity detected Feb 26 19:17:37.310702 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:37.310823 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:37.310962 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Firefox workaround initialized Feb 26 19:17:37.311082 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3Ri3t9] Feb 26 19:17:37.316061 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:37.539271 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] [DUT0] OK (DoH) - rtt: 142ms Feb 26 19:17:37.539271 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 142ms) Feb 26 19:17:37.539271 osdx dnscrypt-proxy[30789]: [2024-02-26 19:17:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 26 19:17:37.543445 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:47 UTC, end at Mon 2024-02-26 19:17:54 UTC. -- Feb 26 19:17:47.428278 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:17:47.446143 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:48.127034 osdx osdx-coredump[13691]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:48.139145 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:49.178787 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:49.303206 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:17:49.417011 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:49.568179 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:49.692451 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:49.747127 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:49.797876 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:17:50.000649 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:17:51.444148 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 26 19:17:51.629629 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:17:51.753759 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:17:51.868920 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:17:51.989588 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 26 19:17:52.106004 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 26 19:17:52.226749 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 26 19:17:52.351781 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f'. Feb 26 19:17:52.451235 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 26 19:17:52.572238 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 26 19:17:52.689981 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 26 19:17:52.806287 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 26 19:17:52.958801 osdx ca-certificates[13831]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:53.746464 osdx ca-certificates[14815]: 1 added, 0 removed; done. Feb 26 19:17:53.754296 osdx ca-certificates[14819]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:53.761206 osdx ca-certificates[14823]: done. Feb 26 19:17:53.943339 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:53.947223 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:17:53.958114 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:17:53.982018 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:53.982618 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Network connectivity detected Feb 26 19:17:53.983444 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Dropping privileges Feb 26 19:17:53.986496 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Network connectivity detected Feb 26 19:17:53.986697 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:53.986816 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:53.986967 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 26 19:17:53.987101 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Firefox workaround initialized Feb 26 19:17:53.987214 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpR6EqDa] Feb 26 19:17:53.989716 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 26 19:17:53.990049 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 26 19:17:53.990168 osdx dnscrypt-proxy[14876]: [2024-02-26 19:17:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 26 19:17:54.007794 osdx OSDxCLI[2572]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:17:47 UTC, end at Mon 2024-02-26 19:17:56 UTC. -- Feb 26 19:17:47.414773 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/9107378b3879427292e8ecff8d61e29e) is 1.2M, max 9.7M, 8.5M free. Feb 26 19:17:47.432376 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:17:48.411797 osdx osdx-coredump[32413]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:17:48.423212 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:17:50.092501 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:50.216527 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 26 19:17:50.332703 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:17:50.442998 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service ssh'. Feb 26 19:17:50.612361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:17:50.813766 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 26 19:17:50.832250 osdx sshd[32506]: Server listening on 0.0.0.0 port 22. Feb 26 19:17:50.832807 osdx sshd[32506]: Server listening on :: port 22. Feb 26 19:17:50.833035 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 26 19:17:50.857828 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:50.914259 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:50.951712 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:51.162567 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 26 19:17:54.346698 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:17:54.471914 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 26 19:17:54.585728 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 26 19:17:54.701825 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 26 19:17:54.825090 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 26 19:17:54.942072 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 26 19:17:55.057637 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 26 19:17:55.179844 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331'. Feb 26 19:17:55.323032 osdx ca-certificates[32571]: Updating certificates in /etc/ssl/certs... Feb 26 19:17:56.107195 osdx ca-certificates[1124]: 1 added, 0 removed; done. Feb 26 19:17:56.115003 osdx ca-certificates[1128]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:17:56.121893 osdx ca-certificates[1132]: done. Feb 26 19:17:56.236570 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:17:56.240320 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:17:56.250249 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:17:56.273995 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:17:56.274598 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Network connectivity detected Feb 26 19:17:56.275330 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Dropping privileges Feb 26 19:17:56.278855 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Network connectivity detected Feb 26 19:17:56.279472 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:17:56.282451 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:17:56.282813 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Firefox workaround initialized Feb 26 19:17:56.283333 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:17:56.283961 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpG2cRfA] Feb 26 19:17:56.491054 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] [DUT0] OK (DoH) - rtt: 123ms Feb 26 19:17:56.491054 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 123ms) Feb 26 19:17:56.491054 osdx dnscrypt-proxy[1139]: [2024-02-26 19:17:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 26 19:17:56.509107 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJ9fEWaknR0ePJIyJnUd6lj36bGbRjKWCnGXsFYV4-5vGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJ9fEWaknR0ePJIyJnUd6lj36bGbRjKWCnGXsFYV4-5vGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:18:05 UTC, end at Mon 2024-02-26 19:18:11 UTC. -- Feb 26 19:18:05.422674 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:18:05.440532 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:18:06.109258 osdx osdx-coredump[16520]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:18:06.120845 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:18:07.162666 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:18:07.286063 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:18:07.426445 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:18:07.578594 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:18:07.701037 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:18:07.756357 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:18:07.808590 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:18:08.015914 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:18:09.452826 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 26 19:18:09.618287 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 9f:5f:11:66:a4:9d:1d:1e:3c:92:32:26:75:1d:ea:58:f7:e9:b1:9b:46:32:96:0a:71:97:b0:56:15:e3:ee:6f ip 10.215.168.1 port 8443'. Feb 26 19:18:09.803298 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:18:09.926332 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:18:10.043161 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:18:10.172384 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJ9fEWaknR0ePJIyJnUd6lj36bGbRjKWCnGXsFYV4-5vGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Feb 26 19:18:10.275551 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 26 19:18:10.396406 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 26 19:18:10.513176 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 26 19:18:10.629983 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 26 19:18:10.781767 osdx ca-certificates[16657]: Updating certificates in /etc/ssl/certs... Feb 26 19:18:11.568922 osdx ca-certificates[17641]: 1 added, 0 removed; done. Feb 26 19:18:11.576661 osdx ca-certificates[17645]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:18:11.583425 osdx ca-certificates[17649]: done. Feb 26 19:18:11.758604 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:18:11.762471 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:18:11.772003 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:18:11.797069 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:18:11.797675 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Network connectivity detected Feb 26 19:18:11.798534 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Dropping privileges Feb 26 19:18:11.805360 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:18:11.806657 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Network connectivity detected Feb 26 19:18:11.806852 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:18:11.806965 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:18:11.807115 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 26 19:18:11.807262 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Firefox workaround initialized Feb 26 19:18:11.807379 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpw_YD8s] Feb 26 19:18:11.809705 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 26 19:18:11.809849 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 26 19:18:11.809970 osdx dnscrypt-proxy[17702]: [2024-02-26 19:18:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-02-26 19:18:06 UTC, end at Mon 2024-02-26 19:18:15 UTC. -- Feb 26 19:18:06.410167 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/9107378b3879427292e8ecff8d61e29e) is 1.2M, max 9.7M, 8.5M free. Feb 26 19:18:06.427756 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:18:07.399272 osdx osdx-coredump[2777]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:18:07.411161 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:18:09.110414 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:18:09.234926 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 26 19:18:09.352472 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:18:09.462743 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service ssh'. Feb 26 19:18:09.631442 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:18:09.830017 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 26 19:18:09.848431 osdx sshd[2870]: Server listening on 0.0.0.0 port 22. Feb 26 19:18:09.848891 osdx sshd[2870]: Server listening on :: port 22. Feb 26 19:18:09.849115 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 26 19:18:09.873913 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:18:09.929642 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:18:09.967807 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:18:10.176434 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 26 19:18:13.141034 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1dfca57bf9dcabf0d4f1d39b60651ef7df62c2ea55018d24e8e70d26c638b331'. Feb 26 19:18:13.356645 osdx OSDxCLI[1560]: User 'admin' entered the configuration menu. Feb 26 19:18:13.482039 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 26 19:18:13.595646 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 26 19:18:13.712017 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 26 19:18:13.841278 osdx OSDxCLI[1560]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHfyle_ncq_DU8dObYGUe999iwupVAY0k6OcNJsY4szENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Feb 26 19:18:13.983360 osdx ca-certificates[2932]: Updating certificates in /etc/ssl/certs... Feb 26 19:18:14.769439 osdx ca-certificates[3916]: 1 added, 0 removed; done. Feb 26 19:18:14.777180 osdx ca-certificates[3920]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:18:14.784067 osdx ca-certificates[3924]: done. Feb 26 19:18:14.888128 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:18:14.891840 osdx cfgd[1003]: [1560]Completed change to active configuration Feb 26 19:18:14.897769 osdx OSDxCLI[1560]: User 'admin' committed the configuration. Feb 26 19:18:14.925832 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] dnscrypt-proxy 2.0.45 Feb 26 19:18:14.926485 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Network connectivity detected Feb 26 19:18:14.927202 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Dropping privileges Feb 26 19:18:14.932530 osdx OSDxCLI[1560]: User 'admin' left the configuration menu. Feb 26 19:18:14.935189 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Network connectivity detected Feb 26 19:18:14.935394 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 26 19:18:14.935508 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 26 19:18:14.935653 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Firefox workaround initialized Feb 26 19:18:14.935767 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:14] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpUeUkFB] Feb 26 19:18:15.156814 osdx OSDxCLI[1560]: User 'admin' executed a new command: 'system journal show | cat'. Feb 26 19:18:15.233588 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:15] [NOTICE] [DUT0] OK (DoH) - rtt: 209ms Feb 26 19:18:15.233588 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:15] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 209ms) Feb 26 19:18:15.233588 osdx dnscrypt-proxy[3931]: [2024-02-26 19:18:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13