Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:13:36 UTC, end at Mon 2024-12-02 20:13:44 UTC. -- Dec 02 20:13:36.479307 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:13:36.516850 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:13:37.303571 osdx osdx-coredump[21932]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:13:37.323533 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:13:38.592201 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:13:38.760309 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:13:38.884833 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:13:39.072055 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:13:39.240379 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:13:39.314070 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:13:39.367084 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:13:39.658529 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:13:41.501075 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:13:41.619397 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:13:41.733483 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:13:41.909358 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:13:42.035287 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:13:42.228553 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:13:42.404132 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 02 20:13:42.602437 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 02 20:13:42.790160 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 02 20:13:42.954009 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 02 20:13:43.171344 osdx ca-certificates[22072]: Updating certificates in /etc/ssl/certs... Dec 02 20:13:44.099682 osdx ca-certificates[23056]: 1 added, 0 removed; done. Dec 02 20:13:44.105873 osdx ca-certificates[23063]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:13:44.111256 osdx ca-certificates[23065]: done. Dec 02 20:13:44.320396 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:13:44.322650 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:13:44.326679 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:13:44.342755 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:13:44.342755 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Network connectivity detected Dec 02 20:13:44.343591 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Dropping privileges Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Network connectivity detected Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Firefox workaround initialized Dec 02 20:13:44.348721 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgCLJCG] Dec 02 20:13:44.358443 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:13:44.496962 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] [RD] OK (DoH) - rtt: 106ms Dec 02 20:13:44.497134 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] Server with the lowest initial latency: RD (rtt: 106ms) Dec 02 20:13:44.497224 osdx dnscrypt-proxy[23118]: [2024-12-02 20:13:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:13:36 UTC, end at Mon 2024-12-02 20:13:47 UTC. -- Dec 02 20:13:36.497511 osdx systemd-journald[1404]: Runtime journal (/run/log/journal/ab253656914a476e9961f9c5e382e7a7) is 1.2M, max 9.7M, 8.5M free. Dec 02 20:13:36.535883 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:13:37.676253 osdx osdx-coredump[5539]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:13:37.687898 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:13:39.834067 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:13:40.051105 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 02 20:13:40.178202 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:13:40.311809 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service ssh'. Dec 02 20:13:40.535336 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:13:40.779596 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 02 20:13:40.799023 osdx sshd[5637]: Server listening on 0.0.0.0 port 22. Dec 02 20:13:40.799376 osdx sshd[5637]: Server listening on :: port 22. Dec 02 20:13:40.800644 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 02 20:13:40.824745 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:13:40.883123 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:13:40.929068 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:13:41.153554 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 02 20:13:44.696773 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:13:44.846775 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 02 20:13:44.949337 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 02 20:13:45.078659 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 02 20:13:45.224449 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 02 20:13:45.319398 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 02 20:13:45.519799 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 02 20:13:45.659602 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231'. Dec 02 20:13:45.907515 osdx ca-certificates[5701]: Updating certificates in /etc/ssl/certs... Dec 02 20:13:46.975699 osdx ca-certificates[6684]: 1 added, 0 removed; done. Dec 02 20:13:46.984431 osdx ca-certificates[6692]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:13:46.992332 osdx ca-certificates[6694]: done. Dec 02 20:13:47.152216 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:13:47.161006 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:13:47.172706 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:13:47.242771 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:13:47.549489 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal show | cat'. Dec 02 20:13:47.555020 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:13:47.555586 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Network connectivity detected Dec 02 20:13:47.556244 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Dropping privileges Dec 02 20:13:47.563633 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Network connectivity detected Dec 02 20:13:47.563898 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:13:47.564094 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:13:47.564299 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Firefox workaround initialized Dec 02 20:13:47.564485 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjytcid] Dec 02 20:13:47.861783 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms Dec 02 20:13:47.861783 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) Dec 02 20:13:47.861783 osdx dnscrypt-proxy[6701]: [2024-12-02 20:13:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:13:59 UTC, end at Mon 2024-12-02 20:14:08 UTC. -- Dec 02 20:13:59.526094 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:13:59.562640 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:00.597411 osdx osdx-coredump[24766]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:00.608389 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:02.092594 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:02.252907 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:14:02.386627 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:02.578750 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:02.705029 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:02.761343 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:02.836506 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:14:03.087391 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:14:04.913047 osdx OSDxCLI[727]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:14:05.166131 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:05.335017 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:14:05.518863 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:14:05.696051 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Dec 02 20:14:05.856698 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 02 20:14:06.021824 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 02 20:14:06.175741 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 02 20:14:06.343001 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 02 20:14:06.505662 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 02 20:14:06.740513 osdx ca-certificates[24917]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:07.740706 osdx ca-certificates[25899]: 1 added, 0 removed; done. Dec 02 20:14:07.748869 osdx ca-certificates[25907]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:07.756170 osdx ca-certificates[25909]: done. Dec 02 20:14:07.952782 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:07.955045 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:07.959536 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:07.994026 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:07] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:07.994609 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:07] [NOTICE] Network connectivity detected Dec 02 20:14:07.995198 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:07] [NOTICE] Dropping privileges Dec 02 20:14:08.004003 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Network connectivity detected Dec 02 20:14:08.004138 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:08.004138 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:08.004138 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 02 20:14:08.004138 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Firefox workaround initialized Dec 02 20:14:08.004138 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1JwmQy] Dec 02 20:14:08.006109 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:14:08.204083 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] [RD] OK (DoH) - rtt: 125ms Dec 02 20:14:08.204083 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] Server with the lowest initial latency: RD (rtt: 125ms) Dec 02 20:14:08.204083 osdx dnscrypt-proxy[25962]: [2024-12-02 20:14:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:13:59 UTC, end at Mon 2024-12-02 20:14:11 UTC. -- Dec 02 20:13:59.514048 osdx systemd-journald[1404]: Runtime journal (/run/log/journal/ab253656914a476e9961f9c5e382e7a7) is 1.2M, max 9.7M, 8.5M free. Dec 02 20:13:59.544908 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:01.024408 osdx osdx-coredump[8332]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:01.037764 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:03.121405 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:03.281266 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 02 20:14:03.390326 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:03.579186 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service ssh'. Dec 02 20:14:03.783964 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:04.049653 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 02 20:14:04.068936 osdx sshd[8435]: Server listening on 0.0.0.0 port 22. Dec 02 20:14:04.068973 osdx sshd[8435]: Server listening on :: port 22. Dec 02 20:14:04.069128 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 02 20:14:04.095181 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:04.159155 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:04.200634 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:04.463513 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 02 20:14:08.383701 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231'. Dec 02 20:14:08.596679 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:08.764687 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 02 20:14:08.946432 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 02 20:14:09.125141 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 02 20:14:09.313187 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 02 20:14:09.530749 osdx ca-certificates[8499]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:10.519012 osdx ca-certificates[9482]: 1 added, 0 removed; done. Dec 02 20:14:10.525659 osdx ca-certificates[9487]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:10.532525 osdx ca-certificates[9491]: done. Dec 02 20:14:10.673155 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:10.676257 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:10.681012 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:10.747191 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:10.748282 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:10.748696 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Network connectivity detected Dec 02 20:14:10.749192 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Dropping privileges Dec 02 20:14:10.752149 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Network connectivity detected Dec 02 20:14:10.752332 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:10.752416 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:10.752516 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Firefox workaround initialized Dec 02 20:14:10.752596 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpVBkSUn] Dec 02 20:14:11.016815 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:11] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms Dec 02 20:14:11.016815 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:11] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) Dec 02 20:14:11.017069 osdx dnscrypt-proxy[9498]: [2024-12-02 20:14:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 02 20:14:11.019685 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:14:21 UTC, end at Mon 2024-12-02 20:14:28 UTC. -- Dec 02 20:14:21.417104 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:14:21.453850 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:22.245597 osdx osdx-coredump[27612]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:22.281079 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:23.396571 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:23.570174 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:14:23.671156 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:23.830456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:23.955756 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:24.014578 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:24.062705 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:14:24.253339 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:14:25.848842 osdx OSDxCLI[727]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 02 20:14:26.107846 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:26.230415 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:14:26.392184 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:14:26.518043 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 02 20:14:26.642372 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 02 20:14:26.796954 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 02 20:14:26.958073 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Dec 02 20:14:27.047052 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 02 20:14:27.191668 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 02 20:14:27.326019 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 02 20:14:27.482392 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 02 20:14:27.681563 osdx ca-certificates[27755]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:28.563330 osdx ca-certificates[28739]: 1 added, 0 removed; done. Dec 02 20:14:28.569808 osdx ca-certificates[28746]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:28.576857 osdx ca-certificates[28748]: done. Dec 02 20:14:28.774177 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:28.776665 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:28.781470 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:28.824660 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:28.824660 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Network connectivity detected Dec 02 20:14:28.824660 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Dropping privileges Dec 02 20:14:28.828132 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:14:28.829509 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Network connectivity detected Dec 02 20:14:28.829631 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:28.829631 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:28.829631 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 02 20:14:28.829842 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Firefox workaround initialized Dec 02 20:14:28.829842 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpcZgjnT] Dec 02 20:14:28.850601 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] [RD] OK (DNSCrypt) - rtt: 19ms Dec 02 20:14:28.850857 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 19ms) Dec 02 20:14:28.850857 osdx dnscrypt-proxy[28801]: [2024-12-02 20:14:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:14:21 UTC, end at Mon 2024-12-02 20:14:31 UTC. -- Dec 02 20:14:21.438030 osdx systemd-journald[1404]: Runtime journal (/run/log/journal/ab253656914a476e9961f9c5e382e7a7) is 1.2M, max 9.7M, 8.5M free. Dec 02 20:14:21.455215 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:22.609311 osdx osdx-coredump[11129]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:22.617673 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:24.345862 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:24.468660 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 02 20:14:24.588518 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:24.734808 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service ssh'. Dec 02 20:14:24.932240 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:25.178272 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 02 20:14:25.206843 osdx sshd[11227]: Server listening on 0.0.0.0 port 22. Dec 02 20:14:25.207351 osdx sshd[11227]: Server listening on :: port 22. Dec 02 20:14:25.207605 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 02 20:14:25.233485 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:25.290750 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:25.326928 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:25.539062 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 02 20:14:29.153350 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:29.297078 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 02 20:14:29.448919 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 02 20:14:29.581699 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 02 20:14:29.716106 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 02 20:14:29.819532 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 02 20:14:29.955390 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 02 20:14:30.093892 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231'. Dec 02 20:14:30.269889 osdx ca-certificates[11290]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:31.019359 osdx ca-certificates[12274]: 1 added, 0 removed; done. Dec 02 20:14:31.025789 osdx ca-certificates[12280]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:31.033340 osdx ca-certificates[12282]: done. Dec 02 20:14:31.137099 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:31.139755 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:31.146154 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:31.183857 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:31.184362 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Network connectivity detected Dec 02 20:14:31.184868 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Dropping privileges Dec 02 20:14:31.214639 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:31.215489 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Network connectivity detected Dec 02 20:14:31.215561 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:31.215561 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:31.215561 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Firefox workaround initialized Dec 02 20:14:31.215739 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpZtT4o7] Dec 02 20:14:31.442623 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] [DUT0] OK (DoH) - rtt: 106ms Dec 02 20:14:31.442623 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 106ms) Dec 02 20:14:31.442623 osdx dnscrypt-proxy[12289]: [2024-12-02 20:14:31] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:14:41 UTC, end at Mon 2024-12-02 20:14:48 UTC. -- Dec 02 20:14:41.438764 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:14:41.477345 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:42.326553 osdx osdx-coredump[30448]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:42.338330 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:43.472606 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:43.596554 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:14:43.708302 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:43.873439 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:43.990140 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:44.049459 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:44.077661 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:14:44.293382 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:14:45.927685 osdx OSDxCLI[727]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 02 20:14:46.179507 osdx OSDxCLI[727]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Dec 02 20:14:46.403618 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:14:46.540849 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:14:46.694308 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:14:46.847520 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Dec 02 20:14:46.979851 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 02 20:14:47.104851 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 02 20:14:47.267976 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 02 20:14:47.396146 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 02 20:14:47.602099 osdx ca-certificates[30592]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:48.665261 osdx ca-certificates[31577]: 1 added, 0 removed; done. Dec 02 20:14:48.672212 osdx ca-certificates[31581]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:48.678677 osdx ca-certificates[31584]: done. Dec 02 20:14:48.863237 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:48.866194 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:14:48.872458 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:14:48.894284 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:48.894784 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Network connectivity detected Dec 02 20:14:48.895284 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Dropping privileges Dec 02 20:14:48.899006 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Network connectivity detected Dec 02 20:14:48.899131 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:48.899198 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:48.899198 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 02 20:14:48.899346 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Firefox workaround initialized Dec 02 20:14:48.899346 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9oSQBc] Dec 02 20:14:48.903931 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] [RD] OK (DNSCrypt) - rtt: 3ms Dec 02 20:14:48.903931 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 3ms) Dec 02 20:14:48.903931 osdx dnscrypt-proxy[31637]: [2024-12-02 20:14:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 02 20:14:48.937688 osdx OSDxCLI[727]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-12-02 20:14:42 UTC, end at Mon 2024-12-02 20:14:52 UTC. -- Dec 02 20:14:42.462659 osdx systemd-journald[1404]: Runtime journal (/run/log/journal/ab253656914a476e9961f9c5e382e7a7) is 1.2M, max 9.7M, 8.5M free. Dec 02 20:14:42.489358 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:14:43.693238 osdx osdx-coredump[13914]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:14:43.703695 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:14:45.375241 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:45.531346 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 02 20:14:45.649748 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:14:45.768131 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service ssh'. Dec 02 20:14:45.934969 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:14:46.150157 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 02 20:14:46.170519 osdx sshd[14012]: Server listening on 0.0.0.0 port 22. Dec 02 20:14:46.170997 osdx sshd[14012]: Server listening on :: port 22. Dec 02 20:14:46.171256 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 02 20:14:46.192614 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:46.248829 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:46.309825 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:46.599086 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 02 20:14:50.386003 osdx OSDxCLI[2173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 74cbb4ad2e79dfd686979ed864fdcfaa55fa184f4ba935630452721edd967231'. Dec 02 20:14:50.628795 osdx OSDxCLI[2173]: User 'admin' entered the configuration menu. Dec 02 20:14:50.766450 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 02 20:14:50.889296 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 02 20:14:51.000559 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 02 20:14:51.155166 osdx OSDxCLI[2173]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgdMu0rS5539aGl57YZP3PqlX6GE9LqTVjBFJyHt2WcjENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 02 20:14:51.304159 osdx ca-certificates[14076]: Updating certificates in /etc/ssl/certs... Dec 02 20:14:52.161533 osdx ca-certificates[15059]: 1 added, 0 removed; done. Dec 02 20:14:52.168308 osdx ca-certificates[15066]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:14:52.173733 osdx ca-certificates[15068]: done. Dec 02 20:14:52.304152 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:14:52.307238 osdx cfgd[1031]: [2173]Completed change to active configuration Dec 02 20:14:52.314724 osdx OSDxCLI[2173]: User 'admin' committed the configuration. Dec 02 20:14:52.337120 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] dnscrypt-proxy 2.0.45 Dec 02 20:14:52.337503 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Network connectivity detected Dec 02 20:14:52.337630 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Dropping privileges Dec 02 20:14:52.343934 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Network connectivity detected Dec 02 20:14:52.344057 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 02 20:14:52.344057 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 02 20:14:52.344057 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Firefox workaround initialized Dec 02 20:14:52.344057 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp87A9FG] Dec 02 20:14:52.392767 osdx OSDxCLI[2173]: User 'admin' left the configuration menu. Dec 02 20:14:52.562025 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms Dec 02 20:14:52.562025 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) Dec 02 20:14:52.562025 osdx dnscrypt-proxy[15075]: [2024-12-02 20:14:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13