Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:52:38 UTC, end at Tue 2024-04-09 09:52:45 UTC. -- Apr 09 09:52:38.509174 osdx systemd-journald[1044]: Runtime journal (/run/log/journal/2dc26f94a9f34e56b62b3c0d209c4be0) is 2.0M, max 16.0M, 14.0M free. Apr 09 09:52:38.540130 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:52:39.219176 osdx osdx-coredump[16629]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:52:39.229607 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:52:40.130039 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:52:40.350861 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 09 09:52:40.475239 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:52:40.624416 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:52:40.736318 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:52:40.796441 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:52:40.839599 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:52:41.062490 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 09 09:52:41.451509 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:52:42.626281 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:52:42.811579 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 09 09:52:42.948384 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 09 09:52:43.111428 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 09 09:52:43.229712 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 09 09:52:43.401646 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 09 09:52:43.539564 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 09 09:52:43.572165 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:52:43.716728 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 09 09:52:43.880637 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 09 09:52:44.040681 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 09 09:52:44.188035 osdx ca-certificates[16744]: Updating certificates in /etc/ssl/certs... Apr 09 09:52:45.008856 osdx ca-certificates[17728]: 1 added, 0 removed; done. Apr 09 09:52:45.015004 osdx ca-certificates[17735]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:52:45.020164 osdx ca-certificates[17737]: done. Apr 09 09:52:45.195169 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:52:45.198655 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:52:45.202708 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:52:45.222476 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:52:45.222476 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Network connectivity detected Apr 09 09:52:45.222870 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Dropping privileges Apr 09 09:52:45.231899 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Network connectivity detected Apr 09 09:52:45.232023 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:52:45.232023 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:52:45.232023 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 09 09:52:45.232023 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Firefox workaround initialized Apr 09 09:52:45.232023 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpAwImlv] Apr 09 09:52:45.243420 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:52:45.406287 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] [RD] OK (DoH) - rtt: 136ms Apr 09 09:52:45.406477 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 136ms) Apr 09 09:52:45.406565 osdx dnscrypt-proxy[17790]: [2024-04-09 09:52:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:52:38 UTC, end at Tue 2024-04-09 09:52:47 UTC. -- Apr 09 09:52:38.510439 osdx systemd-journald[1405]: Runtime journal (/run/log/journal/e9babbf8af8f476fa9480b3a59b5bfa8) is 1.2M, max 9.7M, 8.5M free. Apr 09 09:52:38.531221 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:52:39.449340 osdx osdx-coredump[26932]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:52:39.456953 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:52:41.106104 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:52:41.270761 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 09 09:52:41.395434 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:52:41.548471 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service ssh'. Apr 09 09:52:41.751168 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:52:41.919276 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 09 09:52:41.938326 osdx sshd[27005]: Server listening on 0.0.0.0 port 22. Apr 09 09:52:41.938807 osdx sshd[27005]: Server listening on :: port 22. Apr 09 09:52:41.939055 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 09 09:52:41.960559 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:52:42.008568 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:52:42.051781 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:52:42.269158 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 09 09:52:45.557625 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:52:45.698208 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 09 09:52:45.804127 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 09 09:52:45.936267 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 09 09:52:46.059498 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 09 09:52:46.149486 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 09 09:52:46.261040 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Apr 09 09:52:46.377162 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547'. Apr 09 09:52:46.546853 osdx ca-certificates[27068]: Updating certificates in /etc/ssl/certs... Apr 09 09:52:47.272693 osdx ca-certificates[28052]: 1 added, 0 removed; done. Apr 09 09:52:47.281322 osdx ca-certificates[28056]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:52:47.288922 osdx ca-certificates[28060]: done. Apr 09 09:52:47.413098 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:52:47.416953 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:52:47.429142 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:52:47.457449 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:52:47.458508 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Network connectivity detected Apr 09 09:52:47.458508 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Dropping privileges Apr 09 09:52:47.461744 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Network connectivity detected Apr 09 09:52:47.461955 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:52:47.462064 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:52:47.462199 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Firefox workaround initialized Apr 09 09:52:47.462300 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpB7rllY] Apr 09 09:52:47.477523 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:52:47.711249 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal show | cat'. Apr 09 09:52:47.792662 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] [DUT0] OK (DoH) - rtt: 149ms Apr 09 09:52:47.792662 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 149ms) Apr 09 09:52:47.792662 osdx dnscrypt-proxy[28067]: [2024-04-09 09:52:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:52:57 UTC, end at Tue 2024-04-09 09:53:04 UTC. -- Apr 09 09:52:57.418320 osdx systemd-journald[1044]: Runtime journal (/run/log/journal/2dc26f94a9f34e56b62b3c0d209c4be0) is 2.0M, max 16.0M, 14.0M free. Apr 09 09:52:57.441194 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:52:58.088448 osdx osdx-coredump[19434]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:52:58.097257 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:52:58.140402 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:52:59.136861 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:52:59.272859 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 09 09:52:59.383641 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:52:59.563124 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:52:59.673518 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:52:59.726230 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:52:59.752572 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:52:59.929690 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 09 09:53:01.325517 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 09 09:53:01.516303 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:53:01.659553 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 09 09:53:01.825474 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 09 09:53:01.889760 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:01.987847 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Apr 09 09:53:02.126645 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 09 09:53:02.274019 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 09 09:53:02.381277 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 09 09:53:02.499484 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 09 09:53:02.617517 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 09 09:53:02.825364 osdx ca-certificates[19556]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:03.782472 osdx ca-certificates[20540]: 1 added, 0 removed; done. Apr 09 09:53:03.788177 osdx ca-certificates[20547]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:03.794614 osdx ca-certificates[20549]: done. Apr 09 09:53:03.985183 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:03.989359 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:53:03.994758 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:53:04.007789 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:04.008141 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Network connectivity detected Apr 09 09:53:04.008387 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Dropping privileges Apr 09 09:53:04.011820 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Network connectivity detected Apr 09 09:53:04.011934 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:04.011934 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:04.011934 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 09 09:53:04.011934 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Firefox workaround initialized Apr 09 09:53:04.011934 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpj253r9] Apr 09 09:53:04.068536 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:53:04.196887 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] [RD] OK (DoH) - rtt: 139ms Apr 09 09:53:04.197156 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 139ms) Apr 09 09:53:04.197156 osdx dnscrypt-proxy[20602]: [2024-04-09 09:53:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:52:58 UTC, end at Tue 2024-04-09 09:53:08 UTC. -- Apr 09 09:52:58.408795 osdx systemd-journald[1405]: Runtime journal (/run/log/journal/e9babbf8af8f476fa9480b3a59b5bfa8) is 1.2M, max 9.7M, 8.5M free. Apr 09 09:52:58.428045 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:52:59.316268 osdx osdx-coredump[29700]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:52:59.324295 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:53:00.988214 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:01.126888 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 09 09:53:01.213038 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:53:01.299528 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service ssh'. Apr 09 09:53:01.477306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:53:01.651323 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 09 09:53:01.669722 osdx sshd[29773]: Server listening on 0.0.0.0 port 22. Apr 09 09:53:01.670043 osdx sshd[29773]: Server listening on :: port 22. Apr 09 09:53:01.670207 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 09 09:53:01.688988 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:01.741781 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:01.778307 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:01.987363 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 09 09:53:05.480748 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547'. Apr 09 09:53:05.676919 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:05.837910 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 09 09:53:05.986572 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 09 09:53:06.142939 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 09 09:53:06.310426 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 09 09:53:06.535708 osdx ca-certificates[29842]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:07.890090 osdx ca-certificates[30826]: 1 added, 0 removed; done. Apr 09 09:53:07.898196 osdx ca-certificates[30831]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:07.905002 osdx ca-certificates[30834]: done. Apr 09 09:53:08.002631 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:08.005720 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:08.014434 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:08.035701 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:08.036131 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Network connectivity detected Apr 09 09:53:08.036764 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Dropping privileges Apr 09 09:53:08.039272 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Network connectivity detected Apr 09 09:53:08.039443 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:08.039533 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:08.039630 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Firefox workaround initialized Apr 09 09:53:08.039725 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpr7i5MK] Apr 09 09:53:08.066273 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:08.302905 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal show | cat'. Apr 09 09:53:08.327036 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Apr 09 09:53:08.327036 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms) Apr 09 09:53:08.327036 osdx dnscrypt-proxy[30841]: [2024-04-09 09:53:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:53:19 UTC, end at Tue 2024-04-09 09:53:26 UTC. -- Apr 09 09:53:19.396703 osdx systemd-journald[1044]: Runtime journal (/run/log/journal/2dc26f94a9f34e56b62b3c0d209c4be0) is 2.0M, max 16.0M, 14.0M free. Apr 09 09:53:19.418620 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:53:20.110686 osdx osdx-coredump[22247]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:53:20.120766 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:53:21.037904 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:21.234753 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:53:21.412773 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 09 09:53:21.546128 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:53:21.669843 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:53:21.772023 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:53:21.833263 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:53:21.876388 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:53:22.077741 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 09 09:53:23.841360 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 09 09:53:24.142774 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:53:24.322552 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 09 09:53:24.447881 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 09 09:53:24.596595 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Apr 09 09:53:24.745210 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Apr 09 09:53:24.885167 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Apr 09 09:53:25.007852 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f'. Apr 09 09:53:25.122811 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 09 09:53:25.266502 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 09 09:53:25.417536 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 09 09:53:25.548326 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 09 09:53:25.762999 osdx ca-certificates[22365]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:26.025969 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:26.579693 osdx ca-certificates[23348]: 1 added, 0 removed; done. Apr 09 09:53:26.586291 osdx ca-certificates[23355]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:26.592610 osdx ca-certificates[23357]: done. Apr 09 09:53:26.777435 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:26.780591 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:53:26.787973 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:53:26.811384 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:26.811715 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Network connectivity detected Apr 09 09:53:26.811981 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Dropping privileges Apr 09 09:53:26.815327 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Network connectivity detected Apr 09 09:53:26.815436 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:26.815436 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:26.815436 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 09 09:53:26.815584 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Firefox workaround initialized Apr 09 09:53:26.815584 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpe4JZn0] Apr 09 09:53:26.818717 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] [RD] OK (DNSCrypt) - rtt: 2ms Apr 09 09:53:26.818717 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 2ms) Apr 09 09:53:26.818881 osdx dnscrypt-proxy[23410]: [2024-04-09 09:53:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 09 09:53:26.829145 osdx OSDxCLI[7130]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:53:20 UTC, end at Tue 2024-04-09 09:53:30 UTC. -- Apr 09 09:53:20.390997 osdx systemd-journald[1405]: Runtime journal (/run/log/journal/e9babbf8af8f476fa9480b3a59b5bfa8) is 1.2M, max 9.7M, 8.5M free. Apr 09 09:53:20.404573 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:53:21.436006 osdx osdx-coredump[32469]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:53:21.444975 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:53:23.258073 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:23.493148 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 09 09:53:23.605099 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:53:23.749549 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service ssh'. Apr 09 09:53:23.939557 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:53:24.125178 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 09 09:53:24.145625 osdx sshd[32542]: Server listening on 0.0.0.0 port 22. Apr 09 09:53:24.146071 osdx sshd[32542]: Server listening on :: port 22. Apr 09 09:53:24.146297 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 09 09:53:24.168638 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:24.219073 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:24.258820 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:24.531871 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 09 09:53:28.213345 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:28.335760 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 09 09:53:28.464317 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 09 09:53:28.605349 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 09 09:53:28.755326 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 09 09:53:28.867897 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 09 09:53:28.993367 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Apr 09 09:53:29.125897 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547'. Apr 09 09:53:29.282998 osdx ca-certificates[32605]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:30.017865 osdx ca-certificates[1158]: 1 added, 0 removed; done. Apr 09 09:53:30.024337 osdx ca-certificates[1162]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:30.029882 osdx ca-certificates[1166]: done. Apr 09 09:53:30.111563 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:30.114330 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:30.118671 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:30.141033 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:30.141492 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Network connectivity detected Apr 09 09:53:30.144454 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:30.145262 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Dropping privileges Apr 09 09:53:30.147659 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Network connectivity detected Apr 09 09:53:30.147836 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:30.147925 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:30.148017 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Firefox workaround initialized Apr 09 09:53:30.148096 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplU_iXX] Apr 09 09:53:30.463446 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal show | cat'. Apr 09 09:53:30.477584 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] [DUT0] OK (DoH) - rtt: 132ms Apr 09 09:53:30.477584 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 132ms) Apr 09 09:53:30.477584 osdx dnscrypt-proxy[1173]: [2024-04-09 09:53:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:53:40 UTC, end at Tue 2024-04-09 09:53:47 UTC. -- Apr 09 09:53:40.441374 osdx systemd-journald[1044]: Runtime journal (/run/log/journal/2dc26f94a9f34e56b62b3c0d209c4be0) is 2.0M, max 16.0M, 14.0M free. Apr 09 09:53:40.468088 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:53:41.241020 osdx osdx-coredump[25057]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:53:41.251144 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:53:41.661848 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:42.414650 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:53:42.637137 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 09 09:53:42.783648 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:53:43.025403 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:53:43.135248 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:53:43.189948 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:53:43.230606 osdx OSDxCLI[7130]: User 'admin' left the configuration menu. Apr 09 09:53:43.503573 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 09 09:53:43.772454 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:44.977159 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 09 09:53:45.167960 osdx OSDxCLI[7130]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443'. Apr 09 09:53:45.386177 osdx OSDxCLI[7130]: User 'admin' entered the configuration menu. Apr 09 09:53:45.501640 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 09 09:53:45.745740 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 09 09:53:45.859091 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Apr 09 09:53:45.956653 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 09 09:53:46.055992 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 09 09:53:46.254122 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 09 09:53:46.400182 osdx OSDxCLI[7130]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 09 09:53:46.596375 osdx ca-certificates[25176]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:47.384892 osdx ca-certificates[26160]: 1 added, 0 removed; done. Apr 09 09:53:47.389984 osdx ca-certificates[26166]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:47.396329 osdx ca-certificates[26168]: done. Apr 09 09:53:47.521140 osdx zebra[1073]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 09 09:53:47.558577 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:47.560631 osdx cfgd[1120]: [7130]Completed change to active configuration Apr 09 09:53:47.565551 osdx OSDxCLI[7130]: User 'admin' committed the configuration. Apr 09 09:53:47.604774 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:47.605209 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Network connectivity detected Apr 09 09:53:47.605361 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Dropping privileges Apr 09 09:53:47.609137 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Network connectivity detected Apr 09 09:53:47.609396 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:47.609505 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:47.609631 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 09 09:53:47.609770 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Firefox workaround initialized Apr 09 09:53:47.609886 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpt5P8cF] Apr 09 09:53:47.611028 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 09 09:53:47.611206 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 09 09:53:47.611312 osdx dnscrypt-proxy[26221]: [2024-04-09 09:53:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 09 09:53:47.618354 osdx OSDxCLI[7130]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-09 09:53:40 UTC, end at Tue 2024-04-09 09:53:50 UTC. -- Apr 09 09:53:40.492568 osdx systemd-journald[1405]: Runtime journal (/run/log/journal/e9babbf8af8f476fa9480b3a59b5bfa8) is 1.2M, max 9.7M, 8.5M free. Apr 09 09:53:40.510217 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal clear'. Apr 09 09:53:41.571360 osdx osdx-coredump[2806]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 09 09:53:41.583220 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system coredump delete all'. Apr 09 09:53:43.611416 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:43.811416 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 09 09:53:43.924080 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 09 09:53:44.031313 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service ssh'. Apr 09 09:53:44.197288 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 09 09:53:44.365702 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 09 09:53:44.385754 osdx sshd[2879]: Server listening on 0.0.0.0 port 22. Apr 09 09:53:44.386093 osdx sshd[2879]: Server listening on :: port 22. Apr 09 09:53:44.386268 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 09 09:53:44.405117 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:44.456658 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:44.487419 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:44.723191 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 09 09:53:48.054779 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 56c53181b6f4d1af46fa0e4c54c5edb9ef4e91b5ed826c0455d08185f9b41547'. Apr 09 09:53:48.274460 osdx OSDxCLI[6276]: User 'admin' entered the configuration menu. Apr 09 09:53:48.400567 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 09 09:53:48.509047 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 09 09:53:48.650400 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 09 09:53:48.807544 osdx OSDxCLI[6276]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVsUxgbb00a9G-g5MVMXtue9OkbXtgmwEVdCBhfm0FUcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 09 09:53:49.026453 osdx ca-certificates[2943]: Updating certificates in /etc/ssl/certs... Apr 09 09:53:49.762058 osdx ca-certificates[3927]: 1 added, 0 removed; done. Apr 09 09:53:49.773749 osdx ca-certificates[3931]: Running hooks in /etc/ca-certificates/update.d... Apr 09 09:53:49.780404 osdx ca-certificates[3935]: done. Apr 09 09:53:49.870872 osdx systemd[1]: Started DNSCrypt client proxy. Apr 09 09:53:49.873638 osdx cfgd[1036]: [6276]Completed change to active configuration Apr 09 09:53:49.882822 osdx OSDxCLI[6276]: User 'admin' committed the configuration. Apr 09 09:53:49.913230 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] dnscrypt-proxy 2.0.45 Apr 09 09:53:49.913712 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Network connectivity detected Apr 09 09:53:49.914494 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Dropping privileges Apr 09 09:53:49.917462 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Network connectivity detected Apr 09 09:53:49.917644 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 09 09:53:49.917754 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 09 09:53:49.917876 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Firefox workaround initialized Apr 09 09:53:49.917981 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplUCSHd] Apr 09 09:53:49.935523 osdx OSDxCLI[6276]: User 'admin' left the configuration menu. Apr 09 09:53:50.153219 osdx OSDxCLI[6276]: User 'admin' executed a new command: 'system journal show | cat'. Apr 09 09:53:50.214927 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:50] [NOTICE] [DUT0] OK (DoH) - rtt: 116ms Apr 09 09:53:50.214927 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:50] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 116ms) Apr 09 09:53:50.214927 osdx dnscrypt-proxy[3942]: [2024-04-09 09:53:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13