Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:21 UTC, end at Wed 2024-05-22 08:21:26 UTC. -- May 22 08:21:21.359831 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 4.0M, max 16.0M, 11.9M free. May 22 08:21:21.390012 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:21.928854 osdx osdx-coredump[22881]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:21.936824 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:22.741887 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:22.878634 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:21:22.960352 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:23.100528 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:23.191527 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:23.228174 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:23.264542 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:21:23.437917 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:21:24.684690 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:24.810973 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:21:24.911586 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:21:25.055215 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:21:25.138228 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:21:25.232955 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:21:25.314412 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 22 08:21:25.431686 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 22 08:21:25.519990 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 22 08:21:25.612068 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 22 08:21:25.737886 osdx ca-certificates[22995]: Updating certificates in /etc/ssl/certs... May 22 08:21:26.434359 osdx ca-certificates[23979]: 1 added, 0 removed; done. May 22 08:21:26.438838 osdx ca-certificates[23986]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:26.443711 osdx ca-certificates[23988]: done. May 22 08:21:26.591223 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:26.593905 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:26.597931 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:26.622469 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:26.622813 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Network connectivity detected May 22 08:21:26.622930 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Dropping privileges May 22 08:21:26.626235 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Network connectivity detected May 22 08:21:26.626440 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:26.626538 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:26.626650 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 22 08:21:26.626774 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Firefox workaround initialized May 22 08:21:26.626861 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpq2jVF0] May 22 08:21:26.640069 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:21:26.806384 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] [RD] OK (DoH) - rtt: 134ms May 22 08:21:26.806384 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 134ms) May 22 08:21:26.806384 osdx dnscrypt-proxy[24041]: [2024-05-22 08:21:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 22 08:21:26.830059 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:21 UTC, end at Wed 2024-05-22 08:21:29 UTC. -- May 22 08:21:21.361364 osdx systemd-journald[1363]: Runtime journal (/run/log/journal/45fcbf1f72434cdcb3afa54f808d79fa) is 1.2M, max 9.7M, 8.5M free. May 22 08:21:21.373862 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:22.125984 osdx osdx-coredump[31204]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:22.133625 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:23.501076 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:23.636301 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 22 08:21:23.713354 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:23.827991 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service ssh'. May 22 08:21:23.963783 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:24.102725 osdx systemd[1]: Starting OpenBSD Secure Shell server... May 22 08:21:24.117169 osdx sshd[31277]: Server listening on 0.0.0.0 port 22. May 22 08:21:24.117450 osdx sshd[31277]: Server listening on :: port 22. May 22 08:21:24.117606 osdx systemd[1]: Started OpenBSD Secure Shell server. May 22 08:21:24.137234 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:24.175109 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:24.199590 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:24.398169 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 22 08:21:27.193790 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:27.333153 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 22 08:21:27.418823 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 22 08:21:27.508549 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 22 08:21:27.618643 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 22 08:21:27.720007 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 22 08:21:27.835994 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 22 08:21:27.930201 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead'. May 22 08:21:28.046154 osdx ca-certificates[31340]: Updating certificates in /etc/ssl/certs... May 22 08:21:28.656544 osdx ca-certificates[32324]: 1 added, 0 removed; done. May 22 08:21:28.662168 osdx ca-certificates[32328]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:28.667206 osdx ca-certificates[32332]: done. May 22 08:21:28.750729 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:28.753681 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:28.758077 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:28.778868 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:28.779310 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Network connectivity detected May 22 08:21:28.780245 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Dropping privileges May 22 08:21:28.784322 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:28.785219 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Network connectivity detected May 22 08:21:28.785344 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:28.785428 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:28.785522 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Firefox workaround initialized May 22 08:21:28.785600 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1vphfK] May 22 08:21:28.989655 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:21:29.092167 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:29] [NOTICE] [DUT0] OK (DoH) - rtt: 134ms May 22 08:21:29.092167 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:29] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 134ms) May 22 08:21:29.092167 osdx dnscrypt-proxy[32339]: [2024-05-22 08:21:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:36 UTC, end at Wed 2024-05-22 08:21:41 UTC. -- May 22 08:21:36.365283 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:21:36.393644 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:36.973386 osdx osdx-coredump[25695]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:36.981763 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:37.771879 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:37.904671 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:21:37.985973 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:38.129028 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:38.208682 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:38.257634 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:38.282453 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:21:38.449750 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:21:39.599386 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:21:39.772536 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:39.866277 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:21:39.964918 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:21:40.089000 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. May 22 08:21:40.173073 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 22 08:21:40.271171 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 22 08:21:40.389547 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 22 08:21:40.486433 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 22 08:21:40.604562 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 22 08:21:40.760873 osdx ca-certificates[25813]: Updating certificates in /etc/ssl/certs... May 22 08:21:41.420679 osdx ca-certificates[26796]: 1 added, 0 removed; done. May 22 08:21:41.425081 osdx ca-certificates[26803]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:41.430077 osdx ca-certificates[26805]: done. May 22 08:21:41.563847 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:41.566744 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:41.570587 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:41.596189 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:41.596485 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Network connectivity detected May 22 08:21:41.596636 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Dropping privileges May 22 08:21:41.599319 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Network connectivity detected May 22 08:21:41.599395 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:41.599395 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:41.599395 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 22 08:21:41.599504 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Firefox workaround initialized May 22 08:21:41.599504 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpY8Zalp] May 22 08:21:41.611920 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:21:41.752749 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] [RD] OK (DoH) - rtt: 116ms May 22 08:21:41.752749 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 116ms) May 22 08:21:41.752749 osdx dnscrypt-proxy[26858]: [2024-05-22 08:21:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:36 UTC, end at Wed 2024-05-22 08:21:44 UTC. -- May 22 08:21:36.379257 osdx systemd-journald[1363]: Runtime journal (/run/log/journal/45fcbf1f72434cdcb3afa54f808d79fa) is 1.2M, max 9.7M, 8.5M free. May 22 08:21:36.393452 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:37.182513 osdx osdx-coredump[1541]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:37.189926 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:38.501278 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:38.633222 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 22 08:21:38.710779 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:38.791892 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service ssh'. May 22 08:21:38.927850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:39.065800 osdx systemd[1]: Starting OpenBSD Secure Shell server... May 22 08:21:39.079499 osdx sshd[1615]: Server listening on 0.0.0.0 port 22. May 22 08:21:39.079839 osdx sshd[1615]: Server listening on :: port 22. May 22 08:21:39.080018 osdx systemd[1]: Started OpenBSD Secure Shell server. May 22 08:21:39.099658 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:39.138759 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:39.179306 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:39.323292 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 22 08:21:41.914729 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead'. May 22 08:21:42.122093 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:42.230395 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 22 08:21:42.323609 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 22 08:21:42.425361 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 22 08:21:42.536938 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. May 22 08:21:42.654101 osdx ca-certificates[1679]: Updating certificates in /etc/ssl/certs... May 22 08:21:43.282704 osdx ca-certificates[2664]: 1 added, 0 removed; done. May 22 08:21:43.288636 osdx ca-certificates[2668]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:43.294098 osdx ca-certificates[2672]: done. May 22 08:21:43.377587 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:43.380602 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:43.388962 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:43.408126 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:43.408520 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Network connectivity detected May 22 08:21:43.409121 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Dropping privileges May 22 08:21:43.411395 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Network connectivity detected May 22 08:21:43.411564 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:43.411652 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:43.411748 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Firefox workaround initialized May 22 08:21:43.411831 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbT2XCS] May 22 08:21:43.415382 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:43.633449 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:21:43.886163 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:21:44.088971 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:44] [NOTICE] [DUT0] OK (DoH) - rtt: 188ms May 22 08:21:44.088971 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:44] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 188ms) May 22 08:21:44.088971 osdx dnscrypt-proxy[2679]: [2024-05-22 08:21:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:51 UTC, end at Wed 2024-05-22 08:21:56 UTC. -- May 22 08:21:51.382773 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:21:51.399834 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:51.950536 osdx osdx-coredump[28504]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:51.958736 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:52.781300 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:52.917040 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:21:52.997299 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:53.152857 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:53.233218 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:53.270607 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:53.295921 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:21:53.469207 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:21:54.731178 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 22 08:21:54.905683 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:21:55.005476 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:21:55.098668 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:21:55.193986 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 22 08:21:55.288412 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 22 08:21:55.386440 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 22 08:21:55.487884 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b'. May 22 08:21:55.565229 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 22 08:21:55.685387 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 22 08:21:55.804893 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 22 08:21:55.911628 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 22 08:21:56.065824 osdx ca-certificates[28622]: Updating certificates in /etc/ssl/certs... May 22 08:21:56.726857 osdx ca-certificates[29605]: 1 added, 0 removed; done. May 22 08:21:56.731251 osdx ca-certificates[29612]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:56.735941 osdx ca-certificates[29614]: done. May 22 08:21:56.873714 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:56.875563 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:21:56.879346 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:21:56.895324 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:56.895593 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Network connectivity detected May 22 08:21:56.895826 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Dropping privileges May 22 08:21:56.898476 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Network connectivity detected May 22 08:21:56.898566 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:56.898566 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:56.898566 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 22 08:21:56.898566 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Firefox workaround initialized May 22 08:21:56.898566 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpQNm0hJ] May 22 08:21:56.899303 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 22 08:21:56.899303 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 22 08:21:56.899303 osdx dnscrypt-proxy[29667]: [2024-05-22 08:21:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 22 08:21:56.919458 osdx OSDxCLI[18676]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:21:52 UTC, end at Wed 2024-05-22 08:22:02 UTC. -- May 22 08:21:52.360229 osdx systemd-journald[1363]: Runtime journal (/run/log/journal/45fcbf1f72434cdcb3afa54f808d79fa) is 1.2M, max 9.7M, 8.5M free. May 22 08:21:52.373144 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal clear'. May 22 08:21:53.140509 osdx osdx-coredump[4314]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:21:53.148413 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:21:54.521591 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:54.669735 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 22 08:21:54.782370 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:21:54.887806 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service ssh'. May 22 08:21:55.051613 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:21:55.192274 osdx systemd[1]: Starting OpenBSD Secure Shell server... May 22 08:21:55.206627 osdx sshd[4387]: Server listening on 0.0.0.0 port 22. May 22 08:21:55.206982 osdx sshd[4387]: Server listening on :: port 22. May 22 08:21:55.207165 osdx systemd[1]: Started OpenBSD Secure Shell server. May 22 08:21:55.230252 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:55.268881 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:55.315524 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:55.489825 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 22 08:21:58.171718 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:21:58.297523 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 22 08:21:58.385426 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 22 08:21:58.475070 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 22 08:21:58.583713 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 22 08:21:58.662220 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 22 08:21:58.780081 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 22 08:21:58.874931 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead'. May 22 08:21:59.018315 osdx ca-certificates[4450]: Updating certificates in /etc/ssl/certs... May 22 08:21:59.631617 osdx ca-certificates[5434]: 1 added, 0 removed; done. May 22 08:21:59.637645 osdx ca-certificates[5438]: Running hooks in /etc/ca-certificates/update.d... May 22 08:21:59.642721 osdx ca-certificates[5442]: done. May 22 08:21:59.725842 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:21:59.728778 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:21:59.733136 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:21:59.754251 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:21:59.754642 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Network connectivity detected May 22 08:21:59.755312 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Dropping privileges May 22 08:21:59.759704 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:21:59.760616 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Network connectivity detected May 22 08:21:59.760750 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:21:59.760836 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:21:59.760926 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Firefox workaround initialized May 22 08:21:59.761003 osdx dnscrypt-proxy[5449]: [2024-05-22 08:21:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpWZ652p] May 22 08:21:59.935905 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:00.210517 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:00.444762 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:00.717747 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:00.961127 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:01.204900 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:01.460777 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:01.702808 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:01.965029 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:02.205397 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:02.286437 osdx dnscrypt-proxy[5449]: [2024-05-22 08:22:02] [NOTICE] [DUT0] OK (DoH) - rtt: 553ms May 22 08:22:02.286437 osdx dnscrypt-proxy[5449]: [2024-05-22 08:22:02] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 553ms) May 22 08:22:02.286437 osdx dnscrypt-proxy[5449]: [2024-05-22 08:22:02] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:22:10 UTC, end at Wed 2024-05-22 08:22:15 UTC. -- May 22 08:22:10.363162 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:22:10.396291 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:22:10.977696 osdx osdx-coredump[31319]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:22:10.985696 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:22:11.786488 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:22:11.930026 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:22:12.016568 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:22:12.169461 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:22:12.255096 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:22:12.294844 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:22:12.328311 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:22:12.499157 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:22:13.694621 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 22 08:22:13.837108 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443'. May 22 08:22:14.013813 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:22:14.122463 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:22:14.224224 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:22:14.351592 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. May 22 08:22:14.400431 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:22:14.445756 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 22 08:22:14.567631 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 22 08:22:14.683942 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 22 08:22:14.784781 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 22 08:22:14.940292 osdx ca-certificates[31438]: Updating certificates in /etc/ssl/certs... May 22 08:22:15.615812 osdx ca-certificates[32423]: 1 added, 0 removed; done. May 22 08:22:15.620699 osdx ca-certificates[32429]: Running hooks in /etc/ca-certificates/update.d... May 22 08:22:15.625020 osdx ca-certificates[32431]: done. May 22 08:22:15.771446 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:22:15.774092 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:22:15.778221 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:22:15.790957 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:22:15.791203 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Network connectivity detected May 22 08:22:15.791411 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Dropping privileges May 22 08:22:15.793963 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Network connectivity detected May 22 08:22:15.794101 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:22:15.794173 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:22:15.794258 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 22 08:22:15.794341 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Firefox workaround initialized May 22 08:22:15.794405 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpu7vcPz] May 22 08:22:15.795190 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 22 08:22:15.795285 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 22 08:22:15.795354 osdx dnscrypt-proxy[32484]: [2024-05-22 08:22:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 22 08:22:15.805282 osdx OSDxCLI[18676]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-05-22 08:22:10 UTC, end at Wed 2024-05-22 08:22:17 UTC. -- May 22 08:22:10.365926 osdx systemd-journald[1363]: Runtime journal (/run/log/journal/45fcbf1f72434cdcb3afa54f808d79fa) is 1.2M, max 9.7M, 8.5M free. May 22 08:22:10.380669 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal clear'. May 22 08:22:11.185870 osdx osdx-coredump[7129]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:22:11.193535 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:22:12.552851 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:22:12.690694 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 22 08:22:12.769375 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:22:12.851425 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service ssh'. May 22 08:22:12.993209 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:22:13.135193 osdx systemd[1]: Starting OpenBSD Secure Shell server... May 22 08:22:13.149689 osdx sshd[7202]: Server listening on 0.0.0.0 port 22. May 22 08:22:13.150016 osdx sshd[7202]: Server listening on :: port 22. May 22 08:22:13.150177 osdx systemd[1]: Started OpenBSD Secure Shell server. May 22 08:22:13.169541 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:22:13.208530 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:22:13.252709 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:22:13.464763 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 22 08:22:16.059251 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9c31f228c99ffded4a5a225e536cbb2ff62974116d9cd73a8486305cb52b3ead'. May 22 08:22:16.244000 osdx OSDxCLI[1539]: User 'admin' entered the configuration menu. May 22 08:22:16.342451 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 22 08:22:16.458166 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 22 08:22:16.549501 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 22 08:22:16.655520 osdx OSDxCLI[1539]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgnDHyKMmf_e1KWiJeU2y7L_YpdBFtnNc6hIYwXLUrPq0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. May 22 08:22:16.777293 osdx ca-certificates[7268]: Updating certificates in /etc/ssl/certs... May 22 08:22:17.388224 osdx ca-certificates[8252]: 1 added, 0 removed; done. May 22 08:22:17.393978 osdx ca-certificates[8256]: Running hooks in /etc/ca-certificates/update.d... May 22 08:22:17.399056 osdx ca-certificates[8260]: done. May 22 08:22:17.478566 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:22:17.481390 osdx cfgd[993]: [1539]Completed change to active configuration May 22 08:22:17.489611 osdx OSDxCLI[1539]: User 'admin' committed the configuration. May 22 08:22:17.506399 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] dnscrypt-proxy 2.0.45 May 22 08:22:17.506796 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Network connectivity detected May 22 08:22:17.507371 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Dropping privileges May 22 08:22:17.509546 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Network connectivity detected May 22 08:22:17.509699 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 22 08:22:17.509782 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 22 08:22:17.509873 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Firefox workaround initialized May 22 08:22:17.509950 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpHqWpGp] May 22 08:22:17.514240 osdx OSDxCLI[1539]: User 'admin' left the configuration menu. May 22 08:22:17.697273 osdx OSDxCLI[1539]: User 'admin' executed a new command: 'system journal show | cat'. May 22 08:22:17.803812 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] [DUT0] OK (DoH) - rtt: 136ms May 22 08:22:17.803812 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 136ms) May 22 08:22:17.803812 osdx dnscrypt-proxy[8267]: [2024-05-22 08:22:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13