Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:23 UTC, end at Wed 2024-06-12 22:00:29 UTC. -- Jun 12 22:00:23.385016 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 22:00:23.410736 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:24.079342 osdx osdx-coredump[22785]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:24.087626 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:24.963818 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:00:25.108814 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 22:00:25.191165 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:00:25.341370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:00:25.442901 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:00:25.482613 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:00:25.531696 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:00:25.717054 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 22:00:27.081769 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:00:27.254037 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 22:00:27.385825 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 22:00:27.566527 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 22:00:27.687465 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 22:00:27.814860 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 22:00:27.920736 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 12 22:00:28.040299 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 12 22:00:28.133817 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 12 22:00:28.255994 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 12 22:00:28.394601 osdx ca-certificates[22900]: Updating certificates in /etc/ssl/certs... Jun 12 22:00:29.130247 osdx ca-certificates[23883]: 1 added, 0 removed; done. Jun 12 22:00:29.135029 osdx ca-certificates[23890]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:00:29.139444 osdx ca-certificates[23892]: done. Jun 12 22:00:29.316067 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:00:29.318018 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:00:29.321921 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:00:29.340519 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:00:29.340790 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Network connectivity detected Jun 12 22:00:29.341202 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Dropping privileges Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Network connectivity detected Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Firefox workaround initialized Jun 12 22:00:29.344908 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpRAcC1m] Jun 12 22:00:29.349856 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:00:29.489421 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] [RD] OK (DoH) - rtt: 112ms Jun 12 22:00:29.489599 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] Server with the lowest initial latency: RD (rtt: 112ms) Jun 12 22:00:29.489728 osdx dnscrypt-proxy[23945]: [2024-06-12 22:00:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:24 UTC, end at Wed 2024-06-12 22:00:32 UTC. -- Jun 12 22:00:24.380106 osdx systemd-journald[1362]: Runtime journal (/run/log/journal/054ac71dd7e64053b7445b34731f3c87) is 1.2M, max 9.7M, 8.5M free. Jun 12 22:00:24.398611 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:25.334449 osdx osdx-coredump[13905]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:25.342376 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:26.766205 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:00:26.902515 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 12 22:00:27.022676 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:00:27.141017 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service ssh'. Jun 12 22:00:27.307758 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:00:27.447607 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 12 22:00:27.461638 osdx sshd[13978]: Server listening on 0.0.0.0 port 22. Jun 12 22:00:27.461951 osdx sshd[13978]: Server listening on :: port 22. Jun 12 22:00:27.462118 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 12 22:00:27.483266 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:00:27.520956 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:00:27.564150 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:00:27.784021 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 12 22:00:30.661112 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:00:30.771916 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 12 22:00:30.904446 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 12 22:00:31.035058 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 12 22:00:31.179323 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 12 22:00:31.266249 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 12 22:00:31.375762 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 12 22:00:31.497975 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629'. Jun 12 22:00:31.646157 osdx ca-certificates[14042]: Updating certificates in /etc/ssl/certs... Jun 12 22:00:32.277342 osdx ca-certificates[15026]: 1 added, 0 removed; done. Jun 12 22:00:32.283083 osdx ca-certificates[15030]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:00:32.288631 osdx ca-certificates[15034]: done. Jun 12 22:00:32.371300 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:00:32.374025 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:00:32.378451 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:00:32.401049 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:00:32.401561 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Network connectivity detected Jun 12 22:00:32.402378 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Dropping privileges Jun 12 22:00:32.404593 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Network connectivity detected Jun 12 22:00:32.404753 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:00:32.404833 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:00:32.404927 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Firefox workaround initialized Jun 12 22:00:32.405001 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpynINgm] Jun 12 22:00:32.426725 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:00:32.661551 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal show | cat'. Jun 12 22:00:32.706143 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Jun 12 22:00:32.706143 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Jun 12 22:00:32.706143 osdx dnscrypt-proxy[15041]: [2024-06-12 22:00:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:40 UTC, end at Wed 2024-06-12 22:00:46 UTC. -- Jun 12 22:00:40.508632 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 22:00:40.534045 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:41.125831 osdx osdx-coredump[25593]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:41.136077 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:42.079405 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:00:42.221827 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 22:00:42.312887 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:00:42.435805 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:00:42.544850 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:00:42.602737 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:00:42.640161 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:00:42.841442 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 22:00:44.102320 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 22:00:44.292527 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:00:44.407541 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 22:00:44.499436 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 22:00:44.606320 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jun 12 22:00:44.697140 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 12 22:00:44.812279 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 12 22:00:44.915294 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 12 22:00:45.031890 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 12 22:00:45.136799 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 12 22:00:45.296657 osdx ca-certificates[25711]: Updating certificates in /etc/ssl/certs... Jun 12 22:00:46.008357 osdx ca-certificates[26694]: 1 added, 0 removed; done. Jun 12 22:00:46.013154 osdx ca-certificates[26701]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:00:46.017971 osdx ca-certificates[26703]: done. Jun 12 22:00:46.152203 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:00:46.154660 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:00:46.158228 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:00:46.172557 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:00:46.172860 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Network connectivity detected Jun 12 22:00:46.173021 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Dropping privileges Jun 12 22:00:46.175667 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Network connectivity detected Jun 12 22:00:46.175773 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:00:46.175773 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:00:46.175773 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 12 22:00:46.175773 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Firefox workaround initialized Jun 12 22:00:46.175773 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7uMX5P] Jun 12 22:00:46.184345 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:00:46.329536 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] [RD] OK (DoH) - rtt: 116ms Jun 12 22:00:46.329536 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 116ms) Jun 12 22:00:46.329536 osdx dnscrypt-proxy[26756]: [2024-06-12 22:00:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:40 UTC, end at Wed 2024-06-12 22:00:48 UTC. -- Jun 12 22:00:40.435700 osdx systemd-journald[1362]: Runtime journal (/run/log/journal/054ac71dd7e64053b7445b34731f3c87) is 1.2M, max 9.7M, 8.5M free. Jun 12 22:00:40.454218 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:41.333655 osdx osdx-coredump[16671]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:41.342350 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:42.829307 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:00:42.975148 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 12 22:00:43.053743 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:00:43.139822 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service ssh'. Jun 12 22:00:43.283533 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:00:43.441272 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 12 22:00:43.458765 osdx sshd[16744]: Server listening on 0.0.0.0 port 22. Jun 12 22:00:43.459149 osdx sshd[16744]: Server listening on :: port 22. Jun 12 22:00:43.459304 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 12 22:00:43.479408 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:00:43.528741 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:00:43.554031 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:00:43.745127 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 12 22:00:46.402500 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629'. Jun 12 22:00:46.581173 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:00:46.684607 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 12 22:00:46.825046 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 12 22:00:46.918765 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 12 22:00:47.024083 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 12 22:00:47.154383 osdx ca-certificates[16808]: Updating certificates in /etc/ssl/certs... Jun 12 22:00:47.771787 osdx ca-certificates[17792]: 1 added, 0 removed; done. Jun 12 22:00:47.777904 osdx ca-certificates[17796]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:00:47.783273 osdx ca-certificates[17800]: done. Jun 12 22:00:47.861883 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:00:47.864995 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:00:47.872466 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:00:47.890173 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:00:47.890584 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Network connectivity detected Jun 12 22:00:47.891139 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Dropping privileges Jun 12 22:00:47.893535 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Network connectivity detected Jun 12 22:00:47.893709 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:00:47.893804 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:00:47.893896 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Firefox workaround initialized Jun 12 22:00:47.893971 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpZ6vO1H] Jun 12 22:00:47.897529 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:00:48.100657 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal show | cat'. Jun 12 22:00:48.252979 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:48] [NOTICE] [DUT0] OK (DoH) - rtt: 203ms Jun 12 22:00:48.252979 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:48] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 203ms) Jun 12 22:00:48.252979 osdx dnscrypt-proxy[17807]: [2024-06-12 22:00:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:56 UTC, end at Wed 2024-06-12 22:01:02 UTC. -- Jun 12 22:00:56.401905 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 22:00:56.416595 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:57.011423 osdx osdx-coredump[28404]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:57.020188 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:57.951306 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:00:58.121772 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 22:00:58.253335 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:00:58.405301 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:00:58.504884 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:00:58.553563 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:00:58.580942 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:00:58.755826 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 22:01:00.010703 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 12 22:01:00.192056 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:01:00.295572 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 22:01:00.403858 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 22:01:00.555361 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 12 22:01:00.673522 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 12 22:01:00.805199 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 12 22:01:00.943504 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b'. Jun 12 22:01:01.080475 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 12 22:01:01.269198 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 12 22:01:01.365084 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 12 22:01:01.506901 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 12 22:01:01.684746 osdx ca-certificates[28526]: Updating certificates in /etc/ssl/certs... Jun 12 22:01:02.396948 osdx ca-certificates[29510]: 1 added, 0 removed; done. Jun 12 22:01:02.403352 osdx ca-certificates[29517]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:01:02.408008 osdx ca-certificates[29519]: done. Jun 12 22:01:02.575659 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:01:02.579202 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:01:02.582920 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:01:02.598370 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:01:02.598630 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Network connectivity detected Jun 12 22:01:02.598944 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Dropping privileges Jun 12 22:01:02.602525 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Network connectivity detected Jun 12 22:01:02.602724 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:01:02.602818 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:01:02.602925 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 12 22:01:02.603032 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Firefox workaround initialized Jun 12 22:01:02.603162 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpSWqJfs] Jun 12 22:01:02.604266 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 12 22:01:02.604406 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 12 22:01:02.604504 osdx dnscrypt-proxy[29572]: [2024-06-12 22:01:02] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 12 22:01:02.628109 osdx OSDxCLI[16771]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:00:57 UTC, end at Wed 2024-06-12 22:01:06 UTC. -- Jun 12 22:00:57.428536 osdx systemd-journald[1362]: Runtime journal (/run/log/journal/054ac71dd7e64053b7445b34731f3c87) is 1.2M, max 9.7M, 8.5M free. Jun 12 22:00:57.441216 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:00:58.279287 osdx osdx-coredump[19437]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:00:58.287124 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:00:59.826415 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:01:00.001631 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 12 22:01:00.081651 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:01:00.199286 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service ssh'. Jun 12 22:01:00.343677 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:01:00.493815 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 12 22:01:00.508111 osdx sshd[19510]: Server listening on 0.0.0.0 port 22. Jun 12 22:01:00.508416 osdx sshd[19510]: Server listening on :: port 22. Jun 12 22:01:00.508572 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 12 22:01:00.530235 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:01:00.566986 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:01:00.590992 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:01:00.764297 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 12 22:01:03.907946 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:01:04.050257 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 12 22:01:04.146501 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 12 22:01:04.246132 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 12 22:01:04.409650 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 12 22:01:04.502938 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 12 22:01:04.641741 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 12 22:01:04.764125 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629'. Jun 12 22:01:04.927709 osdx ca-certificates[19580]: Updating certificates in /etc/ssl/certs... Jun 12 22:01:05.569521 osdx ca-certificates[20564]: 1 added, 0 removed; done. Jun 12 22:01:05.575720 osdx ca-certificates[20568]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:01:05.580890 osdx ca-certificates[20572]: done. Jun 12 22:01:05.673294 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:01:05.676025 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:01:05.680287 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:01:05.701098 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:01:05.701505 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Network connectivity detected Jun 12 22:01:05.702100 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Dropping privileges Jun 12 22:01:05.706674 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:01:05.707573 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Network connectivity detected Jun 12 22:01:05.707705 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:01:05.707787 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:01:05.707877 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Firefox workaround initialized Jun 12 22:01:05.707955 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvakZs9] Jun 12 22:01:05.923151 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal show | cat'. Jun 12 22:01:06.006881 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:06] [NOTICE] [DUT0] OK (DoH) - rtt: 122ms Jun 12 22:01:06.006881 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:06] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 122ms) Jun 12 22:01:06.006881 osdx dnscrypt-proxy[20579]: [2024-06-12 22:01:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:01:14 UTC, end at Wed 2024-06-12 22:01:20 UTC. -- Jun 12 22:01:14.464321 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 22:01:14.493765 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:01:15.142112 osdx osdx-coredump[31219]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:01:15.150358 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:01:15.979167 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:01:16.120181 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 22:01:16.210001 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:01:16.365257 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:01:16.445122 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:01:16.483129 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:01:16.530369 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 22:01:16.739871 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 22:01:18.037689 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 12 22:01:18.179376 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443'. Jun 12 22:01:18.408846 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 22:01:18.509937 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 22:01:18.623881 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 22:01:18.769011 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jun 12 22:01:18.846384 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 12 22:01:18.969017 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 12 22:01:19.085590 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 12 22:01:19.180685 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 12 22:01:19.319058 osdx ca-certificates[31338]: Updating certificates in /etc/ssl/certs... Jun 12 22:01:19.988794 osdx ca-certificates[32321]: 1 added, 0 removed; done. Jun 12 22:01:19.995026 osdx ca-certificates[32328]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:01:19.999808 osdx ca-certificates[32330]: done. Jun 12 22:01:20.137728 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:01:20.140382 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 22:01:20.144183 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 22:01:20.158894 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:01:20.159202 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Network connectivity detected Jun 12 22:01:20.159488 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Dropping privileges Jun 12 22:01:20.162694 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Network connectivity detected Jun 12 22:01:20.162694 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:01:20.162807 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:01:20.162807 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 12 22:01:20.162807 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Firefox workaround initialized Jun 12 22:01:20.162807 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpHsm8ot] Jun 12 22:01:20.163643 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 12 22:01:20.163643 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 12 22:01:20.163643 osdx dnscrypt-proxy[32383]: [2024-06-12 22:01:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 12 22:01:20.173009 osdx OSDxCLI[16771]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-06-12 22:01:14 UTC, end at Wed 2024-06-12 22:01:22 UTC. -- Jun 12 22:01:14.436034 osdx systemd-journald[1362]: Runtime journal (/run/log/journal/054ac71dd7e64053b7445b34731f3c87) is 1.2M, max 9.7M, 8.5M free. Jun 12 22:01:14.449458 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal clear'. Jun 12 22:01:15.323727 osdx osdx-coredump[22209]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 22:01:15.332091 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 22:01:16.794859 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:01:16.910292 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 12 22:01:17.013652 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 22:01:17.132984 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service ssh'. Jun 12 22:01:17.305409 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 22:01:17.458048 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 12 22:01:17.477754 osdx sshd[22282]: Server listening on 0.0.0.0 port 22. Jun 12 22:01:17.478219 osdx sshd[22282]: Server listening on :: port 22. Jun 12 22:01:17.478445 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 12 22:01:17.501931 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:01:17.538883 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:01:17.584442 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:01:17.765952 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 12 22:01:20.436497 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2821ab6bd5f71396cb5d9d9aad4720077d53e221cc34750365cee45666693629'. Jun 12 22:01:20.630807 osdx OSDxCLI[1540]: User 'admin' entered the configuration menu. Jun 12 22:01:20.759352 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 12 22:01:20.908565 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 12 22:01:21.004182 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 12 22:01:21.116938 osdx OSDxCLI[1540]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKCGra9X3E5bLXZ2arUcgB31T4iHMNHUDZc7kVmZpNikNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 12 22:01:21.255655 osdx ca-certificates[22346]: Updating certificates in /etc/ssl/certs... Jun 12 22:01:21.971500 osdx ca-certificates[23330]: 1 added, 0 removed; done. Jun 12 22:01:21.979858 osdx ca-certificates[23334]: Running hooks in /etc/ca-certificates/update.d... Jun 12 22:01:21.987649 osdx ca-certificates[23338]: done. Jun 12 22:01:22.075798 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 22:01:22.078351 osdx cfgd[997]: [1540]Completed change to active configuration Jun 12 22:01:22.083413 osdx OSDxCLI[1540]: User 'admin' committed the configuration. Jun 12 22:01:22.116411 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] dnscrypt-proxy 2.0.45 Jun 12 22:01:22.116898 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Network connectivity detected Jun 12 22:01:22.117653 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Dropping privileges Jun 12 22:01:22.120913 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Network connectivity detected Jun 12 22:01:22.121120 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 12 22:01:22.121226 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 12 22:01:22.121343 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Firefox workaround initialized Jun 12 22:01:22.121471 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaovi4j] Jun 12 22:01:22.140607 osdx OSDxCLI[1540]: User 'admin' left the configuration menu. Jun 12 22:01:22.351317 osdx OSDxCLI[1540]: User 'admin' executed a new command: 'system journal show | cat'. Jun 12 22:01:22.355073 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] [DUT0] OK (DoH) - rtt: 118ms Jun 12 22:01:22.355073 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 118ms) Jun 12 22:01:22.355073 osdx dnscrypt-proxy[23345]: [2024-06-12 22:01:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13