Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:41:26 UTC, end at Thu 2024-06-20 17:41:32 UTC. -- Jun 20 17:41:26.394572 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:41:26.413876 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:41:26.989423 osdx osdx-coredump[29730]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:41:26.999262 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:41:27.973941 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:41:28.127232 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:41:28.213332 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:41:28.393262 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:41:28.413426 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:41:28.413535 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:41:28.493939 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:41:28.543252 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:41:28.572037 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:41:28.778747 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:41:30.209493 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:41:30.366168 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:41:30.489502 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:41:30.616842 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:41:30.749534 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:41:30.869314 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:41:31.002816 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 20 17:41:31.128187 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 20 17:41:31.223859 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 17:41:31.322617 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 17:41:31.467412 osdx ca-certificates[29845]: Updating certificates in /etc/ssl/certs... Jun 20 17:41:32.179896 osdx ca-certificates[30829]: 1 added, 0 removed; done. Jun 20 17:41:32.184725 osdx ca-certificates[30835]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:41:32.190298 osdx ca-certificates[30837]: done. Jun 20 17:41:32.348871 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:41:32.352625 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:41:32.356627 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:41:32.369044 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:41:32.369311 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Network connectivity detected Jun 20 17:41:32.369793 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Dropping privileges Jun 20 17:41:32.373241 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Network connectivity detected Jun 20 17:41:32.373370 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:41:32.373370 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:41:32.373370 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 17:41:32.373370 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Firefox workaround initialized Jun 20 17:41:32.373370 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpizJ_Nv] Jun 20 17:41:32.391837 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:41:32.561265 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] [RD] OK (DoH) - rtt: 137ms Jun 20 17:41:32.561265 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 137ms) Jun 20 17:41:32.561265 osdx dnscrypt-proxy[30890]: [2024-06-20 17:41:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 17:41:32.584636 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:41:27 UTC, end at Thu 2024-06-20 17:41:36 UTC. -- Jun 20 17:41:27.381088 osdx systemd-journald[1579]: Runtime journal (/run/log/journal/d2ff267f764c4c0d91552e08315d2756) is 1.2M, max 9.7M, 8.5M free. Jun 20 17:41:27.394633 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:41:28.261681 osdx osdx-coredump[3985]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:41:28.271996 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:41:29.883153 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:41:29.992879 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 17:41:30.121180 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:41:30.234046 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 17:41:30.444207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:41:30.598302 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 20 17:41:30.616235 osdx sshd[4058]: Server listening on 0.0.0.0 port 22. Jun 20 17:41:30.616573 osdx sshd[4058]: Server listening on :: port 22. Jun 20 17:41:30.616748 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 20 17:41:30.636321 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:41:30.685588 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:41:30.710316 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:41:30.888687 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 17:41:33.937896 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:41:34.072086 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 17:41:34.167196 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 17:41:34.274179 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 17:41:34.412167 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 20 17:41:34.545048 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 20 17:41:34.669179 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 20 17:41:34.809874 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908'. Jun 20 17:41:34.944794 osdx ca-certificates[4121]: Updating certificates in /etc/ssl/certs... Jun 20 17:41:35.672991 osdx ca-certificates[5105]: 1 added, 0 removed; done. Jun 20 17:41:35.678766 osdx ca-certificates[5109]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:41:35.683755 osdx ca-certificates[5113]: done. Jun 20 17:41:35.767130 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:41:35.769727 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:41:35.774013 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:41:35.794732 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:41:35.795130 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Network connectivity detected Jun 20 17:41:35.795713 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Dropping privileges Jun 20 17:41:35.798052 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Network connectivity detected Jun 20 17:41:35.798218 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:41:35.798300 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:41:35.798406 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Firefox workaround initialized Jun 20 17:41:35.798487 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpR9gKN1] Jun 20 17:41:35.836410 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:41:36.056971 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:36] [NOTICE] [DUT0] OK (DoH) - rtt: 125ms Jun 20 17:41:36.056971 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:36] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 125ms) Jun 20 17:41:36.056971 osdx dnscrypt-proxy[5120]: [2024-06-20 17:41:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 17:41:36.058030 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:41:44 UTC, end at Thu 2024-06-20 17:41:50 UTC. -- Jun 20 17:41:44.495713 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:41:44.526709 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:41:45.158241 osdx osdx-coredump[32544]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:41:45.166492 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:41:46.080823 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:41:46.220734 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:41:46.327337 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:41:46.454173 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:41:46.549329 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:41:46.588649 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:41:46.616640 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:41:46.796312 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:41:48.255183 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:41:48.439200 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:41:48.543569 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:41:48.672281 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:41:48.803325 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jun 20 17:41:48.916959 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 20 17:41:49.024205 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 20 17:41:49.144247 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 17:41:49.236653 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 17:41:49.331339 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 17:41:49.470056 osdx ca-certificates[32662]: Updating certificates in /etc/ssl/certs... Jun 20 17:41:50.168952 osdx ca-certificates[1191]: 1 added, 0 removed; done. Jun 20 17:41:50.175159 osdx ca-certificates[1198]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:41:50.181171 osdx ca-certificates[1200]: done. Jun 20 17:41:50.369672 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:41:50.371796 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:41:50.375870 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:41:50.400053 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:41:50.400587 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Network connectivity detected Jun 20 17:41:50.401223 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Dropping privileges Jun 20 17:41:50.404918 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Network connectivity detected Jun 20 17:41:50.405030 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:41:50.405030 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:41:50.405030 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 17:41:50.405030 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Firefox workaround initialized Jun 20 17:41:50.405030 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfKJkW4] Jun 20 17:41:50.444358 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:41:50.574603 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] [RD] OK (DoH) - rtt: 118ms Jun 20 17:41:50.574813 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) Jun 20 17:41:50.574921 osdx dnscrypt-proxy[1254]: [2024-06-20 17:41:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:41:44 UTC, end at Thu 2024-06-20 17:41:52 UTC. -- Jun 20 17:41:44.446822 osdx systemd-journald[1579]: Runtime journal (/run/log/journal/d2ff267f764c4c0d91552e08315d2756) is 1.2M, max 9.7M, 8.5M free. Jun 20 17:41:44.466464 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:41:45.375444 osdx osdx-coredump[6751]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:41:45.383347 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:41:46.809774 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:41:46.981365 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 17:41:47.096904 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:41:47.216237 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 17:41:47.394490 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:41:47.561933 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 20 17:41:47.575736 osdx sshd[6824]: Server listening on 0.0.0.0 port 22. Jun 20 17:41:47.576049 osdx sshd[6824]: Server listening on :: port 22. Jun 20 17:41:47.576207 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 20 17:41:47.596237 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:41:47.643852 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:41:47.699462 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:41:47.906190 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 17:41:50.676228 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908'. Jun 20 17:41:50.851247 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:41:50.952909 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 17:41:51.040538 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 17:41:51.135088 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 17:41:51.250838 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 20 17:41:51.378911 osdx ca-certificates[6888]: Updating certificates in /etc/ssl/certs... Jun 20 17:41:52.118720 osdx ca-certificates[7872]: 1 added, 0 removed; done. Jun 20 17:41:52.128262 osdx ca-certificates[7876]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:41:52.135450 osdx ca-certificates[7880]: done. Jun 20 17:41:52.229942 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:41:52.232534 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:41:52.240416 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:41:52.269008 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:41:52.269503 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Network connectivity detected Jun 20 17:41:52.270206 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Dropping privileges Jun 20 17:41:52.273582 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Network connectivity detected Jun 20 17:41:52.273829 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:41:52.273955 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:41:52.274099 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Firefox workaround initialized Jun 20 17:41:52.274223 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpMgqLfQ] Jun 20 17:41:52.281120 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:41:52.470073 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal show | cat'. Jun 20 17:41:52.549477 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] [DUT0] OK (DoH) - rtt: 125ms Jun 20 17:41:52.549477 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 125ms) Jun 20 17:41:52.549477 osdx dnscrypt-proxy[7887]: [2024-06-20 17:41:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:42:01 UTC, end at Thu 2024-06-20 17:42:07 UTC. -- Jun 20 17:42:01.496129 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:42:01.516954 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:42:02.280763 osdx osdx-coredump[2931]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:42:02.291035 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:42:03.232065 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:42:03.374016 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:42:03.484198 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:42:03.682321 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:42:03.804058 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:42:03.855315 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:42:03.899090 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:42:04.134009 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:42:05.529149 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 17:42:05.742153 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:42:05.878936 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:42:06.034510 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:42:06.141927 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 20 17:42:06.237518 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 20 17:42:06.348235 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 20 17:42:06.480191 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b'. Jun 20 17:42:06.574166 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 17:42:06.714346 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 20 17:42:06.819329 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 20 17:42:06.942916 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 17:42:07.088563 osdx ca-certificates[3049]: Updating certificates in /etc/ssl/certs... Jun 20 17:42:07.758057 osdx ca-certificates[4032]: 1 added, 0 removed; done. Jun 20 17:42:07.765101 osdx ca-certificates[4039]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:42:07.769945 osdx ca-certificates[4041]: done. Jun 20 17:42:07.904341 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:42:07.915517 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:42:07.918611 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:42:07.926772 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:42:07.945569 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:42:07.945569 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Network connectivity detected Jun 20 17:42:07.945569 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Dropping privileges Jun 20 17:42:07.949463 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Network connectivity detected Jun 20 17:42:07.949584 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:42:07.949584 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:42:07.949584 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 17:42:07.949584 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Firefox workaround initialized Jun 20 17:42:07.949584 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp51tbTM] Jun 20 17:42:07.950996 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 17:42:07.950996 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 17:42:07.950996 osdx dnscrypt-proxy[4094]: [2024-06-20 17:42:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 17:42:07.968059 osdx OSDxCLI[19773]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:42:01 UTC, end at Thu 2024-06-20 17:42:10 UTC. -- Jun 20 17:42:01.449617 osdx systemd-journald[1579]: Runtime journal (/run/log/journal/d2ff267f764c4c0d91552e08315d2756) is 1.2M, max 9.7M, 8.5M free. Jun 20 17:42:01.468384 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:42:02.451479 osdx osdx-coredump[9524]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:42:02.459607 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:42:04.164063 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:42:04.325497 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 17:42:04.435631 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:42:04.546697 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 17:42:04.733666 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:42:04.888037 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 20 17:42:04.901983 osdx sshd[9597]: Server listening on 0.0.0.0 port 22. Jun 20 17:42:04.902294 osdx sshd[9597]: Server listening on :: port 22. Jun 20 17:42:04.902453 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 20 17:42:04.921588 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:42:04.959289 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:42:04.989729 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:42:05.193635 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 17:42:08.253358 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:42:08.385186 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 17:42:08.476447 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 17:42:08.584060 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 17:42:08.734128 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 20 17:42:08.831376 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 20 17:42:08.960209 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 20 17:42:09.097395 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908'. Jun 20 17:42:09.272200 osdx ca-certificates[9660]: Updating certificates in /etc/ssl/certs... Jun 20 17:42:10.100731 osdx ca-certificates[10645]: 1 added, 0 removed; done. Jun 20 17:42:10.106821 osdx ca-certificates[10649]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:42:10.112223 osdx ca-certificates[10653]: done. Jun 20 17:42:10.195439 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:42:10.198111 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:42:10.202445 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:42:10.223640 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:42:10.224041 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Network connectivity detected Jun 20 17:42:10.224611 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Dropping privileges Jun 20 17:42:10.226735 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Network connectivity detected Jun 20 17:42:10.226895 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:42:10.226978 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:42:10.227069 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Firefox workaround initialized Jun 20 17:42:10.227143 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpzXFUc6] Jun 20 17:42:10.242192 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:42:10.431463 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal show | cat'. Jun 20 17:42:10.472305 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Jun 20 17:42:10.472305 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms) Jun 20 17:42:10.472305 osdx dnscrypt-proxy[10660]: [2024-06-20 17:42:10] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:42:19 UTC, end at Thu 2024-06-20 17:42:25 UTC. -- Jun 20 17:42:19.408944 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:42:19.443746 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:42:20.123066 osdx osdx-coredump[5742]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:42:20.131023 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:42:21.104757 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:42:21.263642 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:42:21.378853 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:42:21.507954 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:42:21.600382 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:42:21.650802 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:42:21.679919 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:42:21.888758 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:42:23.181981 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:42:23.260993 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 17:42:23.441152 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443'. Jun 20 17:42:23.644686 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:42:23.745310 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:42:23.839874 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:42:23.948867 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jun 20 17:42:23.956156 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:42:24.028543 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 17:42:24.147846 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 20 17:42:24.267684 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 20 17:42:24.371372 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 17:42:24.524565 osdx ca-certificates[5864]: Updating certificates in /etc/ssl/certs... Jun 20 17:42:25.247806 osdx ca-certificates[6848]: 1 added, 0 removed; done. Jun 20 17:42:25.252881 osdx ca-certificates[6854]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:42:25.257600 osdx ca-certificates[6856]: done. Jun 20 17:42:25.397011 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:42:25.399425 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:42:25.402875 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:42:25.418315 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:42:25.418663 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Network connectivity detected Jun 20 17:42:25.418899 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Dropping privileges Jun 20 17:42:25.422262 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Network connectivity detected Jun 20 17:42:25.422370 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:42:25.422370 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:42:25.422370 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 17:42:25.422370 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Firefox workaround initialized Jun 20 17:42:25.422370 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0SIAuG] Jun 20 17:42:25.423272 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 17:42:25.423384 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 17:42:25.423485 osdx dnscrypt-proxy[6909]: [2024-06-20 17:42:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 17:42:25.456849 osdx OSDxCLI[19773]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-06-20 17:42:19 UTC, end at Thu 2024-06-20 17:42:27 UTC. -- Jun 20 17:42:19.403380 osdx systemd-journald[1579]: Runtime journal (/run/log/journal/d2ff267f764c4c0d91552e08315d2756) is 1.2M, max 9.7M, 8.5M free. Jun 20 17:42:19.422205 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:42:20.374111 osdx osdx-coredump[12290]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:42:20.384970 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:42:21.922047 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:42:22.086619 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 17:42:22.191700 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:42:22.307725 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 17:42:22.481123 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:42:22.635389 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 20 17:42:22.649050 osdx sshd[12363]: Server listening on 0.0.0.0 port 22. Jun 20 17:42:22.649459 osdx sshd[12363]: Server listening on :: port 22. Jun 20 17:42:22.649617 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 20 17:42:22.668722 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:42:22.710867 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:42:22.737804 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:42:22.975766 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 17:42:25.778958 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 77f80ed82c920928fbb5e828c88818ee9fd2a73704b10ec78ac5ca02c183b908'. Jun 20 17:42:25.987335 osdx OSDxCLI[1761]: User 'admin' entered the configuration menu. Jun 20 17:42:26.093905 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 17:42:26.198188 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 17:42:26.306756 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 17:42:26.418434 osdx OSDxCLI[1761]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgd_gO2CySCSj7tegoyIgY7p_SpzcEsQ7HisXKAsGDuQgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 20 17:42:26.538069 osdx ca-certificates[12427]: Updating certificates in /etc/ssl/certs... Jun 20 17:42:27.174590 osdx ca-certificates[13411]: 1 added, 0 removed; done. Jun 20 17:42:27.180424 osdx ca-certificates[13415]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:42:27.186186 osdx ca-certificates[13419]: done. Jun 20 17:42:27.266279 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:42:27.268954 osdx cfgd[1210]: [1761]Completed change to active configuration Jun 20 17:42:27.273166 osdx OSDxCLI[1761]: User 'admin' committed the configuration. Jun 20 17:42:27.296326 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 17:42:27.296952 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Network connectivity detected Jun 20 17:42:27.297684 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Dropping privileges Jun 20 17:42:27.299923 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Network connectivity detected Jun 20 17:42:27.300084 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 17:42:27.300167 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 17:42:27.300260 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Firefox workaround initialized Jun 20 17:42:27.300341 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpHMivc9] Jun 20 17:42:27.306497 osdx OSDxCLI[1761]: User 'admin' left the configuration menu. Jun 20 17:42:27.525462 osdx OSDxCLI[1761]: User 'admin' executed a new command: 'system journal show | cat'. Jun 20 17:42:27.627178 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] [DUT0] OK (DoH) - rtt: 188ms Jun 20 17:42:27.627178 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 188ms) Jun 20 17:42:27.627178 osdx dnscrypt-proxy[13426]: [2024-06-20 17:42:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13