Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:12 UTC, end at Mon 2024-06-24 12:30:18 UTC. -- Jun 24 12:30:12.360249 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:30:12.382851 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:13.042614 osdx osdx-coredump[2866]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:13.050705 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:13.928488 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:14.065616 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:30:14.156804 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:14.281439 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:14.362010 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:14.405277 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:14.433653 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:30:14.633803 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:30:15.897150 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:16.013442 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:30:16.098760 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:30:16.242389 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:30:16.346423 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:30:16.450016 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:30:16.611137 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 24 12:30:16.705915 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 24 12:30:16.799879 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 12:30:16.960133 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 12:30:17.112773 osdx ca-certificates[2981]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:17.843336 osdx ca-certificates[3965]: 1 added, 0 removed; done. Jun 24 12:30:17.848114 osdx ca-certificates[3972]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:17.852628 osdx ca-certificates[3974]: done. Jun 24 12:30:18.009628 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:18.011923 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:18.015699 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:18.031173 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:18.031513 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Network connectivity detected Jun 24 12:30:18.031725 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Dropping privileges Jun 24 12:30:18.034469 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Network connectivity detected Jun 24 12:30:18.034469 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:18.034469 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:18.034613 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 12:30:18.034613 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Firefox workaround initialized Jun 24 12:30:18.034613 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_hhibS] Jun 24 12:30:18.048108 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:30:18.203000 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] [RD] OK (DoH) - rtt: 133ms Jun 24 12:30:18.203285 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] Server with the lowest initial latency: RD (rtt: 133ms) Jun 24 12:30:18.203417 osdx dnscrypt-proxy[4027]: [2024-06-24 12:30:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:12 UTC, end at Mon 2024-06-24 12:30:20 UTC. -- Jun 24 12:30:12.355263 osdx systemd-journald[1367]: Runtime journal (/run/log/journal/049b8f2538614231939f1117c2f6fd80) is 2.4M, max 9.7M, 7.3M free. Jun 24 12:30:12.375823 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:13.301904 osdx osdx-coredump[2559]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:13.309842 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:14.697953 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:14.829857 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 12:30:14.903014 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:15.042561 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 12:30:15.178993 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:15.313271 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 24 12:30:15.326900 osdx sshd[2632]: Server listening on 0.0.0.0 port 22. Jun 24 12:30:15.327309 osdx sshd[2632]: Server listening on :: port 22. Jun 24 12:30:15.327466 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 24 12:30:15.346237 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:15.382263 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:15.417628 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:15.608138 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 12:30:18.327910 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:18.451494 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 12:30:18.550995 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 12:30:18.658471 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 12:30:18.806103 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 24 12:30:18.926065 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 24 12:30:19.078082 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 24 12:30:19.232043 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3'. Jun 24 12:30:19.393918 osdx ca-certificates[2695]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:20.203814 osdx ca-certificates[3679]: 1 added, 0 removed; done. Jun 24 12:30:20.212139 osdx ca-certificates[3684]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:20.219056 osdx ca-certificates[3687]: done. Jun 24 12:30:20.317948 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:20.321945 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:20.333044 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:20.358178 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:20.365269 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:20.365811 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Network connectivity detected Jun 24 12:30:20.366457 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Dropping privileges Jun 24 12:30:20.369739 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Network connectivity detected Jun 24 12:30:20.369957 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:20.370067 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:20.370189 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Firefox workaround initialized Jun 24 12:30:20.370296 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7uFotH] Jun 24 12:30:20.587787 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:20.673656 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms Jun 24 12:30:20.673656 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) Jun 24 12:30:20.673656 osdx dnscrypt-proxy[3694]: [2024-06-24 12:30:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:29 UTC, end at Mon 2024-06-24 12:30:36 UTC. -- Jun 24 12:30:29.413415 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:30:29.439048 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:30.053327 osdx osdx-coredump[5679]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:30.063013 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:30.974447 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:31.124412 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:30:31.217742 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:31.360685 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:31.475092 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:31.526435 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:31.599075 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:30:31.793520 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:30:33.193436 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:30:33.415764 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:33.595564 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:30:33.715835 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:30:33.857200 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDsRGdRi9qUCxBGSnYwxXDncXA1zAMuWuO-x8T5N_ANjgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jun 24 12:30:33.962626 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 24 12:30:34.062785 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 24 12:30:34.199420 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 12:30:34.304720 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 12:30:34.420233 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 12:30:34.583912 osdx ca-certificates[5797]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:35.366833 osdx ca-certificates[6781]: 1 added, 0 removed; done. Jun 24 12:30:35.371628 osdx ca-certificates[6788]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:35.376475 osdx ca-certificates[6790]: done. Jun 24 12:30:35.547747 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:35.549672 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:35.553038 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:35.577446 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:35.577819 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Network connectivity detected Jun 24 12:30:35.578084 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Dropping privileges Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Network connectivity detected Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Firefox workaround initialized Jun 24 12:30:35.588039 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbppLMK] Jun 24 12:30:35.596292 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:30:35.852042 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:36.064607 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:36] [NOTICE] [RD] OK (DoH) - rtt: 434ms Jun 24 12:30:36.064607 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:36] [NOTICE] Server with the lowest initial latency: RD (rtt: 434ms) Jun 24 12:30:36.064607 osdx dnscrypt-proxy[6843]: [2024-06-24 12:30:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:29 UTC, end at Mon 2024-06-24 12:30:38 UTC. -- Jun 24 12:30:29.396959 osdx systemd-journald[1367]: Runtime journal (/run/log/journal/049b8f2538614231939f1117c2f6fd80) is 1.2M, max 9.7M, 8.5M free. Jun 24 12:30:29.415559 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:30.325170 osdx osdx-coredump[5322]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:30.332830 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:31.830249 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:31.974376 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 12:30:32.067269 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:32.175907 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 12:30:32.337650 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:32.555991 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 24 12:30:32.573298 osdx sshd[5395]: Server listening on 0.0.0.0 port 22. Jun 24 12:30:32.573779 osdx sshd[5395]: Server listening on :: port 22. Jun 24 12:30:32.574013 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 24 12:30:32.600269 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:32.660765 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:32.730550 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:32.906034 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 12:30:36.232096 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3'. Jun 24 12:30:36.418759 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:36.538653 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 12:30:36.674530 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 12:30:36.820626 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 12:30:36.964928 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 24 12:30:37.112567 osdx ca-certificates[5459]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:37.800724 osdx ca-certificates[6443]: 1 added, 0 removed; done. Jun 24 12:30:37.806753 osdx ca-certificates[6447]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:37.811908 osdx ca-certificates[6451]: done. Jun 24 12:30:37.890024 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:37.892648 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:37.896835 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:37.919449 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:37.919828 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Network connectivity detected Jun 24 12:30:37.920438 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Dropping privileges Jun 24 12:30:37.925170 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:37.925990 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Network connectivity detected Jun 24 12:30:37.926119 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:37.926201 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:37.926295 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Firefox workaround initialized Jun 24 12:30:37.926370 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqDM59E] Jun 24 12:30:38.100723 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:38.366690 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:38.605948 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:38.763164 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:38] [NOTICE] [DUT0] OK (DoH) - rtt: 302ms Jun 24 12:30:38.763164 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:38] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 302ms) Jun 24 12:30:38.763164 osdx dnscrypt-proxy[6458]: [2024-06-24 12:30:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:47 UTC, end at Mon 2024-06-24 12:30:53 UTC. -- Jun 24 12:30:47.430203 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:30:47.446185 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:48.092313 osdx osdx-coredump[8498]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:48.101943 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:48.934653 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:49.037476 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:30:49.140623 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:49.295859 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:49.393481 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:49.441886 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:49.465432 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:30:49.670160 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:30:50.978341 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 12:30:51.141544 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:30:51.244603 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:30:51.357676 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:30:51.471546 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 24 12:30:51.564935 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 24 12:30:51.668497 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 24 12:30:51.774119 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b'. Jun 24 12:30:51.876374 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 12:30:51.996229 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 24 12:30:52.134346 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 24 12:30:52.245701 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 12:30:52.497005 osdx ca-certificates[8616]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:53.214707 osdx ca-certificates[9600]: 1 added, 0 removed; done. Jun 24 12:30:53.219059 osdx ca-certificates[9607]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:53.223697 osdx ca-certificates[9609]: done. Jun 24 12:30:53.359541 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:53.362002 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:30:53.365465 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:30:53.377684 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:53.378063 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Network connectivity detected Jun 24 12:30:53.378284 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Dropping privileges Jun 24 12:30:53.381730 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Network connectivity detected Jun 24 12:30:53.381922 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:53.382018 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:53.382134 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 12:30:53.382250 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Firefox workaround initialized Jun 24 12:30:53.382338 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpBay16j] Jun 24 12:30:53.383461 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 12:30:53.383461 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 12:30:53.383461 osdx dnscrypt-proxy[9662]: [2024-06-24 12:30:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 12:30:53.392729 osdx OSDxCLI[18080]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:30:47 UTC, end at Mon 2024-06-24 12:30:56 UTC. -- Jun 24 12:30:47.393027 osdx systemd-journald[1367]: Runtime journal (/run/log/journal/049b8f2538614231939f1117c2f6fd80) is 1.2M, max 9.7M, 8.5M free. Jun 24 12:30:47.411478 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:30:48.278395 osdx osdx-coredump[8099]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:30:48.286157 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:30:49.721765 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:49.861054 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 12:30:49.971829 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:30:50.055057 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 12:30:50.239761 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:30:50.405045 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 24 12:30:50.418818 osdx sshd[8172]: Server listening on 0.0.0.0 port 22. Jun 24 12:30:50.419139 osdx sshd[8172]: Server listening on :: port 22. Jun 24 12:30:50.419301 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 24 12:30:50.441036 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:50.484364 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:50.521431 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:50.700429 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 12:30:53.646807 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:30:53.769213 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 12:30:53.883489 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 12:30:54.004065 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 12:30:54.147135 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 24 12:30:54.246670 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 24 12:30:54.389304 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 24 12:30:54.517993 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3'. Jun 24 12:30:54.658617 osdx ca-certificates[8235]: Updating certificates in /etc/ssl/certs... Jun 24 12:30:55.369594 osdx ca-certificates[9219]: 1 added, 0 removed; done. Jun 24 12:30:55.375521 osdx ca-certificates[9223]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:30:55.380798 osdx ca-certificates[9227]: done. Jun 24 12:30:55.463586 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:30:55.466246 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:30:55.470462 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:30:55.491928 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:30:55.492355 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Network connectivity detected Jun 24 12:30:55.492874 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Dropping privileges Jun 24 12:30:55.495377 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Network connectivity detected Jun 24 12:30:55.498432 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:30:55.498945 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:30:55.498945 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:30:55.498945 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Firefox workaround initialized Jun 24 12:30:55.498945 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk4jgfr] Jun 24 12:30:55.718895 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:55.968952 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:30:56.131811 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:56] [NOTICE] [DUT0] OK (DoH) - rtt: 181ms Jun 24 12:30:56.131811 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:56] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 181ms) Jun 24 12:30:56.131811 osdx dnscrypt-proxy[9234]: [2024-06-24 12:30:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:31:05 UTC, end at Mon 2024-06-24 12:31:11 UTC. -- Jun 24 12:31:05.423268 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:31:05.446059 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:31:06.025742 osdx osdx-coredump[11317]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:31:06.033569 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:31:06.950435 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:31:07.084023 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:31:07.165878 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:31:07.338131 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:31:07.423645 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:31:07.462144 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:31:07.509936 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:31:07.702267 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:31:09.162672 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 12:31:09.328731 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 82:1f:89:52:02:93:8a:f7:8b:09:88:f2:a2:e0:16:06:43:5c:cb:66:63:57:03:92:02:f4:eb:33:88:f8:5b:2b ip 10.215.168.1 port 8443'. Jun 24 12:31:09.498964 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:31:09.591047 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:31:09.679136 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:31:09.779079 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIIfiVICk4r3iwmI8qLgFgZDXMtmY1cDkgL06zOI-FsrGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jun 24 12:31:09.898259 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 12:31:09.992261 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jun 24 12:31:10.105003 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jun 24 12:31:10.192251 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 12:31:10.323889 osdx ca-certificates[11437]: Updating certificates in /etc/ssl/certs... Jun 24 12:31:11.068342 osdx ca-certificates[12421]: 1 added, 0 removed; done. Jun 24 12:31:11.073825 osdx ca-certificates[12427]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:31:11.081198 osdx ca-certificates[12429]: done. Jun 24 12:31:11.221801 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:31:11.224075 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:31:11.227390 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:31:11.246486 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:31:11.246826 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Network connectivity detected Jun 24 12:31:11.247128 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Dropping privileges Jun 24 12:31:11.250071 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Network connectivity detected Jun 24 12:31:11.250211 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:31:11.250211 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:31:11.250211 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 12:31:11.250211 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Firefox workaround initialized Jun 24 12:31:11.250211 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0ypaMI] Jun 24 12:31:11.252212 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 12:31:11.252212 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 12:31:11.252212 osdx dnscrypt-proxy[12482]: [2024-06-24 12:31:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 12:31:11.255931 osdx OSDxCLI[18080]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2024-06-24 12:31:05 UTC, end at Mon 2024-06-24 12:31:13 UTC. -- Jun 24 12:31:05.417699 osdx systemd-journald[1367]: Runtime journal (/run/log/journal/049b8f2538614231939f1117c2f6fd80) is 1.2M, max 9.7M, 8.5M free. Jun 24 12:31:05.433569 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:31:06.270641 osdx osdx-coredump[10874]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:31:06.278185 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:31:07.840413 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:31:07.959136 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 12:31:08.089575 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:31:08.172237 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 12:31:08.338713 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:31:08.523209 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jun 24 12:31:08.543537 osdx sshd[10947]: Server listening on 0.0.0.0 port 22. Jun 24 12:31:08.543962 osdx sshd[10947]: Server listening on :: port 22. Jun 24 12:31:08.544179 osdx systemd[1]: Started OpenBSD Secure Shell server. Jun 24 12:31:08.569856 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:31:08.628716 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:31:08.674899 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:31:08.883293 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 12:31:11.553445 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 4744f663babd9fea32a337bba1221f7c7500d52364cf4b67149fc2d539e17ef3'. Jun 24 12:31:11.727238 osdx OSDxCLI[1483]: User 'admin' entered the configuration menu. Jun 24 12:31:11.835326 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 12:31:11.946755 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 12:31:12.065736 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 12:31:12.193435 osdx OSDxCLI[1483]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgR0T2Y7q9n-oyoze7oSIffHUA1SNkz0tnFJ_C1TnhfvMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jun 24 12:31:12.374490 osdx ca-certificates[11011]: Updating certificates in /etc/ssl/certs... Jun 24 12:31:13.110098 osdx ca-certificates[11996]: 1 added, 0 removed; done. Jun 24 12:31:13.116018 osdx ca-certificates[12000]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:31:13.121429 osdx ca-certificates[12004]: done. Jun 24 12:31:13.224299 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:31:13.227030 osdx cfgd[1004]: [1483]Completed change to active configuration Jun 24 12:31:13.235602 osdx OSDxCLI[1483]: User 'admin' committed the configuration. Jun 24 12:31:13.261381 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 12:31:13.261857 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Network connectivity detected Jun 24 12:31:13.262540 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Dropping privileges Jun 24 12:31:13.265639 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Network connectivity detected Jun 24 12:31:13.265850 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 12:31:13.265972 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 12:31:13.266113 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Firefox workaround initialized Jun 24 12:31:13.266229 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8Q_H9L] Jun 24 12:31:13.273721 osdx OSDxCLI[1483]: User 'admin' left the configuration menu. Jun 24 12:31:13.491805 osdx OSDxCLI[1483]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 12:31:13.565676 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] [DUT0] OK (DoH) - rtt: 141ms Jun 24 12:31:13.565676 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 141ms) Jun 24 12:31:13.565676 osdx dnscrypt-proxy[12011]: [2024-06-24 12:31:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13