Source

Test suite to validate using one or multiple ciphers to protect DoH connection

Valid Source

Description

Configures a valid source with the expected minisign key and checks that everything works.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md
set service dns proxy source RD minisign-key 'RWQjmV8ePsrXlMW8dVuFZn/igSk3HyArDem3Fi6ykk7Edi1LeTQG1h/W'
set service dns proxy server-name rd-server

Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[rd-server\] OK \(DoH\) - rtt: \d+ms$

Show output

-- Logs begin at Thu 2024-10-10 07:19:38 UTC, end at Thu 2024-10-10 07:19:40 UTC. --
Oct 10 07:19:38.277907 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free.
Oct 10 07:19:38.292586 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 07:19:38.631937 osdx osdx-coredump[1144]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 10 07:19:38.638029 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 07:19:39.152091 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu.
Oct 10 07:19:39.226550 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 10 07:19:39.309994 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 10 07:19:39.380906 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 07:19:39.434074 osdx cfgd[1323]: [22192]Completed change to active configuration
Oct 10 07:19:39.461301 osdx OSDxCLI[22192]: User 'admin' committed the configuration.
Oct 10 07:19:39.478712 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Oct 10 07:19:39.620031 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 10 07:19:39.830499 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu.
Oct 10 07:19:39.925789 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 10 07:19:39.996623 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'.
Oct 10 07:19:40.092471 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key 'RWQjmV8ePsrXlMW8dVuFZn/igSk3HyArDem3Fi6ykk7Edi1LeTQG1h/W''.
Oct 10 07:19:40.143534 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name rd-server'.
Oct 10 07:19:40.260890 osdx ca-certificates[1264]: Updating certificates in /etc/ssl/certs...
Oct 10 07:19:40.695667 osdx ca-certificates[2266]: 1 added, 0 removed; done.
Oct 10 07:19:40.698645 osdx ca-certificates[2272]: Running hooks in /etc/ca-certificates/update.d...
Oct 10 07:19:40.701604 osdx ca-certificates[2274]: done.
Oct 10 07:19:40.739464 osdx systemd[1]: Started DNSCrypt client proxy.
Oct 10 07:19:40.740616 osdx cfgd[1323]: [22192]Completed change to active configuration
Oct 10 07:19:40.743467 osdx OSDxCLI[22192]: User 'admin' committed the configuration.
Oct 10 07:19:40.764674 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] dnscrypt-proxy 2.0.45
Oct 10 07:19:40.764970 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Network connectivity detected
Oct 10 07:19:40.765011 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Dropping privileges
Oct 10 07:19:40.767045 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Network connectivity detected
Oct 10 07:19:40.767201 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Oct 10 07:19:40.767260 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Oct 10 07:19:40.770538 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-3s2bkfzax5jzaowj.tmp: permission denied
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Source [RD] loaded
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [WARNING] Missing stamp for server [server-name`]
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [WARNING] Error in source [RD]: [Missing stamp for server [server-name`]] -- Continuing with reduced server count [1]
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Firefox workaround initialized
Oct 10 07:19:40.791819 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpEFtpCJ]
Oct 10 07:19:40.912261 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 07:19:40.976439 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] [rd-server] OK (DoH) - rtt: 121ms
Oct 10 07:19:40.976439 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] Server with the lowest initial latency: rd-server (rtt: 121ms)
Oct 10 07:19:40.976439 osdx dnscrypt-proxy[2278]: [2024-10-10 07:19:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1

---

Valid Source With Prefix

Description

Configures a valid source with the expected minisign key and checks that everything works. Additionally, uses a prefix to avoid the duplicity of servers with the same name.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md
set service dns proxy source RD minisign-key 'RWQjmV8ePsrXlMW8dVuFZn/igSk3HyArDem3Fi6ykk7Edi1LeTQG1h/W'
set service dns proxy source RD prefix PRIVATE-
set service dns proxy server-name PRIVATE-rd-server

Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[PRIVATE-rd-server\] OK \(DoH\) - rtt: \d+ms$

Show output

-- Logs begin at Thu 2024-10-10 07:19:45 UTC, end at Thu 2024-10-10 07:19:47 UTC. --
Oct 10 07:19:45.281922 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free.
Oct 10 07:19:45.296670 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 07:19:45.648468 osdx osdx-coredump[3890]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 10 07:19:45.656128 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 07:19:46.177960 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu.
Oct 10 07:19:46.241559 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 10 07:19:46.328686 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 10 07:19:46.396210 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 07:19:46.453117 osdx cfgd[1323]: [22192]Completed change to active configuration
Oct 10 07:19:46.481782 osdx OSDxCLI[22192]: User 'admin' committed the configuration.
Oct 10 07:19:46.498032 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Oct 10 07:19:46.630156 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 10 07:19:46.750248 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu.
Oct 10 07:19:46.818376 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 10 07:19:46.917539 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'.
Oct 10 07:19:46.974339 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key 'RWQjmV8ePsrXlMW8dVuFZn/igSk3HyArDem3Fi6ykk7Edi1LeTQG1h/W''.
Oct 10 07:19:47.068697 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy source RD prefix PRIVATE-'.
Oct 10 07:19:47.125445 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name PRIVATE-rd-server'.
Oct 10 07:19:47.280018 osdx ca-certificates[4001]: Updating certificates in /etc/ssl/certs...
Oct 10 07:19:47.735412 osdx ca-certificates[4986]: 1 added, 0 removed; done.
Oct 10 07:19:47.738539 osdx ca-certificates[4993]: Running hooks in /etc/ca-certificates/update.d...
Oct 10 07:19:47.741694 osdx ca-certificates[4995]: done.
Oct 10 07:19:47.784105 osdx systemd[1]: Started DNSCrypt client proxy.
Oct 10 07:19:47.785396 osdx cfgd[1323]: [22192]Completed change to active configuration
Oct 10 07:19:47.787918 osdx OSDxCLI[22192]: User 'admin' committed the configuration.
Oct 10 07:19:47.806474 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] dnscrypt-proxy 2.0.45
Oct 10 07:19:47.806731 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Network connectivity detected
Oct 10 07:19:47.806854 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Dropping privileges
Oct 10 07:19:47.808998 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Network connectivity detected
Oct 10 07:19:47.809069 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Oct 10 07:19:47.809069 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Oct 10 07:19:47.809976 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-yxidtkj7beahmu2w.tmp: permission denied
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Source [RD] loaded
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [WARNING] Missing stamp for server [PRIVATE-server-name`]
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [WARNING] Error in source [RD]: [Missing stamp for server [PRIVATE-server-name`]] -- Continuing with reduced server count [1]
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Firefox workaround initialized
Oct 10 07:19:47.810159 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpGCY4fE]
Oct 10 07:19:47.954697 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] [PRIVATE-rd-server] OK (DoH) - rtt: 111ms
Oct 10 07:19:47.954697 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] Server with the lowest initial latency: PRIVATE-rd-server (rtt: 111ms)
Oct 10 07:19:47.954697 osdx dnscrypt-proxy[4999]: [2024-10-10 07:19:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Oct 10 07:19:47.960098 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal show | cat'.

---

Invalid Source

Description

Configures an invalid source with a random minisign key and expects it to fail.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy log level 0
set service dns proxy source RD url http://10.215.168.1/~robot/invalid-source
set service dns proxy source RD minisign-key 'V6kCeEU66kjbzhnzg8jKmoOZ'
set service dns proxy server-name rd-server

---

Invalid Minisign Key

Description

Configures a valid source but with an incorrect minisign key, which should fail.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy log level 0
set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md
set service dns proxy source RD minisign-key 'InvalidMinisignKey=='
set service dns proxy server-name rd-server

---