Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:10 UTC, end at Thu 2024-10-10 06:51:16 UTC. -- Oct 10 06:51:10.390826 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:51:10.418549 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:11.035750 osdx osdx-coredump[28202]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:11.044451 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:11.999709 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:12.135541 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:51:12.218470 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:12.454369 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:12.492528 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:12.518290 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:51:12.696429 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:51:14.217006 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:14.324452 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:51:14.451771 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:51:14.604636 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:51:14.757288 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:51:14.874586 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:51:14.988061 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 10 06:51:15.148081 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 10 06:51:15.263695 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 10 06:51:15.407179 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 10 06:51:15.571874 osdx ca-certificates[28317]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:16.367894 osdx ca-certificates[29300]: 1 added, 0 removed; done. Oct 10 06:51:16.373906 osdx ca-certificates[29307]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:16.380283 osdx ca-certificates[29309]: done. Oct 10 06:51:16.562028 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:16.564777 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:16.568826 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:16.593155 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:16.593488 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Network connectivity detected Oct 10 06:51:16.593713 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Dropping privileges Oct 10 06:51:16.596439 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Network connectivity detected Oct 10 06:51:16.596616 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:16.596708 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:16.596826 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 10 06:51:16.596937 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Firefox workaround initialized Oct 10 06:51:16.597023 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgSTv7e] Oct 10 06:51:16.607214 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:51:16.820380 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 06:51:16.821404 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] [RD] OK (DoH) - rtt: 177ms Oct 10 06:51:16.821404 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] Server with the lowest initial latency: RD (rtt: 177ms) Oct 10 06:51:16.821404 osdx dnscrypt-proxy[29362]: [2024-10-10 06:51:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:10 UTC, end at Thu 2024-10-10 06:51:19 UTC. -- Oct 10 06:51:10.387418 osdx systemd-journald[1611]: Runtime journal (/run/log/journal/7337f10e485e44378e1c9d5b2e7757df) is 1.2M, max 9.7M, 8.5M free. Oct 10 06:51:10.400229 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:11.365166 osdx osdx-coredump[16081]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:11.372904 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:12.769232 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:12.949212 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 10 06:51:13.048045 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:13.163978 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service ssh'. Oct 10 06:51:13.534650 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 10 06:51:13.550813 osdx sshd[16154]: Server listening on 0.0.0.0 port 22. Oct 10 06:51:13.551211 osdx sshd[16154]: Server listening on :: port 22. Oct 10 06:51:13.551386 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 10 06:51:13.572194 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:13.631657 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:13.674208 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:13.888091 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 10 06:51:16.122241 osdx systemd[1]: Starting Cleanup of Temporary Directories... Oct 10 06:51:16.134002 osdx systemd[1]: systemd-tmpfiles-clean.service: Succeeded. Oct 10 06:51:16.134378 osdx systemd[1]: Started Cleanup of Temporary Directories. Oct 10 06:51:17.296911 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:17.429657 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 10 06:51:17.517259 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 10 06:51:17.657814 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 10 06:51:17.790757 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 10 06:51:17.880304 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 10 06:51:17.998840 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 10 06:51:18.129629 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde'. Oct 10 06:51:18.296477 osdx ca-certificates[16218]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:18.965486 osdx ca-certificates[17202]: 1 added, 0 removed; done. Oct 10 06:51:18.971351 osdx ca-certificates[17206]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:18.976570 osdx ca-certificates[17210]: done. Oct 10 06:51:19.075466 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:19.079232 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:19.088686 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:19.106333 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:19.106695 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Network connectivity detected Oct 10 06:51:19.107266 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Dropping privileges Oct 10 06:51:19.109444 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Network connectivity detected Oct 10 06:51:19.109592 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:19.109677 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:19.109770 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Firefox workaround initialized Oct 10 06:51:19.109844 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpM1HO6n] Oct 10 06:51:19.118166 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:19.330964 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 06:51:19.630341 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 06:51:19.851534 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] [DUT0] OK (DoH) - rtt: 189ms Oct 10 06:51:19.851534 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 189ms) Oct 10 06:51:19.851534 osdx dnscrypt-proxy[17217]: [2024-10-10 06:51:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:28 UTC, end at Thu 2024-10-10 06:51:34 UTC. -- Oct 10 06:51:28.401867 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:51:28.429034 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:28.986500 osdx osdx-coredump[31034]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:28.994555 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:29.881959 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:30.021422 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:51:30.097899 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:30.342641 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:30.392149 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:30.420403 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:51:30.594172 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:51:31.961367 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:51:32.150719 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:32.295995 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:51:32.416248 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:51:32.538364 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 10 06:51:32.627890 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 10 06:51:32.745567 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 10 06:51:32.873671 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 10 06:51:32.996448 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 10 06:51:33.150711 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 10 06:51:33.316719 osdx ca-certificates[31152]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:34.015504 osdx ca-certificates[32135]: 1 added, 0 removed; done. Oct 10 06:51:34.020876 osdx ca-certificates[32142]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:34.026910 osdx ca-certificates[32144]: done. Oct 10 06:51:34.161850 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:34.164021 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:34.167585 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:34.183848 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:34.184242 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Network connectivity detected Oct 10 06:51:34.184444 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Dropping privileges Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Network connectivity detected Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Firefox workaround initialized Oct 10 06:51:34.188407 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7xVJtK] Oct 10 06:51:34.217974 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:51:34.358857 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] [RD] OK (DoH) - rtt: 134ms Oct 10 06:51:34.358857 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 134ms) Oct 10 06:51:34.358857 osdx dnscrypt-proxy[32197]: [2024-10-10 06:51:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:28 UTC, end at Thu 2024-10-10 06:51:36 UTC. -- Oct 10 06:51:28.363785 osdx systemd-journald[1611]: Runtime journal (/run/log/journal/7337f10e485e44378e1c9d5b2e7757df) is 1.2M, max 9.7M, 8.5M free. Oct 10 06:51:28.376722 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:29.172382 osdx osdx-coredump[18852]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:29.179941 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:30.621736 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:30.767239 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 10 06:51:30.853818 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:30.981037 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service ssh'. Oct 10 06:51:31.312755 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 10 06:51:31.333547 osdx sshd[18925]: Server listening on 0.0.0.0 port 22. Oct 10 06:51:31.333928 osdx sshd[18925]: Server listening on :: port 22. Oct 10 06:51:31.334101 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 10 06:51:31.354466 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:31.398853 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:31.442289 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:31.658840 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 10 06:51:34.482359 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde'. Oct 10 06:51:34.681158 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:34.836151 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 10 06:51:34.939864 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 10 06:51:35.064762 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 10 06:51:35.174353 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 10 06:51:35.302021 osdx ca-certificates[18989]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:36.050499 osdx ca-certificates[19973]: 1 added, 0 removed; done. Oct 10 06:51:36.056457 osdx ca-certificates[19977]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:36.061703 osdx ca-certificates[19981]: done. Oct 10 06:51:36.149308 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:36.151950 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:36.156501 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:36.177512 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:36.178050 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Network connectivity detected Oct 10 06:51:36.182086 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Dropping privileges Oct 10 06:51:36.185504 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:36.186858 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Network connectivity detected Oct 10 06:51:36.187073 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:36.187190 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:36.187323 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Firefox workaround initialized Oct 10 06:51:36.187436 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdVhps2] Oct 10 06:51:36.413517 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 06:51:36.603310 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] [DUT0] OK (DoH) - rtt: 165ms Oct 10 06:51:36.603310 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 165ms) Oct 10 06:51:36.603310 osdx dnscrypt-proxy[19988]: [2024-10-10 06:51:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:45 UTC, end at Thu 2024-10-10 06:51:54 UTC. -- Oct 10 06:51:45.689752 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:51:45.726591 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:46.891112 osdx osdx-coredump[1412]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:46.902607 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:48.434498 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:48.655656 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:51:48.779034 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:49.081084 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:49.158542 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:49.230420 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:51:49.479179 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:51:51.223687 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 10 06:51:51.483942 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:51:51.639049 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:51:51.798754 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:51:51.958210 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 10 06:51:52.113821 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 10 06:51:52.301427 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 10 06:51:52.429971 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f'. Oct 10 06:51:52.553235 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 10 06:51:52.713936 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 10 06:51:52.856525 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 10 06:51:52.998878 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 10 06:51:53.194739 osdx ca-certificates[1531]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:54.237368 osdx ca-certificates[2524]: 1 added, 0 removed; done. Oct 10 06:51:54.250505 osdx ca-certificates[2531]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:54.261144 osdx ca-certificates[2533]: done. Oct 10 06:51:54.504565 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:54.509055 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:51:54.514917 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:51:54.540637 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:54.540995 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Network connectivity detected Oct 10 06:51:54.541220 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Dropping privileges Oct 10 06:51:54.544590 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Network connectivity detected Oct 10 06:51:54.544677 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:54.544677 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:54.544767 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 10 06:51:54.544767 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Firefox workaround initialized Oct 10 06:51:54.544767 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpMrH1qU] Oct 10 06:51:54.545858 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 10 06:51:54.545858 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 10 06:51:54.545985 osdx dnscrypt-proxy[2586]: [2024-10-10 06:51:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 10 06:51:54.590604 osdx OSDxCLI[1889]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:51:45 UTC, end at Thu 2024-10-10 06:51:57 UTC. -- Oct 10 06:51:45.791133 osdx systemd-journald[1611]: Runtime journal (/run/log/journal/7337f10e485e44378e1c9d5b2e7757df) is 1.2M, max 9.7M, 8.5M free. Oct 10 06:51:45.830447 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:51:47.374867 osdx osdx-coredump[21617]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:51:47.392966 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:51:49.602963 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:49.776066 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 10 06:51:49.880551 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:51:50.007015 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service ssh'. Oct 10 06:51:50.442829 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 10 06:51:50.462706 osdx sshd[21690]: Server listening on 0.0.0.0 port 22. Oct 10 06:51:50.463105 osdx sshd[21690]: Server listening on :: port 22. Oct 10 06:51:50.463324 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 10 06:51:50.488191 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:50.535116 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:50.627035 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:50.867404 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 10 06:51:54.899407 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:51:55.053923 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 10 06:51:55.211276 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 10 06:51:55.353573 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 10 06:51:55.485850 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 10 06:51:55.637159 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 10 06:51:55.766847 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 10 06:51:55.876585 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde'. Oct 10 06:51:56.029098 osdx ca-certificates[21753]: Updating certificates in /etc/ssl/certs... Oct 10 06:51:56.766526 osdx ca-certificates[22737]: 1 added, 0 removed; done. Oct 10 06:51:56.775123 osdx ca-certificates[22741]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:51:56.783387 osdx ca-certificates[22745]: done. Oct 10 06:51:56.886326 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:51:56.889116 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:51:56.893625 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:51:56.916616 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:51:56.917007 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Network connectivity detected Oct 10 06:51:56.917604 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Dropping privileges Oct 10 06:51:56.919935 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Network connectivity detected Oct 10 06:51:56.920093 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:51:56.920174 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:51:56.920266 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Firefox workaround initialized Oct 10 06:51:56.920340 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppzLCII] Oct 10 06:51:56.934697 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:51:57.186215 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal show | cat'. Oct 10 06:51:57.289497 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:57] [NOTICE] [DUT0] OK (DoH) - rtt: 164ms Oct 10 06:51:57.289497 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:57] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 164ms) Oct 10 06:51:57.289497 osdx dnscrypt-proxy[22752]: [2024-10-10 06:51:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:52:06 UTC, end at Thu 2024-10-10 06:52:11 UTC. -- Oct 10 06:52:06.437468 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:52:06.450181 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:52:07.126297 osdx osdx-coredump[4241]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:52:07.134613 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:52:08.000825 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:52:08.145847 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:52:08.251884 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:52:08.458268 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:52:08.503364 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:52:08.541661 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:52:08.753162 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:52:09.932237 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 10 06:52:10.053607 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443'. Oct 10 06:52:10.276317 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:52:10.375660 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:52:10.496727 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:52:10.617420 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 10 06:52:10.704245 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 10 06:52:10.804021 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 10 06:52:10.899074 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 10 06:52:10.993481 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 10 06:52:11.115404 osdx ca-certificates[4360]: Updating certificates in /etc/ssl/certs... Oct 10 06:52:11.785518 osdx ca-certificates[5344]: 1 added, 0 removed; done. Oct 10 06:52:11.791652 osdx ca-certificates[5350]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:52:11.795956 osdx ca-certificates[5352]: done. Oct 10 06:52:11.924500 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:52:11.926931 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:52:11.930087 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:52:11.945399 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:52:11.945780 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Network connectivity detected Oct 10 06:52:11.946214 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Dropping privileges Oct 10 06:52:11.949076 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Network connectivity detected Oct 10 06:52:11.949167 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:52:11.949167 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:52:11.949167 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 10 06:52:11.949167 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Firefox workaround initialized Oct 10 06:52:11.949167 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpYcY7J0] Oct 10 06:52:11.950388 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 10 06:52:11.950388 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 10 06:52:11.950488 osdx dnscrypt-proxy[5405]: [2024-10-10 06:52:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 10 06:52:11.975862 osdx OSDxCLI[1889]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-10-10 06:52:06 UTC, end at Thu 2024-10-10 06:52:13 UTC. -- Oct 10 06:52:06.456959 osdx systemd-journald[1611]: Runtime journal (/run/log/journal/7337f10e485e44378e1c9d5b2e7757df) is 1.2M, max 9.7M, 8.5M free. Oct 10 06:52:06.470096 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:52:07.341273 osdx osdx-coredump[24387]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:52:07.348961 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:52:08.815076 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:52:08.958012 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 10 06:52:09.038835 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:52:09.127804 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service ssh'. Oct 10 06:52:09.417555 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 10 06:52:09.432397 osdx sshd[24460]: Server listening on 0.0.0.0 port 22. Oct 10 06:52:09.432955 osdx sshd[24460]: Server listening on :: port 22. Oct 10 06:52:09.433160 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 10 06:52:09.456708 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:52:09.494950 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:52:09.519197 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:52:09.696078 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 10 06:52:12.245515 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash adb585788fb46ad16170052cbb45547fe2b7e46feb7884e1097b8faa7c298fde'. Oct 10 06:52:12.458698 osdx OSDxCLI[1790]: User 'admin' entered the configuration menu. Oct 10 06:52:12.563385 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 10 06:52:12.680070 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 10 06:52:12.767081 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 10 06:52:12.875896 osdx OSDxCLI[1790]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgrbWFeI-0atFhcAUsu0VUf-K35G_reIThCXuPqnwpj94NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 10 06:52:12.987995 osdx ca-certificates[24524]: Updating certificates in /etc/ssl/certs... Oct 10 06:52:13.603315 osdx ca-certificates[25508]: 1 added, 0 removed; done. Oct 10 06:52:13.609022 osdx ca-certificates[25512]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:52:13.614074 osdx ca-certificates[25516]: done. Oct 10 06:52:13.693797 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:52:13.696572 osdx cfgd[1249]: [1790]Completed change to active configuration Oct 10 06:52:13.700839 osdx OSDxCLI[1790]: User 'admin' committed the configuration. Oct 10 06:52:13.721721 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] dnscrypt-proxy 2.0.45 Oct 10 06:52:13.722187 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Network connectivity detected Oct 10 06:52:13.722604 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Dropping privileges Oct 10 06:52:13.724879 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Network connectivity detected Oct 10 06:52:13.725027 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 10 06:52:13.725107 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 10 06:52:13.725195 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Firefox workaround initialized Oct 10 06:52:13.725268 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpNsKLKX] Oct 10 06:52:13.752509 osdx OSDxCLI[1790]: User 'admin' left the configuration menu. Oct 10 06:52:13.915717 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Oct 10 06:52:13.915717 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Oct 10 06:52:13.915717 osdx dnscrypt-proxy[25523]: [2024-10-10 06:52:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 10 06:52:13.934722 osdx OSDxCLI[1790]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13