Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:16 UTC, end at Wed 2024-10-09 08:48:20 UTC. -- Oct 09 08:48:16.264999 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:48:16.283203 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:16.653762 osdx osdx-coredump[29353]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:16.660274 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:17.246059 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:17.320059 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:48:17.419133 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:17.514159 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:17.585391 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:17.619773 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:17.642260 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:17.785244 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:48:18.648944 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:18.703698 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:48:18.819064 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:48:18.889184 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:48:18.968964 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:48:19.024020 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:48:19.111198 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 08:48:19.162264 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 08:48:19.253741 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 08:48:19.308561 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 08:48:19.424246 osdx ca-certificates[29492]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:19.863978 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:48:19.868132 osdx ca-certificates[30478]: 1 added, 0 removed; done. Oct 09 08:48:19.871462 osdx ca-certificates[30484]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:19.874480 osdx ca-certificates[30486]: done. Oct 09 08:48:19.984849 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:19.986639 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:19.989497 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:20.005788 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:20.006281 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:20.006465 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Network connectivity detected Oct 09 08:48:20.006662 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Dropping privileges Oct 09 08:48:20.008570 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Network connectivity detected Oct 09 08:48:20.008687 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:20.008728 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:20.008775 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 08:48:20.008824 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Firefox workaround initialized Oct 09 08:48:20.008857 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4hjMnX] Oct 09 08:48:20.149906 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] [RD] OK (DoH) - rtt: 118ms Oct 09 08:48:20.149906 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) Oct 09 08:48:20.149906 osdx dnscrypt-proxy[30539]: [2024-10-09 08:48:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 09 08:48:20.151430 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:16 UTC, end at Wed 2024-10-09 08:48:21 UTC. -- Oct 09 08:48:16.254402 osdx systemd-journald[1561]: Runtime journal (/run/log/journal/eaeccd0c3bff4a7aaed4833a9adb570d) is 1.2M, max 9.7M, 8.5M free. Oct 09 08:48:16.265330 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:16.784033 osdx osdx-coredump[606]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:16.790555 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:17.820603 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:17.936702 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 08:48:17.989146 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:18.078531 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 08:48:18.157875 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:18.261522 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 09 08:48:18.269990 osdx sshd[709]: Server listening on 0.0.0.0 port 22. Oct 09 08:48:18.270157 osdx sshd[709]: Server listening on :: port 22. Oct 09 08:48:18.270241 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 09 08:48:18.283463 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:18.311126 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:18.327027 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:18.465702 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 08:48:20.354944 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:20.414372 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 08:48:20.507554 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 08:48:20.567587 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 08:48:20.674889 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 09 08:48:20.732747 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 09 08:48:20.820980 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 09 08:48:20.880040 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3'. Oct 09 08:48:20.993481 osdx ca-certificates[772]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:21.397594 osdx ca-certificates[1791]: 1 added, 0 removed; done. Oct 09 08:48:21.401336 osdx ca-certificates[1795]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:21.404535 osdx ca-certificates[1799]: done. Oct 09 08:48:21.455534 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:21.457921 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:21.463115 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:21.478790 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:21.479327 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:21.479558 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Network connectivity detected Oct 09 08:48:21.479966 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Dropping privileges Oct 09 08:48:21.481617 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Network connectivity detected Oct 09 08:48:21.481717 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:21.481767 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:21.481819 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Firefox workaround initialized Oct 09 08:48:21.481871 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpX_sURn] Oct 09 08:48:21.623121 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 08:48:21.646898 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] [DUT0] OK (DoH) - rtt: 117ms Oct 09 08:48:21.646898 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 117ms) Oct 09 08:48:21.646898 osdx dnscrypt-proxy[1806]: [2024-10-09 08:48:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:26 UTC, end at Wed 2024-10-09 08:48:30 UTC. -- Oct 09 08:48:26.312561 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:48:26.332952 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:26.695901 osdx osdx-coredump[32191]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:26.701994 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:27.215432 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:27.288891 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:48:27.405149 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:27.492209 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:27.573714 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:27.608952 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:27.623713 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:27.754428 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:48:28.562345 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:48:28.699582 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:28.755307 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:48:28.840976 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:48:28.908902 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 09 08:48:28.992606 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 08:48:29.045992 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 08:48:29.142926 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 08:48:29.201970 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 08:48:29.287606 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 08:48:29.372934 osdx ca-certificates[32335]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:29.787721 osdx ca-certificates[860]: 1 added, 0 removed; done. Oct 09 08:48:29.790824 osdx ca-certificates[867]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:29.794007 osdx ca-certificates[869]: done. Oct 09 08:48:29.874525 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:29.876146 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:29.878671 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:29.890379 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:29.890573 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Network connectivity detected Oct 09 08:48:29.890709 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Dropping privileges Oct 09 08:48:29.892556 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Network connectivity detected Oct 09 08:48:29.892652 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:29.892700 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:29.892748 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 08:48:29.892799 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Firefox workaround initialized Oct 09 08:48:29.892833 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpn84LAk] Oct 09 08:48:29.894196 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:30.034842 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 08:48:30.035479 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:30] [NOTICE] [RD] OK (DoH) - rtt: 120ms Oct 09 08:48:30.035479 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:30] [NOTICE] Server with the lowest initial latency: RD (rtt: 120ms) Oct 09 08:48:30.035572 osdx dnscrypt-proxy[922]: [2024-10-09 08:48:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:27 UTC, end at Wed 2024-10-09 08:48:32 UTC. -- Oct 09 08:48:27.277959 osdx systemd-journald[1561]: Runtime journal (/run/log/journal/eaeccd0c3bff4a7aaed4833a9adb570d) is 1.2M, max 9.7M, 8.5M free. Oct 09 08:48:27.286188 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:27.781585 osdx osdx-coredump[3437]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:27.787064 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:28.737216 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:28.842542 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 08:48:28.887508 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:28.977117 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 08:48:29.055861 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:29.156871 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 09 08:48:29.165153 osdx sshd[3534]: Server listening on 0.0.0.0 port 22. Oct 09 08:48:29.165357 osdx sshd[3534]: Server listening on :: port 22. Oct 09 08:48:29.165459 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 09 08:48:29.177293 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:29.201807 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:29.216161 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:29.343724 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 08:48:31.253401 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3'. Oct 09 08:48:31.379987 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:31.436974 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 08:48:31.524561 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 08:48:31.573274 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 08:48:31.674231 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 09 08:48:31.746135 osdx ca-certificates[3600]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:32.126140 osdx ca-certificates[4584]: 1 added, 0 removed; done. Oct 09 08:48:32.129617 osdx ca-certificates[4587]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:32.132828 osdx ca-certificates[4591]: done. Oct 09 08:48:32.180640 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:32.182693 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:32.189173 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:32.199254 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:32.199472 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Network connectivity detected Oct 09 08:48:32.199732 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Dropping privileges Oct 09 08:48:32.201346 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Network connectivity detected Oct 09 08:48:32.201427 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:32.201462 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:32.201508 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Firefox workaround initialized Oct 09 08:48:32.201538 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpD7BfZ5] Oct 09 08:48:32.208846 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:32.358705 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 08:48:32.522124 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] [DUT0] OK (DoH) - rtt: 165ms Oct 09 08:48:32.522124 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 165ms) Oct 09 08:48:32.522124 osdx dnscrypt-proxy[4599]: [2024-10-09 08:48:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:37 UTC, end at Wed 2024-10-09 08:48:41 UTC. -- Oct 09 08:48:37.290866 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:48:37.301314 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:37.711994 osdx osdx-coredump[2606]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:37.718700 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:38.318027 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:38.391610 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:48:38.479895 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:38.559964 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:38.646622 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:38.673489 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:38.688676 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:38.820741 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:48:39.648215 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 08:48:39.778851 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:39.835247 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:48:39.846099 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:48:39.846244 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:48:39.929195 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:48:39.985105 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 09 08:48:40.067593 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 09 08:48:40.122732 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 09 08:48:40.229320 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5'. Oct 09 08:48:40.278101 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 08:48:40.389143 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 08:48:40.462919 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 08:48:40.557663 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 08:48:40.642754 osdx ca-certificates[2749]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:41.107749 osdx ca-certificates[3732]: 1 added, 0 removed; done. Oct 09 08:48:41.110841 osdx ca-certificates[3739]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:41.114792 osdx ca-certificates[3741]: done. Oct 09 08:48:41.221283 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:41.222918 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:41.225803 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:41.241569 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:41.245294 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:41.245500 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Network connectivity detected Oct 09 08:48:41.245671 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Dropping privileges Oct 09 08:48:41.247597 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Network connectivity detected Oct 09 08:48:41.247693 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:41.247741 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:41.247800 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 08:48:41.247875 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Firefox workaround initialized Oct 09 08:48:41.247922 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptNWJHt] Oct 09 08:48:41.248589 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 08:48:41.248589 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 08:48:41.248657 osdx dnscrypt-proxy[3794]: [2024-10-09 08:48:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:37 UTC, end at Wed 2024-10-09 08:48:42 UTC. -- Oct 09 08:48:37.276460 osdx systemd-journald[1561]: Runtime journal (/run/log/journal/eaeccd0c3bff4a7aaed4833a9adb570d) is 1.2M, max 9.7M, 8.5M free. Oct 09 08:48:37.285180 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:37.880784 osdx osdx-coredump[6228]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:37.888475 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:38.837378 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:38.904684 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 08:48:38.991522 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:39.038838 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 08:48:39.161359 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:39.278940 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 09 08:48:39.287579 osdx sshd[6325]: Server listening on 0.0.0.0 port 22. Oct 09 08:48:39.287770 osdx sshd[6325]: Server listening on :: port 22. Oct 09 08:48:39.287867 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 09 08:48:39.301929 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:39.327885 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:39.343855 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:39.477250 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 08:48:41.435926 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:41.494085 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 08:48:41.581291 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 08:48:41.635029 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 08:48:41.747599 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 09 08:48:41.800552 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 09 08:48:41.889302 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 09 08:48:41.944146 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3'. Oct 09 08:48:42.055380 osdx ca-certificates[6388]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:42.445072 osdx ca-certificates[7372]: 1 added, 0 removed; done. Oct 09 08:48:42.448651 osdx ca-certificates[7376]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:42.451799 osdx ca-certificates[7380]: done. Oct 09 08:48:42.503421 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:42.505515 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:42.510509 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:42.523264 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:42.523490 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Network connectivity detected Oct 09 08:48:42.523756 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Dropping privileges Oct 09 08:48:42.525477 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Network connectivity detected Oct 09 08:48:42.525561 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:42.525597 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:42.525648 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Firefox workaround initialized Oct 09 08:48:42.525680 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpzfdFrl] Oct 09 08:48:42.529247 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:42.668367 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 08:48:42.769083 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] [DUT0] OK (DoH) - rtt: 135ms Oct 09 08:48:42.769083 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 135ms) Oct 09 08:48:42.769083 osdx dnscrypt-proxy[7387]: [2024-10-09 08:48:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:47 UTC, end at Wed 2024-10-09 08:48:50 UTC. -- Oct 09 08:48:47.286038 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:48:47.314138 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:47.698978 osdx osdx-coredump[5442]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:47.704724 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:48.214737 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:48.274676 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:48:48.362767 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:48.430882 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:48.495581 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:48.520551 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:48.565826 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:48:48.658967 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:48:49.192893 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:48:49.465180 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 08:48:49.541618 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443'. Oct 09 08:48:49.698507 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:48:49.752489 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:48:49.845732 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:48:49.906678 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 09 08:48:49.993169 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 08:48:50.049155 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 08:48:50.130305 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 08:48:50.184407 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 08:48:50.302096 osdx ca-certificates[5586]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:50.709419 osdx ca-certificates[6570]: 1 added, 0 removed; done. Oct 09 08:48:50.712404 osdx ca-certificates[6577]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:50.715411 osdx ca-certificates[6579]: done. Oct 09 08:48:50.802633 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:50.804174 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:48:50.806680 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:48:50.817332 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:50.817551 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Network connectivity detected Oct 09 08:48:50.817652 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Dropping privileges Oct 09 08:48:50.819872 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Network connectivity detected Oct 09 08:48:50.819941 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:50.819941 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:50.819941 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 08:48:50.819941 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Firefox workaround initialized Oct 09 08:48:50.819941 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpYX1IIZ] Oct 09 08:48:50.820841 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 08:48:50.820979 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 08:48:50.821055 osdx dnscrypt-proxy[6632]: [2024-10-09 08:48:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 09 08:48:50.824395 osdx OSDxCLI[25194]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-10-09 08:48:47 UTC, end at Wed 2024-10-09 08:48:52 UTC. -- Oct 09 08:48:47.293095 osdx systemd-journald[1561]: Runtime journal (/run/log/journal/eaeccd0c3bff4a7aaed4833a9adb570d) is 1.2M, max 9.7M, 8.5M free. Oct 09 08:48:47.301296 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:48:47.811989 osdx osdx-coredump[9016]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:48:47.817436 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:48:48.694029 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:48.754372 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 08:48:48.837363 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:48:48.887677 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 08:48:49.007673 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:48:49.113152 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 09 08:48:49.121389 osdx sshd[9113]: Server listening on 0.0.0.0 port 22. Oct 09 08:48:49.121591 osdx sshd[9113]: Server listening on :: port 22. Oct 09 08:48:49.121683 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 09 08:48:49.134010 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:49.159761 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:49.174892 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:49.304038 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 08:48:50.975101 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8a7c59279ccccd77369a078ce7f0cf049bbd1dad17be8fdaf1f031820e6c1ec3'. Oct 09 08:48:51.103961 osdx OSDxCLI[9127]: User 'admin' entered the configuration menu. Oct 09 08:48:51.158870 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 08:48:51.249658 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 08:48:51.304625 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 08:48:51.403709 osdx OSDxCLI[9127]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQginxZJ5zMzXc2mgeM5_DPBJu9Ha0Xvo_a8fAxgg5sHsMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 09 08:48:51.482454 osdx ca-certificates[9180]: Updating certificates in /etc/ssl/certs... Oct 09 08:48:51.886373 osdx ca-certificates[10164]: 1 added, 0 removed; done. Oct 09 08:48:51.890308 osdx ca-certificates[10167]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:48:51.894162 osdx ca-certificates[10171]: done. Oct 09 08:48:51.944373 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:48:51.946397 osdx cfgd[1199]: [9127]Completed change to active configuration Oct 09 08:48:51.953181 osdx OSDxCLI[9127]: User 'admin' committed the configuration. Oct 09 08:48:51.964096 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 08:48:51.964343 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Network connectivity detected Oct 09 08:48:51.964625 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Dropping privileges Oct 09 08:48:51.966246 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Network connectivity detected Oct 09 08:48:51.966342 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 08:48:51.966381 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 08:48:51.966433 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Firefox workaround initialized Oct 09 08:48:51.966466 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplK64Ep] Oct 09 08:48:51.968689 osdx OSDxCLI[9127]: User 'admin' left the configuration menu. Oct 09 08:48:52.108860 osdx OSDxCLI[9127]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 08:48:52.175745 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:52] [NOTICE] [DUT0] OK (DoH) - rtt: 124ms Oct 09 08:48:52.175745 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:52] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 124ms) Oct 09 08:48:52.175745 osdx dnscrypt-proxy[10179]: [2024-10-09 08:48:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13