Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:27:54 UTC, end at Mon 2023-10-30 11:27:59 UTC. -- Oct 30 11:27:54.408666 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 4.0M, max 16.0M, 12.0M free. Oct 30 11:27:54.423214 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:27:54.870780 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:27:54.996774 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:27:55.118732 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:27:55.279902 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:27:55.373927 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:27:55.418347 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:27:55.464108 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:27:55.625217 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:27:56.936754 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:27:57.052737 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:27:57.143383 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:27:57.250314 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:27:57.327668 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:27:57.457115 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:27:57.551053 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 30 11:27:57.652784 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 30 11:27:57.756450 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 11:27:57.864422 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 30 11:27:58.033945 osdx ca-certificates[28163]: Updating certificates in /etc/ssl/certs... Oct 30 11:27:58.732884 osdx ca-certificates[29147]: 1 added, 0 removed; done. Oct 30 11:27:58.739458 osdx ca-certificates[29151]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:27:58.745193 osdx ca-certificates[29155]: done. Oct 30 11:27:58.884445 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:27:58.887734 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:27:58.896568 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:27:58.913121 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:27:58.913500 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Network connectivity detected Oct 30 11:27:58.914084 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Dropping privileges Oct 30 11:27:58.916361 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Network connectivity detected Oct 30 11:27:58.916527 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:27:58.916608 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:27:58.916713 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 30 11:27:58.916808 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Firefox workaround initialized Oct 30 11:27:58.916882 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvq7wxf] Oct 30 11:27:58.923567 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:27:59.106295 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:27:59.136544 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:59] [NOTICE] [RD] OK (DoH) - rtt: 184ms Oct 30 11:27:59.136544 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:59] [NOTICE] Server with the lowest initial latency: RD (rtt: 184ms) Oct 30 11:27:59.136544 osdx dnscrypt-proxy[29205]: [2023-10-30 11:27:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:27:54 UTC, end at Mon 2023-10-30 11:28:02 UTC. -- Oct 30 11:27:54.398354 osdx systemd-journald[566]: Runtime journal (/run/log/journal/b16522e0298c413ba26ddcc8854c154b) is 2.4M, max 9.7M, 7.3M free. Oct 30 11:27:54.416093 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:27:55.657220 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:27:55.782068 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Oct 30 11:27:55.885909 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:27:55.998836 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service ssh'. Oct 30 11:27:56.147496 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:27:56.299908 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 30 11:27:56.313863 osdx sshd[11818]: Server listening on 0.0.0.0 port 22. Oct 30 11:27:56.314169 osdx sshd[11818]: Server listening on :: port 22. Oct 30 11:27:56.314349 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 30 11:27:56.332049 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:27:56.374583 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:27:56.408847 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:27:56.611337 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Oct 30 11:27:59.417769 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:27:59.544002 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Oct 30 11:27:59.671481 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 30 11:27:59.776087 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 30 11:27:59.904200 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 30 11:27:59.984027 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 30 11:28:00.122171 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Oct 30 11:28:00.216947 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec'. Oct 30 11:28:00.356168 osdx ca-certificates[11881]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:01.028387 osdx ca-certificates[12863]: 1 added, 0 removed; done. Oct 30 11:28:01.034126 osdx ca-certificates[12869]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:01.039444 osdx ca-certificates[12873]: done. Oct 30 11:28:01.137025 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:01.139632 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:01.149041 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:01.200199 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:01.418525 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:01.418982 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Network connectivity detected Oct 30 11:28:01.419422 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Dropping privileges Oct 30 11:28:01.428041 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Network connectivity detected Oct 30 11:28:01.428041 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:01.428041 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:01.428041 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Firefox workaround initialized Oct 30 11:28:01.428041 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1i9d38] Oct 30 11:28:01.461314 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:01.759042 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:02.031624 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:02.249559 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:02] [NOTICE] [DUT0] OK (DoH) - rtt: 189ms Oct 30 11:28:02.249559 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:02] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 189ms) Oct 30 11:28:02.249559 osdx dnscrypt-proxy[12880]: [2023-10-30 11:28:02] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 30 11:28:02.269385 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSACnzDDSwg94mrk4XbbJXfLZJExMsNXAD4vokIoVxw7HQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSACnzDDSwg94mrk4XbbJXfLZJExMsNXAD4vokIoVxw7HQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:08 UTC, end at Mon 2023-10-30 11:28:13 UTC. -- Oct 30 11:28:08.369147 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:28:08.382560 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:08.742131 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:08.873245 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:28:08.976397 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:09.136678 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:09.233850 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:09.275959 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:09.319586 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:28:09.485993 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:28:10.705979 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:28:10.887022 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:10.987281 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:28:11.101844 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:28:11.210129 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSACnzDDSwg94mrk4XbbJXfLZJExMsNXAD4vokIoVxw7HQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 30 11:28:11.351783 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 30 11:28:11.442712 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 30 11:28:11.540771 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 30 11:28:11.640247 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 11:28:11.759302 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 30 11:28:11.902374 osdx ca-certificates[30893]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:12.561862 osdx ca-certificates[31877]: 1 added, 0 removed; done. Oct 30 11:28:12.570845 osdx ca-certificates[31881]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:12.579114 osdx ca-certificates[31885]: done. Oct 30 11:28:12.736218 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:12.740339 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:12.750435 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:12.779942 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:12.781121 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Network connectivity detected Oct 30 11:28:12.781121 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Dropping privileges Oct 30 11:28:12.784279 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Network connectivity detected Oct 30 11:28:12.784481 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:12.784606 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:12.784731 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 30 11:28:12.784858 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Firefox workaround initialized Oct 30 11:28:12.784958 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpksZ5xo] Oct 30 11:28:12.801116 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:28:12.990567 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:13.068889 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:13] [NOTICE] [RD] OK (DoH) - rtt: 233ms Oct 30 11:28:13.068889 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 233ms) Oct 30 11:28:13.068889 osdx dnscrypt-proxy[31938]: [2023-10-30 11:28:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:09 UTC, end at Mon 2023-10-30 11:28:16 UTC. -- Oct 30 11:28:09.353758 osdx systemd-journald[566]: Runtime journal (/run/log/journal/b16522e0298c413ba26ddcc8854c154b) is 1.2M, max 9.7M, 8.5M free. Oct 30 11:28:09.366914 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:10.526092 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:10.652904 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Oct 30 11:28:10.744003 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:10.830006 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service ssh'. Oct 30 11:28:10.970881 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:11.126404 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 30 11:28:11.140943 osdx sshd[14516]: Server listening on 0.0.0.0 port 22. Oct 30 11:28:11.141269 osdx sshd[14516]: Server listening on :: port 22. Oct 30 11:28:11.141450 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 30 11:28:11.159654 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:11.203871 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:11.263607 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:11.432711 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Oct 30 11:28:14.401299 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec'. Oct 30 11:28:14.577808 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:14.689117 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Oct 30 11:28:14.803181 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 30 11:28:14.895865 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 30 11:28:14.999523 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 30 11:28:15.117271 osdx ca-certificates[14579]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:15.763073 osdx ca-certificates[15563]: 1 added, 0 removed; done. Oct 30 11:28:15.768648 osdx ca-certificates[15567]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:15.773620 osdx ca-certificates[15571]: done. Oct 30 11:28:15.847397 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:15.849858 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:15.853833 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:15.874220 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:15.874617 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Network connectivity detected Oct 30 11:28:15.875251 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Dropping privileges Oct 30 11:28:15.879691 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:15.880633 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Network connectivity detected Oct 30 11:28:15.880765 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:15.880852 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:15.880943 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Firefox workaround initialized Oct 30 11:28:15.881017 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_aJaTR] Oct 30 11:28:16.059299 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:16.324816 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:16.558906 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:16.865462 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:16.961718 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:16] [NOTICE] [DUT0] OK (DoH) - rtt: 296ms Oct 30 11:28:16.961718 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 296ms) Oct 30 11:28:16.961718 osdx dnscrypt-proxy[15578]: [2023-10-30 11:28:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://certs/dnscrypt.crt at DUT0 and expect this output:
Show output
d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78
Step 2: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78 set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:23 UTC, end at Mon 2023-10-30 11:28:27 UTC. -- Oct 30 11:28:23.372547 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:28:23.386873 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:23.726853 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:23.850451 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:28:23.944663 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:24.071055 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:24.164962 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:24.206048 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:24.234558 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:28:24.403293 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:28:25.650401 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://certs/dnscrypt.crt'. Oct 30 11:28:25.850850 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:25.964298 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:28:26.085874 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:28:26.192302 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 30 11:28:26.301154 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 30 11:28:26.413387 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 30 11:28:26.543435 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78'. Oct 30 11:28:26.688384 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 11:28:26.834501 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 30 11:28:26.923725 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 30 11:28:27.041523 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 30 11:28:27.157730 osdx ca-certificates[1187]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:27.767105 osdx ca-certificates[2176]: 1 added, 0 removed; done. Oct 30 11:28:27.772878 osdx ca-certificates[2180]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:27.778084 osdx ca-certificates[2184]: done. Oct 30 11:28:27.910961 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:27.913589 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:27.917634 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:27.938464 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:27.938860 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Network connectivity detected Oct 30 11:28:27.941661 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Dropping privileges Oct 30 11:28:27.942097 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:28:27.944681 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Network connectivity detected Oct 30 11:28:27.944826 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:27.944906 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:27.945000 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 30 11:28:27.945086 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Firefox workaround initialized Oct 30 11:28:27.945168 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpuvlID6] Oct 30 11:28:27.946798 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 30 11:28:27.946945 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 30 11:28:27.947022 osdx dnscrypt-proxy[2237]: [2023-10-30 11:28:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:23 UTC, end at Mon 2023-10-30 11:28:30 UTC. -- Oct 30 11:28:23.343734 osdx systemd-journald[566]: Runtime journal (/run/log/journal/b16522e0298c413ba26ddcc8854c154b) is 1.2M, max 9.7M, 8.5M free. Oct 30 11:28:23.356416 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:24.442586 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:24.565787 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Oct 30 11:28:24.654486 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:24.737579 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service ssh'. Oct 30 11:28:24.897998 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:25.073493 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 30 11:28:25.087165 osdx sshd[17211]: Server listening on 0.0.0.0 port 22. Oct 30 11:28:25.087489 osdx sshd[17211]: Server listening on :: port 22. Oct 30 11:28:25.087652 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 30 11:28:25.107182 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:25.157439 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:25.209327 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:25.399451 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Oct 30 11:28:28.226012 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:28.336513 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Oct 30 11:28:28.450770 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 30 11:28:28.553894 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 30 11:28:28.676850 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 30 11:28:28.777184 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 30 11:28:28.867355 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Oct 30 11:28:28.962439 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec'. Oct 30 11:28:29.082243 osdx ca-certificates[17274]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:29.765483 osdx ca-certificates[18258]: 1 added, 0 removed; done. Oct 30 11:28:29.771149 osdx ca-certificates[18262]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:29.776339 osdx ca-certificates[18266]: done. Oct 30 11:28:29.861997 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:29.864579 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:29.868644 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:29.888944 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:29.889354 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Network connectivity detected Oct 30 11:28:29.889883 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Dropping privileges Oct 30 11:28:29.893736 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:29.895407 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Network connectivity detected Oct 30 11:28:29.895573 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:29.895658 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:29.895751 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Firefox workaround initialized Oct 30 11:28:29.895830 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnOzscY] Oct 30 11:28:30.108293 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:30.341399 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:30.404002 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:30] [NOTICE] [DUT0] OK (DoH) - rtt: 219ms Oct 30 11:28:30.404002 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:30] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 219ms) Oct 30 11:28:30.404002 osdx dnscrypt-proxy[18273]: [2023-10-30 11:28:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://certs/dnscrypt.crt at DUT0 and expect this output:
Show output
d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINXHh8eGjIIUq-4crq-x_tt3S3mPep5rcL0PUDYxf0N4GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINXHh8eGjIIUq-4crq-x_tt3S3mPep5rcL0PUDYxf0N4GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:37 UTC, end at Mon 2023-10-30 11:28:42 UTC. -- Oct 30 11:28:37.353363 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:28:37.366222 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:37.738143 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:37.873480 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:28:37.984975 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:38.148462 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:38.253682 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:38.307915 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:38.335110 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:28:38.550656 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:28:39.797925 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://certs/dnscrypt.crt'. Oct 30 11:28:39.938652 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key d5:c7:87:c7:86:8c:82:14:ab:ee:1c:ae:af:b1:fe:db:77:4b:79:8f:7a:9e:6b:70:bd:0f:50:36:31:7f:43:78 ip 10.215.168.1 port 8443'. Oct 30 11:28:40.139707 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:28:40.273286 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:28:40.401329 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:28:40.525960 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINXHh8eGjIIUq-4crq-x_tt3S3mPep5rcL0PUDYxf0N4GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 30 11:28:40.631302 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 11:28:40.779628 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 30 11:28:40.902240 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 30 11:28:41.025100 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 30 11:28:41.157234 osdx ca-certificates[3914]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:41.955278 osdx ca-certificates[4901]: 1 added, 0 removed; done. Oct 30 11:28:41.962057 osdx ca-certificates[4905]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:41.968084 osdx ca-certificates[4909]: done. Oct 30 11:28:42.101270 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:42.103999 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:28:42.108193 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:28:42.129866 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:42.130327 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Network connectivity detected Oct 30 11:28:42.130904 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Dropping privileges Oct 30 11:28:42.133443 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Network connectivity detected Oct 30 11:28:42.133626 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:42.133709 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:42.133802 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 30 11:28:42.133890 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Firefox workaround initialized Oct 30 11:28:42.133960 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppSchPh] Oct 30 11:28:42.135571 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 30 11:28:42.135695 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 30 11:28:42.135777 osdx dnscrypt-proxy[4962]: [2023-10-30 11:28:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 30 11:28:42.139899 osdx OSDxCLI[4196]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Mon 2023-10-30 11:28:37 UTC, end at Mon 2023-10-30 11:28:44 UTC. -- Oct 30 11:28:37.335827 osdx systemd-journald[566]: Runtime journal (/run/log/journal/b16522e0298c413ba26ddcc8854c154b) is 1.2M, max 9.7M, 8.5M free. Oct 30 11:28:37.348591 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:28:38.662513 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:38.773477 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Oct 30 11:28:38.879884 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:28:38.978287 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service ssh'. Oct 30 11:28:39.128185 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:28:39.282530 osdx systemd[1]: Starting OpenBSD Secure Shell server... Oct 30 11:28:39.296105 osdx sshd[19896]: Server listening on 0.0.0.0 port 22. Oct 30 11:28:39.296676 osdx sshd[19896]: Server listening on :: port 22. Oct 30 11:28:39.296891 osdx systemd[1]: Started OpenBSD Secure Shell server. Oct 30 11:28:39.314297 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:39.355531 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:39.384112 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:39.571160 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Oct 30 11:28:42.447454 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 32643457213c054d2376d566e685e887c06e13b741fc9e8f6bbdc3c4500075ec'. Oct 30 11:28:42.631184 osdx OSDxCLI[1396]: User 'admin' entered the configuration menu. Oct 30 11:28:42.747792 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Oct 30 11:28:42.842179 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 30 11:28:42.939085 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 30 11:28:43.042984 osdx OSDxCLI[1396]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAgMmQ0VyE8BU0jdtVm5oXoh8BuE7dB_J6Pa73DxFAAdewNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 30 11:28:43.160728 osdx ca-certificates[19958]: Updating certificates in /etc/ssl/certs... Oct 30 11:28:43.810091 osdx ca-certificates[20942]: 1 added, 0 removed; done. Oct 30 11:28:43.815806 osdx ca-certificates[20946]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:28:43.820864 osdx ca-certificates[20950]: done. Oct 30 11:28:43.894466 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:28:43.896976 osdx cfgd[983]: [1396]Completed change to active configuration Oct 30 11:28:43.905008 osdx OSDxCLI[1396]: User 'admin' committed the configuration. Oct 30 11:28:43.921270 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 11:28:43.921650 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Network connectivity detected Oct 30 11:28:43.922222 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Dropping privileges Oct 30 11:28:43.924517 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Network connectivity detected Oct 30 11:28:43.924668 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 11:28:43.924750 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 11:28:43.924860 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Firefox workaround initialized Oct 30 11:28:43.924947 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpDDTdMC] Oct 30 11:28:43.942910 osdx OSDxCLI[1396]: User 'admin' left the configuration menu. Oct 30 11:28:44.140733 osdx OSDxCLI[1396]: User 'admin' executed a new command: 'system journal show | cat'. Oct 30 11:28:44.160274 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:44] [NOTICE] [DUT0] OK (DoH) - rtt: 168ms Oct 30 11:28:44.160274 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:44] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 168ms) Oct 30 11:28:44.160274 osdx dnscrypt-proxy[20957]: [2023-10-30 11:28:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13