List

Test suite to validate domain/IP blocking and whitelisting

Blocklist Domain

Description

Performs a lookup over a domain that has been blocked.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set service dns proxy static RD protocol dns-over-https hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8
set service dns proxy blocklist name domain 'example.org'
set service dns proxy blocklist name domain 'teldat.com'
set service dns proxy blocklist name domain '*sex*'
set service dns proxy blocklist ip address 10.215.168.42

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

This query has been locally blocked

Show output

teldat.com host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 3: Run command show host lookup sex.example.page type A at DUT0 and check if output contains the following tokens:

This query has been locally blocked

Show output

sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 4: Run command show host lookup blocked-ip.net type A at DUT0 and check if output contains the following tokens:

This query has been locally blocked

Show output

blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"

---

Whitelist Domain

Description

Performs a lookup over a domain that has been whitelisted.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set service dns proxy static RD protocol dns-over-https hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8
set service dns proxy blocklist name domain 'example.org'
set service dns proxy blocklist name domain 'teldat.com'
set service dns proxy blocklist name domain '*sex*'
set service dns proxy blocklist ip address 10.215.168.42
set service dns proxy whitelist name domain 'teldat.com'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

teldat.com has address 19.18.17.16

Step 3: Run command show host lookup sex.example.page type A at DUT0 and check if output contains the following tokens:

This query has been locally blocked

Show output

sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 4: Run command show host lookup blocked-ip.net type A at DUT0 and check if output contains the following tokens:

This query has been locally blocked

Show output

blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"

---