Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:14 UTC, end at Thu 2023-11-23 22:45:19 UTC. -- Nov 23 22:45:14.417580 osdx systemd-journald[619]: Runtime journal (/run/log/journal/1b38b2114cf0481baed8058b17ed7ac1) is 4.0M, max 16.0M, 12.0M free. Nov 23 22:45:14.438053 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:14.813769 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:14.938635 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Nov 23 22:45:15.029403 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:15.181050 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:15.275945 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:15.319134 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:15.346258 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:45:15.518083 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 23 22:45:16.768969 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:16.896509 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 23 22:45:17.015484 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 23 22:45:17.138352 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 23 22:45:17.228618 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 23 22:45:17.321557 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8'. Nov 23 22:45:17.433767 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Nov 23 22:45:17.524142 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Nov 23 22:45:17.611183 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 23 22:45:17.732066 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 23 22:45:17.903317 osdx ca-certificates[24536]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:18.633920 osdx ca-certificates[25520]: 1 added, 0 removed; done. Nov 23 22:45:18.639705 osdx ca-certificates[25524]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:18.645417 osdx ca-certificates[25528]: done. Nov 23 22:45:18.826526 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:18.829894 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:18.838646 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:18.864114 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:45:18.869903 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:18.870431 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Network connectivity detected Nov 23 22:45:18.871231 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Dropping privileges Nov 23 22:45:18.874736 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Network connectivity detected Nov 23 22:45:18.874947 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:18.875070 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:18.875219 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 23 22:45:18.875351 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Firefox workaround initialized Nov 23 22:45:18.875463 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpm0yV30] Nov 23 22:45:19.031460 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:19] [NOTICE] [RD] OK (DoH) - rtt: 122ms Nov 23 22:45:19.031460 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) Nov 23 22:45:19.031460 osdx dnscrypt-proxy[25581]: [2023-11-23 22:45:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:14 UTC, end at Thu 2023-11-23 22:45:20 UTC. -- Nov 23 22:45:14.383930 osdx systemd-journald[568]: Runtime journal (/run/log/journal/8bfa9c72be3e409aa4997490338b4bf3) is 1.2M, max 9.7M, 8.5M free. Nov 23 22:45:14.402798 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:15.531389 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:15.652405 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Nov 23 22:45:15.744545 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:15.831010 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service ssh'. Nov 23 22:45:15.981596 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:16.162766 osdx systemd[1]: Starting OpenBSD Secure Shell server... Nov 23 22:45:16.177127 osdx sshd[18966]: Server listening on 0.0.0.0 port 22. Nov 23 22:45:16.177455 osdx sshd[18966]: Server listening on :: port 22. Nov 23 22:45:16.177758 osdx systemd[1]: Started OpenBSD Secure Shell server. Nov 23 22:45:16.197142 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:16.251509 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:16.282495 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:16.457463 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Nov 23 22:45:19.123670 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:19.244297 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Nov 23 22:45:19.334562 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 23 22:45:19.434153 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 23 22:45:19.530955 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 23 22:45:19.619877 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 23 22:45:19.737707 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Nov 23 22:45:19.833021 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b'. Nov 23 22:45:19.946608 osdx ca-certificates[19029]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:20.591767 osdx ca-certificates[20013]: 1 added, 0 removed; done. Nov 23 22:45:20.597716 osdx ca-certificates[20017]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:20.603728 osdx ca-certificates[20021]: done. Nov 23 22:45:20.696026 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:20.698673 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:20.706731 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:20.723699 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:20.724060 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Network connectivity detected Nov 23 22:45:20.724773 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Dropping privileges Nov 23 22:45:20.726996 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Network connectivity detected Nov 23 22:45:20.727135 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:20.727218 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:20.727309 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Firefox workaround initialized Nov 23 22:45:20.727383 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf89Ubr] Nov 23 22:45:20.747830 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:20.922753 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Nov 23 22:45:20.922753 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Nov 23 22:45:20.922753 osdx dnscrypt-proxy[20028]: [2023-11-23 22:45:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBJ8a2IoS7p19KsxfG-jhxSb6gD8-2xzjSo56wgBN9buApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBJ8a2IoS7p19KsxfG-jhxSb6gD8-2xzjSo56wgBN9buApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:29 UTC, end at Thu 2023-11-23 22:45:34 UTC. -- Nov 23 22:45:29.354229 osdx systemd-journald[619]: Runtime journal (/run/log/journal/1b38b2114cf0481baed8058b17ed7ac1) is 2.0M, max 16.0M, 14.0M free. Nov 23 22:45:29.368139 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:29.723011 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:29.844197 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Nov 23 22:45:29.934181 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:30.089029 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:30.181369 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:30.224670 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:30.251384 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:45:30.419224 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 23 22:45:31.648644 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8'. Nov 23 22:45:31.837515 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:31.940816 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 23 22:45:32.033739 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 23 22:45:32.143841 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBJ8a2IoS7p19KsxfG-jhxSb6gD8-2xzjSo56wgBN9buApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Nov 23 22:45:32.226247 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Nov 23 22:45:32.383598 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Nov 23 22:45:32.505609 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 23 22:45:32.626429 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 23 22:45:32.780961 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 23 22:45:32.941607 osdx ca-certificates[27318]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:33.644353 osdx ca-certificates[28303]: 1 added, 0 removed; done. Nov 23 22:45:33.650699 osdx ca-certificates[28307]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:33.656204 osdx ca-certificates[28311]: done. Nov 23 22:45:33.795013 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:33.797949 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:33.802491 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:33.824035 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:33.824412 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Network connectivity detected Nov 23 22:45:33.825085 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Dropping privileges Nov 23 22:45:33.827498 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Network connectivity detected Nov 23 22:45:33.827669 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:33.827753 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:33.827847 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 23 22:45:33.827946 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Firefox workaround initialized Nov 23 22:45:33.828021 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0k9sR8] Nov 23 22:45:33.856926 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:45:34.029006 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:34] [NOTICE] [RD] OK (DoH) - rtt: 164ms Nov 23 22:45:34.029006 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 164ms) Nov 23 22:45:34.029006 osdx dnscrypt-proxy[28364]: [2023-11-23 22:45:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 23 22:45:34.044273 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:29 UTC, end at Thu 2023-11-23 22:45:36 UTC. -- Nov 23 22:45:29.340738 osdx systemd-journald[568]: Runtime journal (/run/log/journal/8bfa9c72be3e409aa4997490338b4bf3) is 1.2M, max 9.7M, 8.5M free. Nov 23 22:45:29.356804 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:30.471628 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:30.598119 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Nov 23 22:45:30.688206 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:30.774011 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service ssh'. Nov 23 22:45:30.921626 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:31.090810 osdx systemd[1]: Starting OpenBSD Secure Shell server... Nov 23 22:45:31.104649 osdx sshd[21704]: Server listening on 0.0.0.0 port 22. Nov 23 22:45:31.104970 osdx sshd[21704]: Server listening on :: port 22. Nov 23 22:45:31.105133 osdx systemd[1]: Started OpenBSD Secure Shell server. Nov 23 22:45:31.123862 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:31.167740 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:31.195343 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:31.370222 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Nov 23 22:45:34.427977 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b'. Nov 23 22:45:34.610005 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:34.721271 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Nov 23 22:45:34.838059 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 23 22:45:34.942381 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 23 22:45:35.073568 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Nov 23 22:45:35.205364 osdx ca-certificates[21767]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:35.873290 osdx ca-certificates[22751]: 1 added, 0 removed; done. Nov 23 22:45:35.879396 osdx ca-certificates[22755]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:35.884629 osdx ca-certificates[22759]: done. Nov 23 22:45:35.961945 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:35.964787 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:35.969153 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:35.990871 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:35.991259 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Network connectivity detected Nov 23 22:45:35.991975 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Dropping privileges Nov 23 22:45:35.994229 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Network connectivity detected Nov 23 22:45:35.994392 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:35.994476 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:35.994571 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Firefox workaround initialized Nov 23 22:45:35.994646 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaYqfXR] Nov 23 22:45:36.010263 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:36.231873 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal show | cat'. Nov 23 22:45:36.481188 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:36] [NOTICE] [DUT0] OK (DoH) - rtt: 164ms Nov 23 22:45:36.481188 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:36] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 164ms) Nov 23 22:45:36.481188 osdx dnscrypt-proxy[22766]: [2023-11-23 22:45:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:44 UTC, end at Thu 2023-11-23 22:45:49 UTC. -- Nov 23 22:45:44.385190 osdx systemd-journald[619]: Runtime journal (/run/log/journal/1b38b2114cf0481baed8058b17ed7ac1) is 2.0M, max 16.0M, 14.0M free. Nov 23 22:45:44.404627 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:44.847679 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:44.984151 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Nov 23 22:45:45.099249 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:45.254020 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:45.365561 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:45.417318 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:45.478503 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:45:45.659552 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 23 22:45:46.947350 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 23 22:45:47.121677 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:45:47.233676 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 23 22:45:47.335568 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 23 22:45:47.449543 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Nov 23 22:45:47.553266 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Nov 23 22:45:47.676190 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Nov 23 22:45:47.784571 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a'. Nov 23 22:45:47.895820 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 23 22:45:48.022909 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Nov 23 22:45:48.131196 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Nov 23 22:45:48.249110 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 23 22:45:48.367513 osdx ca-certificates[30108]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:49.010435 osdx ca-certificates[31093]: 1 added, 0 removed; done. Nov 23 22:45:49.018816 osdx ca-certificates[31097]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:49.024050 osdx ca-certificates[31101]: done. Nov 23 22:45:49.164256 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:49.167194 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:45:49.171771 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:45:49.194111 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:49.194504 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Network connectivity detected Nov 23 22:45:49.195095 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Dropping privileges Nov 23 22:45:49.197471 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Network connectivity detected Nov 23 22:45:49.197629 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:49.197717 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:49.197857 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 23 22:45:49.198054 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Firefox workaround initialized Nov 23 22:45:49.198162 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpPQWmu9] Nov 23 22:45:49.199880 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 23 22:45:49.199880 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 23 22:45:49.199880 osdx dnscrypt-proxy[31154]: [2023-11-23 22:45:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 23 22:45:49.213814 osdx OSDxCLI[18128]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:45:44 UTC, end at Thu 2023-11-23 22:45:51 UTC. -- Nov 23 22:45:44.366458 osdx systemd-journald[568]: Runtime journal (/run/log/journal/8bfa9c72be3e409aa4997490338b4bf3) is 1.2M, max 9.7M, 8.5M free. Nov 23 22:45:44.385962 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:45:45.687335 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:45.833799 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Nov 23 22:45:45.957136 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:45:46.043010 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service ssh'. Nov 23 22:45:46.192215 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:45:46.385080 osdx systemd[1]: Starting OpenBSD Secure Shell server... Nov 23 22:45:46.404815 osdx sshd[24446]: Server listening on 0.0.0.0 port 22. Nov 23 22:45:46.405154 osdx sshd[24446]: Server listening on :: port 22. Nov 23 22:45:46.405314 osdx systemd[1]: Started OpenBSD Secure Shell server. Nov 23 22:45:46.423486 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:46.480039 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:46.512934 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:46.687081 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Nov 23 22:45:49.455051 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:45:49.591428 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Nov 23 22:45:49.699929 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 23 22:45:49.830017 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 23 22:45:49.939407 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 23 22:45:50.058186 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 23 22:45:50.193060 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Nov 23 22:45:50.289523 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b'. Nov 23 22:45:50.444626 osdx ca-certificates[24509]: Updating certificates in /etc/ssl/certs... Nov 23 22:45:51.198574 osdx ca-certificates[25495]: 1 added, 0 removed; done. Nov 23 22:45:51.206859 osdx ca-certificates[25499]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:45:51.214295 osdx ca-certificates[25503]: done. Nov 23 22:45:51.300795 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:45:51.303449 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:45:51.307976 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:45:51.329871 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:45:51.330254 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Network connectivity detected Nov 23 22:45:51.330828 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Dropping privileges Nov 23 22:45:51.332961 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Network connectivity detected Nov 23 22:45:51.333481 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:45:51.333481 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:45:51.333481 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Firefox workaround initialized Nov 23 22:45:51.333481 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1wAopD] Nov 23 22:45:51.382423 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:45:51.583558 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal show | cat'. Nov 23 22:45:51.665389 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] [DUT0] OK (DoH) - rtt: 127ms Nov 23 22:45:51.665389 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 127ms) Nov 23 22:45:51.665389 osdx dnscrypt-proxy[25510]: [2023-11-23 22:45:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHS09JljcqGSz1yaoDpCO0VF2NCFrOVJWN3ySVhteb5qGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHS09JljcqGSz1yaoDpCO0VF2NCFrOVJWN3ySVhteb5qGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:46:00 UTC, end at Thu 2023-11-23 22:46:05 UTC. -- Nov 23 22:46:00.371528 osdx systemd-journald[619]: Runtime journal (/run/log/journal/1b38b2114cf0481baed8058b17ed7ac1) is 2.0M, max 16.0M, 14.0M free. Nov 23 22:46:00.390127 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:46:00.824559 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:46:00.963659 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Nov 23 22:46:01.055713 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:46:01.191495 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:46:01.318976 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:46:01.370451 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:46:01.413107 osdx OSDxCLI[18128]: User 'admin' left the configuration menu. Nov 23 22:46:01.585650 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 23 22:46:02.827388 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 23 22:46:02.992416 osdx OSDxCLI[18128]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 74:b4:f4:99:63:72:a1:92:cf:5c:9a:a0:3a:42:3b:45:45:d8:d0:85:ac:e5:49:58:dd:f2:49:58:6d:79:be:6a ip 10.215.168.1 port 8443'. Nov 23 22:46:03.179299 osdx OSDxCLI[18128]: User 'admin' entered the configuration menu. Nov 23 22:46:03.282080 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 23 22:46:03.399538 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 23 22:46:03.515974 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHS09JljcqGSz1yaoDpCO0VF2NCFrOVJWN3ySVhteb5qGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Nov 23 22:46:03.622649 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 23 22:46:03.745409 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Nov 23 22:46:03.861498 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Nov 23 22:46:03.984338 osdx OSDxCLI[18128]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 23 22:46:04.152293 osdx ca-certificates[429]: Updating certificates in /etc/ssl/certs... Nov 23 22:46:04.821473 osdx ca-certificates[1448]: 1 added, 0 removed; done. Nov 23 22:46:04.827300 osdx ca-certificates[1452]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:46:04.832544 osdx ca-certificates[1456]: done. Nov 23 22:46:04.964407 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:46:04.967257 osdx cfgd[1092]: [18128]Completed change to active configuration Nov 23 22:46:04.971744 osdx OSDxCLI[18128]: User 'admin' committed the configuration. Nov 23 22:46:04.993803 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:46:04.994178 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Network connectivity detected Nov 23 22:46:04.994779 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Dropping privileges Nov 23 22:46:04.997180 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Network connectivity detected Nov 23 22:46:04.997322 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:46:04.997404 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:46:04.997504 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 23 22:46:04.997597 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Firefox workaround initialized Nov 23 22:46:04.997672 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpQN4pAZ] Nov 23 22:46:04.999163 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 23 22:46:04.999268 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 23 22:46:04.999351 osdx dnscrypt-proxy[1510]: [2023-11-23 22:46:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 23 22:46:05.005188 osdx zebra[1034]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Nov 23 22:46:05.011952 osdx OSDxCLI[18128]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2023-11-23 22:46:00 UTC, end at Thu 2023-11-23 22:46:07 UTC. -- Nov 23 22:46:00.364163 osdx systemd-journald[568]: Runtime journal (/run/log/journal/8bfa9c72be3e409aa4997490338b4bf3) is 1.2M, max 9.7M, 8.5M free. Nov 23 22:46:00.383849 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:46:01.632106 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:46:01.752239 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Nov 23 22:46:01.842581 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:46:01.956018 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service ssh'. Nov 23 22:46:02.096248 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:46:02.249897 osdx systemd[1]: Starting OpenBSD Secure Shell server... Nov 23 22:46:02.263638 osdx sshd[27196]: Server listening on 0.0.0.0 port 22. Nov 23 22:46:02.263951 osdx sshd[27196]: Server listening on :: port 22. Nov 23 22:46:02.264111 osdx systemd[1]: Started OpenBSD Secure Shell server. Nov 23 22:46:02.283082 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:46:02.326759 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:46:02.358806 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:46:02.567977 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Nov 23 22:46:05.344532 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash df3512c9635e41a8bc045e699a2e82a67e5f0663a565be550b3dd1b302b1e24b'. Nov 23 22:46:05.518068 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:46:05.618270 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Nov 23 22:46:05.704695 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 23 22:46:05.804151 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 23 22:46:05.935288 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg3zUSyWNeQai8BF5pmi6Cpn5fBmOlZb5VCz3RswKx4ksNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Nov 23 22:46:06.046464 osdx ca-certificates[27258]: Updating certificates in /etc/ssl/certs... Nov 23 22:46:06.697170 osdx ca-certificates[28243]: 1 added, 0 removed; done. Nov 23 22:46:06.702916 osdx ca-certificates[28247]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:46:06.708045 osdx ca-certificates[28251]: done. Nov 23 22:46:06.784438 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:46:06.787554 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:46:06.791924 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:46:06.817413 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:46:06.818138 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] dnscrypt-proxy 2.0.45 Nov 23 22:46:06.818456 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Network connectivity detected Nov 23 22:46:06.819035 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Dropping privileges Nov 23 22:46:06.821216 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Network connectivity detected Nov 23 22:46:06.821347 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 23 22:46:06.821433 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 23 22:46:06.821525 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Firefox workaround initialized Nov 23 22:46:06.821599 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0_YChj] Nov 23 22:46:07.005627 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:07] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Nov 23 22:46:07.005627 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:07] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Nov 23 22:46:07.005627 osdx dnscrypt-proxy[28258]: [2023-11-23 22:46:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 23 22:46:07.006946 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13