Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:46:43 UTC, end at Wed 2024-04-03 21:46:47 UTC. -- Apr 03 21:46:43.376516 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:46:43.394007 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:46:43.754159 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:46:43.882259 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:46:44.006826 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:46:44.168233 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:46:44.285617 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:46:44.331087 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:46:44.376295 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:46:44.561582 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:46:45.460087 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:46:45.897011 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:46:46.017985 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:46:46.112600 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:46:46.205693 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:46:46.295529 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:46:46.440339 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:46:46.526186 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 03 21:46:46.663306 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 03 21:46:46.780442 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 03 21:46:46.932067 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 03 21:46:47.075903 osdx ca-certificates[30309]: Updating certificates in /etc/ssl/certs... Apr 03 21:46:47.719697 osdx ca-certificates[31293]: 1 added, 0 removed; done. Apr 03 21:46:47.725521 osdx ca-certificates[31297]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:46:47.730622 osdx ca-certificates[31301]: done. Apr 03 21:46:47.870074 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:46:47.873031 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:46:47.877498 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:46:47.902936 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:46:47.903726 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:46:47.904212 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Network connectivity detected Apr 03 21:46:47.904749 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Dropping privileges Apr 03 21:46:47.907206 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Network connectivity detected Apr 03 21:46:47.907379 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:46:47.907477 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:46:47.907568 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 03 21:46:47.907659 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Firefox workaround initialized Apr 03 21:46:47.907738 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpHN80pJ] Apr 03 21:46:48.066934 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:48] [NOTICE] [RD] OK (DoH) - rtt: 126ms Apr 03 21:46:48.066934 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 126ms) Apr 03 21:46:48.066934 osdx dnscrypt-proxy[31354]: [2024-04-03 21:46:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:46:43 UTC, end at Wed 2024-04-03 21:46:50 UTC. -- Apr 03 21:46:43.347826 osdx systemd-journald[568]: Runtime journal (/run/log/journal/267898f4bf544adbb4c1fc962594dcef) is 1.2M, max 9.7M, 8.5M free. Apr 03 21:46:43.364437 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:46:44.605313 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:46:44.727837 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 03 21:46:44.818898 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:46:44.909385 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service ssh'. Apr 03 21:46:45.063338 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:46:45.252718 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 03 21:46:45.272649 osdx sshd[10324]: Server listening on 0.0.0.0 port 22. Apr 03 21:46:45.272964 osdx sshd[10324]: Server listening on :: port 22. Apr 03 21:46:45.273124 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 03 21:46:45.290920 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:46:45.348464 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:46:45.385490 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:46:45.571175 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 03 21:46:48.178424 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:46:48.307005 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 03 21:46:48.391708 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 03 21:46:48.481879 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 03 21:46:48.578357 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 03 21:46:48.711346 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 03 21:46:48.848515 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Apr 03 21:46:48.991727 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae'. Apr 03 21:46:49.132942 osdx ca-certificates[10387]: Updating certificates in /etc/ssl/certs... Apr 03 21:46:49.813561 osdx ca-certificates[11371]: 1 added, 0 removed; done. Apr 03 21:46:49.819388 osdx ca-certificates[11375]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:46:49.824708 osdx ca-certificates[11379]: done. Apr 03 21:46:49.912037 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:46:49.914706 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:46:49.918799 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:46:49.940574 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:46:49.940989 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Network connectivity detected Apr 03 21:46:49.944299 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Dropping privileges Apr 03 21:46:49.944649 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:46:49.947476 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Network connectivity detected Apr 03 21:46:49.947660 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:46:49.947749 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:46:49.947845 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Firefox workaround initialized Apr 03 21:46:49.947925 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwTzYxh] Apr 03 21:46:50.174831 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:50] [NOTICE] [DUT0] OK (DoH) - rtt: 132ms Apr 03 21:46:50.174831 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:50] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 132ms) Apr 03 21:46:50.174831 osdx dnscrypt-proxy[11386]: [2024-04-03 21:46:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 03 21:46:50.176784 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:46:58 UTC, end at Wed 2024-04-03 21:47:03 UTC. -- Apr 03 21:46:58.373942 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:46:58.393199 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:46:58.787448 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:46:58.911376 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:46:59.005827 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:46:59.158130 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:46:59.276207 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:46:59.334178 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:46:59.362703 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:46:59.541157 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:47:00.293889 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:47:00.967098 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:47:01.179358 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:47:01.285331 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:47:01.444591 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:47:01.563605 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Apr 03 21:47:01.681335 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 03 21:47:01.820353 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 03 21:47:01.948262 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 03 21:47:02.093280 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 03 21:47:02.218618 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 03 21:47:02.345151 osdx ca-certificates[630]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:02.992305 osdx ca-certificates[1650]: 1 added, 0 removed; done. Apr 03 21:47:02.998268 osdx ca-certificates[1654]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:03.003477 osdx ca-certificates[1658]: done. Apr 03 21:47:03.138053 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:03.140795 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:47:03.145257 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:47:03.170063 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:47:03.173117 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:03.173498 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Network connectivity detected Apr 03 21:47:03.174135 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Dropping privileges Apr 03 21:47:03.176738 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Network connectivity detected Apr 03 21:47:03.176899 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:03.176984 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:03.177123 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 03 21:47:03.177218 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Firefox workaround initialized Apr 03 21:47:03.177296 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0vzljC] Apr 03 21:47:03.375667 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal show | cat'. Apr 03 21:47:03.410040 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] [RD] OK (DoH) - rtt: 200ms Apr 03 21:47:03.410040 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 200ms) Apr 03 21:47:03.410040 osdx dnscrypt-proxy[1711]: [2024-04-03 21:47:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:46:58 UTC, end at Wed 2024-04-03 21:47:05 UTC. -- Apr 03 21:46:58.378055 osdx systemd-journald[568]: Runtime journal (/run/log/journal/267898f4bf544adbb4c1fc962594dcef) is 1.2M, max 9.7M, 8.5M free. Apr 03 21:46:58.392526 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:46:59.589817 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:46:59.732659 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 03 21:46:59.850448 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:46:59.972092 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service ssh'. Apr 03 21:47:00.135350 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:47:00.306037 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 03 21:47:00.320127 osdx sshd[13066]: Server listening on 0.0.0.0 port 22. Apr 03 21:47:00.320450 osdx sshd[13066]: Server listening on :: port 22. Apr 03 21:47:00.320615 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 03 21:47:00.339058 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:00.383566 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:00.431457 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:00.650305 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 03 21:47:03.861680 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae'. Apr 03 21:47:04.057811 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:47:04.169078 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 03 21:47:04.287387 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 03 21:47:04.378815 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 03 21:47:04.483126 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 03 21:47:04.588844 osdx ca-certificates[13134]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:05.251866 osdx ca-certificates[14118]: 1 added, 0 removed; done. Apr 03 21:47:05.257823 osdx ca-certificates[14123]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:05.262610 osdx ca-certificates[14126]: done. Apr 03 21:47:05.350480 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:05.354402 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:05.365016 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:05.384373 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:05.384783 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Network connectivity detected Apr 03 21:47:05.385343 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Dropping privileges Apr 03 21:47:05.387466 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Network connectivity detected Apr 03 21:47:05.387599 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:05.387680 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:05.387804 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Firefox workaround initialized Apr 03 21:47:05.387906 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppJtRUf] Apr 03 21:47:05.399798 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:05.588332 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal show | cat'. Apr 03 21:47:05.663881 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] [DUT0] OK (DoH) - rtt: 149ms Apr 03 21:47:05.663881 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 149ms) Apr 03 21:47:05.663881 osdx dnscrypt-proxy[14133]: [2024-04-03 21:47:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:47:14 UTC, end at Wed 2024-04-03 21:47:19 UTC. -- Apr 03 21:47:14.364278 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:47:14.377723 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:47:14.761085 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:47:14.884025 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:47:14.984193 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:47:15.132942 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:47:15.228782 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:47:15.272505 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:47:15.315025 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:47:15.356539 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:47:15.513108 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:47:16.726991 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 03 21:47:16.908362 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:47:17.027501 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:47:17.119418 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:47:17.225902 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Apr 03 21:47:17.357522 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Apr 03 21:47:17.452289 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Apr 03 21:47:17.549917 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f'. Apr 03 21:47:17.627121 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 03 21:47:17.748520 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 03 21:47:17.865418 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 03 21:47:17.957621 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 03 21:47:18.081438 osdx ca-certificates[3455]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:18.840389 osdx ca-certificates[4439]: 1 added, 0 removed; done. Apr 03 21:47:18.849509 osdx ca-certificates[4444]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:18.856273 osdx ca-certificates[4447]: done. Apr 03 21:47:19.004476 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:19.007900 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:47:19.018037 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:47:19.035014 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:19.035390 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Network connectivity detected Apr 03 21:47:19.036109 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Dropping privileges Apr 03 21:47:19.038489 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Network connectivity detected Apr 03 21:47:19.038653 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:19.038738 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:19.038836 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 03 21:47:19.038928 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Firefox workaround initialized Apr 03 21:47:19.039003 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjRVFlz] Apr 03 21:47:19.043206 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:47:19.044153 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] [RD] OK (DNSCrypt) - rtt: 1ms Apr 03 21:47:19.044258 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 1ms) Apr 03 21:47:19.044337 osdx dnscrypt-proxy[4500]: [2024-04-03 21:47:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:47:14 UTC, end at Wed 2024-04-03 21:47:21 UTC. -- Apr 03 21:47:14.345887 osdx systemd-journald[568]: Runtime journal (/run/log/journal/267898f4bf544adbb4c1fc962594dcef) is 1.2M, max 9.7M, 8.5M free. Apr 03 21:47:14.364981 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:47:15.614376 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:47:15.710744 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 03 21:47:15.829460 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:47:15.915197 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service ssh'. Apr 03 21:47:16.057296 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:47:16.210513 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 03 21:47:16.224722 osdx sshd[15815]: Server listening on 0.0.0.0 port 22. Apr 03 21:47:16.225071 osdx sshd[15815]: Server listening on :: port 22. Apr 03 21:47:16.225237 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 03 21:47:16.244308 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:16.288766 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:16.316359 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:16.492216 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 03 21:47:19.326362 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:47:19.454631 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 03 21:47:19.539849 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 03 21:47:19.633730 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 03 21:47:19.729118 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 03 21:47:19.821133 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 03 21:47:19.917924 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Apr 03 21:47:20.018578 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae'. Apr 03 21:47:20.131097 osdx ca-certificates[15878]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:20.796774 osdx ca-certificates[16862]: 1 added, 0 removed; done. Apr 03 21:47:20.802418 osdx ca-certificates[16866]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:20.807610 osdx ca-certificates[16870]: done. Apr 03 21:47:20.890823 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:20.893547 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:20.897546 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:20.918717 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:20.919098 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Network connectivity detected Apr 03 21:47:20.919720 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Dropping privileges Apr 03 21:47:20.921925 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Network connectivity detected Apr 03 21:47:20.922074 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:20.922155 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:20.922244 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Firefox workaround initialized Apr 03 21:47:20.922317 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyJ1aHn] Apr 03 21:47:20.928010 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:21.132079 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal show | cat'. Apr 03 21:47:21.201860 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:21] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Apr 03 21:47:21.201860 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:21] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms) Apr 03 21:47:21.201860 osdx dnscrypt-proxy[16877]: [2024-04-03 21:47:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:47:29 UTC, end at Wed 2024-04-03 21:47:33 UTC. -- Apr 03 21:47:29.375132 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:47:29.389242 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:47:29.747183 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:47:29.878362 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:47:29.984143 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:47:30.144308 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:47:30.242534 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:47:30.287062 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:47:30.314779 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:47:30.487768 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:47:30.572304 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:47:31.763064 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 03 21:47:31.906673 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443'. Apr 03 21:47:32.088306 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:47:32.186295 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:47:32.274714 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:47:32.406297 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Apr 03 21:47:32.495401 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 03 21:47:32.616829 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 03 21:47:32.735415 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 03 21:47:32.831411 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 03 21:47:32.955985 osdx ca-certificates[6240]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:33.603212 osdx ca-certificates[7224]: 1 added, 0 removed; done. Apr 03 21:47:33.612437 osdx ca-certificates[7229]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:33.619456 osdx ca-certificates[7232]: done. Apr 03 21:47:33.794620 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:33.797653 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:47:33.806024 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:47:33.826613 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:33.827000 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Network connectivity detected Apr 03 21:47:33.827702 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Dropping privileges Apr 03 21:47:33.830170 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Network connectivity detected Apr 03 21:47:33.830363 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:33.830452 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:33.830547 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 03 21:47:33.830654 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Firefox workaround initialized Apr 03 21:47:33.830731 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp57G5y5] Apr 03 21:47:33.832463 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 03 21:47:33.832573 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 03 21:47:33.832654 osdx dnscrypt-proxy[7285]: [2024-04-03 21:47:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 03 21:47:33.867423 osdx OSDxCLI[26772]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2024-04-03 21:47:29 UTC, end at Wed 2024-04-03 21:47:35 UTC. -- Apr 03 21:47:29.350878 osdx systemd-journald[568]: Runtime journal (/run/log/journal/267898f4bf544adbb4c1fc962594dcef) is 1.2M, max 9.7M, 8.5M free. Apr 03 21:47:29.364056 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:47:30.531450 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:47:30.684556 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 03 21:47:30.771275 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:47:30.856646 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service ssh'. Apr 03 21:47:31.008795 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:47:31.192491 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 03 21:47:31.206476 osdx sshd[18557]: Server listening on 0.0.0.0 port 22. Apr 03 21:47:31.206794 osdx sshd[18557]: Server listening on :: port 22. Apr 03 21:47:31.206951 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 03 21:47:31.229137 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:31.295148 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:31.350244 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:31.524100 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 03 21:47:34.114715 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash f7951e8d84b7842f450d5728f4e636dc4dcd1f86cc94717f1f32c0994e353dae'. Apr 03 21:47:34.290940 osdx OSDxCLI[27939]: User 'admin' entered the configuration menu. Apr 03 21:47:34.392986 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 03 21:47:34.480062 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 03 21:47:34.570477 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 03 21:47:34.669835 osdx OSDxCLI[27939]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAg95UejYS3hC9FDVco9OY23E3NH4bMlHF_HzLAmU41Pa4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 03 21:47:34.796988 osdx ca-certificates[18619]: Updating certificates in /etc/ssl/certs... Apr 03 21:47:35.485372 osdx ca-certificates[19603]: 1 added, 0 removed; done. Apr 03 21:47:35.491228 osdx ca-certificates[19607]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:47:35.496403 osdx ca-certificates[19611]: done. Apr 03 21:47:35.572878 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:47:35.575445 osdx cfgd[976]: [27939]Completed change to active configuration Apr 03 21:47:35.579750 osdx OSDxCLI[27939]: User 'admin' committed the configuration. Apr 03 21:47:35.601095 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] dnscrypt-proxy 2.0.45 Apr 03 21:47:35.601492 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Network connectivity detected Apr 03 21:47:35.602049 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Dropping privileges Apr 03 21:47:35.604116 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Network connectivity detected Apr 03 21:47:35.604244 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 03 21:47:35.604325 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 03 21:47:35.604418 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Firefox workaround initialized Apr 03 21:47:35.604492 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpofwoNd] Apr 03 21:47:35.625004 osdx OSDxCLI[27939]: User 'admin' left the configuration menu. Apr 03 21:47:35.812670 osdx OSDxCLI[27939]: User 'admin' executed a new command: 'system journal show | cat'. Apr 03 21:47:35.829114 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] [DUT0] OK (DoH) - rtt: 115ms Apr 03 21:47:35.829114 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 115ms) Apr 03 21:47:35.829114 osdx dnscrypt-proxy[19618]: [2024-04-03 21:47:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13