Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:50:43 UTC, end at Tue 2024-04-23 16:50:46 UTC. -- Apr 23 16:50:43.269703 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 4.0M, max 16.0M, 12.0M free. Apr 23 16:50:43.281900 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:50:43.494496 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:50:43.584456 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:50:43.644719 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:50:43.750899 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:50:43.812399 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:50:43.840794 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:50:43.864084 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:50:43.999810 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:50:44.944219 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:50:45.000071 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:50:45.090909 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:50:45.146141 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:50:45.236590 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:50:45.288234 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:50:45.376888 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 23 16:50:45.427482 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 23 16:50:45.517867 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 23 16:50:45.568228 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 23 16:50:45.680747 osdx ca-certificates[22794]: Updating certificates in /etc/ssl/certs... Apr 23 16:50:46.065612 osdx ca-certificates[23778]: 1 added, 0 removed; done. Apr 23 16:50:46.069438 osdx ca-certificates[23781]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:50:46.072910 osdx ca-certificates[23785]: done. Apr 23 16:50:46.160058 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:50:46.162142 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:50:46.167858 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:50:46.179068 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:50:46.179287 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Network connectivity detected Apr 23 16:50:46.179649 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Dropping privileges Apr 23 16:50:46.181400 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Network connectivity detected Apr 23 16:50:46.181490 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:50:46.181529 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:50:46.181580 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 23 16:50:46.181628 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Firefox workaround initialized Apr 23 16:50:46.181667 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpHyg_Nh] Apr 23 16:50:46.191394 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:50:46.322435 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:50:46.324294 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] [RD] OK (DoH) - rtt: 119ms Apr 23 16:50:46.324294 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Apr 23 16:50:46.324294 osdx dnscrypt-proxy[23839]: [2024-04-23 16:50:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:50:43 UTC, end at Tue 2024-04-23 16:50:47 UTC. -- Apr 23 16:50:43.251285 osdx systemd-journald[562]: Runtime journal (/run/log/journal/d4e47729ada341c793dfbfab0a48290e) is 1.2M, max 9.7M, 8.5M free. Apr 23 16:50:43.258990 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:50:44.028700 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:50:44.135799 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 23 16:50:44.208048 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:50:44.309187 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service ssh'. Apr 23 16:50:44.415348 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:50:44.525893 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 23 16:50:44.536134 osdx sshd[6939]: Server listening on 0.0.0.0 port 22. Apr 23 16:50:44.536385 osdx sshd[6939]: Server listening on :: port 22. Apr 23 16:50:44.536501 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 23 16:50:44.552026 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:50:44.585330 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:50:44.605550 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:50:44.761153 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 23 16:50:46.518514 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:50:46.576581 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 23 16:50:46.665786 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 23 16:50:46.714915 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 23 16:50:46.815742 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 23 16:50:46.866489 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 23 16:50:46.965107 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Apr 23 16:50:47.023672 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f'. Apr 23 16:50:47.137320 osdx ca-certificates[7002]: Updating certificates in /etc/ssl/certs... Apr 23 16:50:47.538246 osdx ca-certificates[7986]: 1 added, 0 removed; done. Apr 23 16:50:47.542276 osdx ca-certificates[7989]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:50:47.546084 osdx ca-certificates[7993]: done. Apr 23 16:50:47.603438 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:50:47.605688 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:50:47.612442 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:50:47.623845 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:50:47.624112 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Network connectivity detected Apr 23 16:50:47.624391 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Dropping privileges Apr 23 16:50:47.627837 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:50:47.628399 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Network connectivity detected Apr 23 16:50:47.628486 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:50:47.628526 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:50:47.628581 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Firefox workaround initialized Apr 23 16:50:47.628620 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_pvsjy] Apr 23 16:50:47.766919 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:50:47.896476 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Apr 23 16:50:47.896476 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Apr 23 16:50:47.896476 osdx dnscrypt-proxy[8001]: [2024-04-23 16:50:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAXHiQcmD5TONBXbiC0ocsChSmotZoYqQcCN54BvSomrwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAXHiQcmD5TONBXbiC0ocsChSmotZoYqQcCN54BvSomrwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:50:52 UTC, end at Tue 2024-04-23 16:50:55 UTC. -- Apr 23 16:50:52.274113 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:50:52.283399 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:50:52.532391 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:50:52.626360 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:50:52.677497 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:50:52.790695 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:50:52.860058 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:50:52.893179 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:50:52.909760 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:50:53.038052 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:50:53.857422 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:50:53.990134 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:50:54.045670 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:50:54.136836 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:50:54.194567 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAXHiQcmD5TONBXbiC0ocsChSmotZoYqQcCN54BvSomrwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Apr 23 16:50:54.292548 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 23 16:50:54.350533 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 23 16:50:54.446368 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 23 16:50:54.497620 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 23 16:50:54.591901 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 23 16:50:54.660435 osdx ca-certificates[25583]: Updating certificates in /etc/ssl/certs... Apr 23 16:50:55.101200 osdx ca-certificates[26567]: 1 added, 0 removed; done. Apr 23 16:50:55.105398 osdx ca-certificates[26570]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:50:55.109350 osdx ca-certificates[26574]: done. Apr 23 16:50:55.195070 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:50:55.197184 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:50:55.203615 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:50:55.215035 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:50:55.215288 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Network connectivity detected Apr 23 16:50:55.215727 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Dropping privileges Apr 23 16:50:55.218982 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Network connectivity detected Apr 23 16:50:55.219075 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:50:55.219315 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:50:55.220393 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:50:55.220393 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 23 16:50:55.220393 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Firefox workaround initialized Apr 23 16:50:55.220393 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpp9eO6M] Apr 23 16:50:55.358501 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:50:55.388161 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] [RD] OK (DoH) - rtt: 145ms Apr 23 16:50:55.388161 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] Server with the lowest initial latency: RD (rtt: 145ms) Apr 23 16:50:55.388161 osdx dnscrypt-proxy[26628]: [2024-04-23 16:50:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:50:53 UTC, end at Tue 2024-04-23 16:50:57 UTC. -- Apr 23 16:50:53.246433 osdx systemd-journald[562]: Runtime journal (/run/log/journal/d4e47729ada341c793dfbfab0a48290e) is 1.2M, max 9.7M, 8.5M free. Apr 23 16:50:53.254790 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:50:54.045526 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:50:54.098900 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 23 16:50:54.189837 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:50:54.234851 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service ssh'. Apr 23 16:50:54.362316 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:50:54.454966 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 23 16:50:54.463169 osdx sshd[9683]: Server listening on 0.0.0.0 port 22. Apr 23 16:50:54.463335 osdx sshd[9683]: Server listening on :: port 22. Apr 23 16:50:54.463421 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 23 16:50:54.474890 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:50:54.500767 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:50:54.517310 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:50:54.649774 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 23 16:50:56.557309 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f'. Apr 23 16:50:56.691548 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:50:56.747442 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 23 16:50:56.838702 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 23 16:50:56.886175 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 23 16:50:56.986922 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 23 16:50:57.066770 osdx ca-certificates[9746]: Updating certificates in /etc/ssl/certs... Apr 23 16:50:57.502457 osdx ca-certificates[10730]: 1 added, 0 removed; done. Apr 23 16:50:57.506480 osdx ca-certificates[10733]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:50:57.510214 osdx ca-certificates[10737]: done. Apr 23 16:50:57.562160 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:50:57.564407 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:50:57.571377 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:50:57.582621 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:50:57.582879 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Network connectivity detected Apr 23 16:50:57.583169 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Dropping privileges Apr 23 16:50:57.584834 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Network connectivity detected Apr 23 16:50:57.584927 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:50:57.584966 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:50:57.586570 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Firefox workaround initialized Apr 23 16:50:57.586634 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxmeAAh] Apr 23 16:50:57.587105 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:50:57.734768 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:50:57.847567 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] [DUT0] OK (DoH) - rtt: 125ms Apr 23 16:50:57.847567 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 125ms) Apr 23 16:50:57.847567 osdx dnscrypt-proxy[10745]: [2024-04-23 16:50:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06 set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:51:02 UTC, end at Tue 2024-04-23 16:51:05 UTC. -- Apr 23 16:51:02.276218 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:51:02.284936 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:51:02.509562 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:51:02.607798 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:51:02.658000 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:51:02.771717 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:51:02.828855 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:51:02.857069 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:51:02.881785 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:51:03.012114 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:51:03.886139 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 23 16:51:04.013495 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:51:04.068713 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:51:04.157275 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:51:04.208096 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Apr 23 16:51:04.298713 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Apr 23 16:51:04.347895 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Apr 23 16:51:04.445694 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06'. Apr 23 16:51:04.489587 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 23 16:51:04.585680 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 23 16:51:04.635723 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 23 16:51:04.729139 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 23 16:51:04.798581 osdx ca-certificates[28378]: Updating certificates in /etc/ssl/certs... Apr 23 16:51:05.187933 osdx ca-certificates[29363]: 1 added, 0 removed; done. Apr 23 16:51:05.191474 osdx ca-certificates[29366]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:51:05.194792 osdx ca-certificates[29370]: done. Apr 23 16:51:05.282547 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:51:05.284657 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:51:05.292724 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:51:05.300633 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:51:05.300854 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Network connectivity detected Apr 23 16:51:05.301941 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Dropping privileges Apr 23 16:51:05.303475 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Network connectivity detected Apr 23 16:51:05.303557 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:51:05.303596 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:51:05.303641 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 23 16:51:05.303704 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Firefox workaround initialized Apr 23 16:51:05.303735 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk3coz9] Apr 23 16:51:05.304605 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 23 16:51:05.304670 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 23 16:51:05.304706 osdx dnscrypt-proxy[29424]: [2024-04-23 16:51:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 23 16:51:05.312468 osdx OSDxCLI[1600]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:51:02 UTC, end at Tue 2024-04-23 16:51:06 UTC. -- Apr 23 16:51:02.257111 osdx systemd-journald[562]: Runtime journal (/run/log/journal/d4e47729ada341c793dfbfab0a48290e) is 1.2M, max 9.7M, 8.5M free. Apr 23 16:51:02.265736 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:51:03.032224 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:51:03.101565 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 23 16:51:03.186287 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:51:03.246049 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service ssh'. Apr 23 16:51:03.363503 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:51:03.475184 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 23 16:51:03.487942 osdx sshd[12429]: Server listening on 0.0.0.0 port 22. Apr 23 16:51:03.488254 osdx sshd[12429]: Server listening on :: port 22. Apr 23 16:51:03.488381 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 23 16:51:03.501506 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:51:03.534583 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:51:03.568034 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:51:03.724053 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 23 16:51:05.466403 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:51:05.532596 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 23 16:51:05.611824 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 23 16:51:05.692022 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 23 16:51:05.790019 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 23 16:51:05.842216 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 23 16:51:05.937169 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Apr 23 16:51:06.005123 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f'. Apr 23 16:51:06.115842 osdx ca-certificates[12492]: Updating certificates in /etc/ssl/certs... Apr 23 16:51:06.514884 osdx ca-certificates[13476]: 1 added, 0 removed; done. Apr 23 16:51:06.519158 osdx ca-certificates[13479]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:51:06.522989 osdx ca-certificates[13483]: done. Apr 23 16:51:06.580589 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:51:06.582682 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:51:06.588278 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:51:06.600981 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:51:06.601248 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Network connectivity detected Apr 23 16:51:06.601539 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Dropping privileges Apr 23 16:51:06.604057 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:51:06.605381 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Network connectivity detected Apr 23 16:51:06.605469 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:51:06.605506 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:51:06.605555 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Firefox workaround initialized Apr 23 16:51:06.605588 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwLsVm2] Apr 23 16:51:06.755219 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:51:06.926284 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] [DUT0] OK (DoH) - rtt: 136ms Apr 23 16:51:06.926284 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 136ms) Apr 23 16:51:06.926284 osdx dnscrypt-proxy[13491]: [2024-04-23 16:51:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINzZ3FfNK8AjyKQ2Ya7_gq4wZRDJvzKTB50B8XzT7AMGGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINzZ3FfNK8AjyKQ2Ya7_gq4wZRDJvzKTB50B8XzT7AMGGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:51:12 UTC, end at Tue 2024-04-23 16:51:15 UTC. -- Apr 23 16:51:12.270585 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:51:12.278391 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:51:12.493147 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:51:12.588409 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:51:12.636991 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:51:12.754887 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:51:12.810676 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:51:12.837070 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:51:12.853856 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:51:12.982800 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:51:13.784104 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 23 16:51:13.862948 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key dc:d9:dc:57:cd:2b:c0:23:c8:a4:36:61:ae:ff:82:ae:30:65:10:c9:bf:32:93:07:9d:01:f1:7c:d3:ec:03:06 ip 10.215.168.1 port 8443'. Apr 23 16:51:14.011423 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:51:14.064759 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:51:14.157224 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:51:14.211840 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzINzZ3FfNK8AjyKQ2Ya7_gq4wZRDJvzKTB50B8XzT7AMGGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Apr 23 16:51:14.293727 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 23 16:51:14.347570 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Apr 23 16:51:14.440975 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Apr 23 16:51:14.502053 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 23 16:51:14.611399 osdx ca-certificates[31160]: Updating certificates in /etc/ssl/certs... Apr 23 16:51:14.999238 osdx ca-certificates[32144]: 1 added, 0 removed; done. Apr 23 16:51:15.003203 osdx ca-certificates[32147]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:51:15.006659 osdx ca-certificates[32151]: done. Apr 23 16:51:15.092636 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:51:15.094768 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:51:15.099925 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:51:15.112402 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:51:15.112641 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Network connectivity detected Apr 23 16:51:15.113067 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Dropping privileges Apr 23 16:51:15.114795 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Network connectivity detected Apr 23 16:51:15.114895 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:51:15.114947 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:51:15.115001 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 23 16:51:15.115068 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Firefox workaround initialized Apr 23 16:51:15.115102 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxTjb55] Apr 23 16:51:15.115991 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 23 16:51:15.116056 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 23 16:51:15.116090 osdx dnscrypt-proxy[32205]: [2024-04-23 16:51:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 23 16:51:15.128869 osdx OSDxCLI[1600]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-04-23 16:51:12 UTC, end at Tue 2024-04-23 16:51:16 UTC. -- Apr 23 16:51:12.242090 osdx systemd-journald[562]: Runtime journal (/run/log/journal/d4e47729ada341c793dfbfab0a48290e) is 1.2M, max 9.7M, 8.5M free. Apr 23 16:51:12.250514 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:51:12.995828 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:51:13.092817 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Apr 23 16:51:13.141015 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:51:13.245079 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service ssh'. Apr 23 16:51:13.325117 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:51:13.421455 osdx systemd[1]: Starting OpenBSD Secure Shell server... Apr 23 16:51:13.430052 osdx sshd[15170]: Server listening on 0.0.0.0 port 22. Apr 23 16:51:13.430262 osdx sshd[15170]: Server listening on :: port 22. Apr 23 16:51:13.430377 osdx systemd[1]: Started OpenBSD Secure Shell server. Apr 23 16:51:13.442086 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:51:13.470828 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:51:13.486250 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:51:13.624156 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Apr 23 16:51:15.275868 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.10 hash 84b68d6e528850d3c386942592f952543bee6874f795e33a807002a43a00835f'. Apr 23 16:51:15.414798 osdx OSDxCLI[1593]: User 'admin' entered the configuration menu. Apr 23 16:51:15.484398 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Apr 23 16:51:15.586079 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 23 16:51:15.651607 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 23 16:51:15.749145 osdx OSDxCLI[1593]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguMTAghLaNblKIUNPDhpQlkvlSVDvuaHT3leM6gHACpDoAg18NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Apr 23 16:51:15.812882 osdx ca-certificates[15232]: Updating certificates in /etc/ssl/certs... Apr 23 16:51:16.205957 osdx ca-certificates[16216]: 1 added, 0 removed; done. Apr 23 16:51:16.210349 osdx ca-certificates[16219]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:51:16.214004 osdx ca-certificates[16223]: done. Apr 23 16:51:16.263835 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:51:16.265904 osdx cfgd[1178]: [1593]Completed change to active configuration Apr 23 16:51:16.274179 osdx OSDxCLI[1593]: User 'admin' committed the configuration. Apr 23 16:51:16.283185 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] dnscrypt-proxy 2.0.45 Apr 23 16:51:16.283455 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Network connectivity detected Apr 23 16:51:16.284547 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Dropping privileges Apr 23 16:51:16.286528 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Network connectivity detected Apr 23 16:51:16.286631 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 23 16:51:16.286679 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 23 16:51:16.286752 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Firefox workaround initialized Apr 23 16:51:16.286790 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6brDty] Apr 23 16:51:16.290119 osdx OSDxCLI[1593]: User 'admin' left the configuration menu. Apr 23 16:51:16.424505 osdx OSDxCLI[1593]: User 'admin' executed a new command: 'system journal show | cat'. Apr 23 16:51:16.463108 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Apr 23 16:51:16.463108 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms) Apr 23 16:51:16.463108 osdx dnscrypt-proxy[16231]: [2024-04-23 16:51:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13