Cloaking
Test suite to validate domain cloaking
Simple Cloaking
Description
Cloaks all requests to teldat.com using address 1.2.3.4.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cloaking name teldat.com destination 1.2.3.4
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 1.2.3.4Show output
teldat.com has address 1.2.3.4
No Hosts
Description
Tells DNS Proxy to ignore host entries (static entries). As a result, requests to teldat.com return 19.18.17.16 address.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cloaking ignore-hosts set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Multiple Destinations
Description
Cloaks all requests to teldat.com using multiple IP addresses.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cloaking name teldat.com destination 1.2.3.4 set service dns proxy cloaking name teldat.com destination 4.3.2.1 set service dns proxy cloaking name teldat.com destination ff00::dead:beef set service dns proxy cloaking name teldat.com destination ff00::abba:abba
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 1.2.3.4Show output
teldat.com has address 1.2.3.4 teldat.com has address 4.3.2.1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 4.3.2.1Show output
teldat.com has address 4.3.2.1 teldat.com has address 1.2.3.4
Step 4: Run command show host lookup teldat.com type AAAA at DUT0 and check if output contains the following tokens:
teldat.com has IPv6 address ff00::dead:beefShow output
teldat.com has IPv6 address ff00::dead:beef teldat.com has IPv6 address ff00::abba:abba
Step 5: Run command show host lookup teldat.com type AAAA at DUT0 and check if output contains the following tokens:
teldat.com has IPv6 address ff00::abba:abbaShow output
teldat.com has IPv6 address ff00::abba:abba teldat.com has IPv6 address ff00::dead:beef
Chained Destinations
Description
Cloaks requests from multiple domains using chained destinations.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cloaking name example.com destination teldat.com set service dns proxy cloaking name teldat.es destination 1.2.3.4 set service dns proxy cloaking name teldat.es destination ff00::dead:beef set service dns proxy cloaking name teldat.net destination teldat.es set service dns proxy cloaking name teldat.eu destination teldat.net
Step 2: Run command show host lookup example.com type A at DUT0 and check if output contains the following tokens:
example.com has address 19.18.17.16Show output
example.com has address 19.18.17.16
Step 3: Run command show host lookup teldat.es type A at DUT0 and check if output contains the following tokens:
teldat.es has address 1.2.3.4Show output
teldat.es has address 1.2.3.4
Step 4: Run command show host lookup teldat.es type AAAA at DUT0 and check if output contains the following tokens:
teldat.es has IPv6 address ff00::dead:beefShow output
teldat.es has IPv6 address ff00::dead:beef
Step 5: Run command show host lookup teldat.net type A at DUT0 and check if output contains the following tokens:
teldat.net has address 1.2.3.4Show output
teldat.net has address 1.2.3.4
Step 6: Run command show host lookup teldat.net type AAAA at DUT0 and check if output contains the following tokens:
teldat.net has IPv6 address ff00::dead:beefShow output
teldat.net has IPv6 address ff00::dead:beef
Step 7: Run command show host lookup teldat.eu type A at DUT0 and check if output contains the following tokens:
teldat.eu has address 1.2.3.4Show output
teldat.eu has address 1.2.3.4
Step 8: Run command show host lookup teldat.eu type AAAA at DUT0 and check if output contains the following tokens:
teldat.eu has IPv6 address ff00::dead:beefShow output
teldat.eu has IPv6 address ff00::dead:beef
RegEx Input
Description
Cloaks domains that match a regular expression, instead of fully matching a given FQDN.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cloaking name teldat.com destination 10.11.12.13 set service dns proxy cloaking name example.com destination teldat.com set service dns proxy cloaking name teldat.* destination teldat.com set service dns proxy cloaking name *.teldat.* destination teldat.com
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Step 3: Run command show host lookup example.com type A at DUT0 and check if output contains the following tokens:
example.com has address 10.11.12.13Show output
example.com has address 10.11.12.13
Step 4: Run command show host lookup teldat.es type A at DUT0 and check if output contains the following tokens:
teldat.es has address 10.11.12.13Show output
teldat.es has address 10.11.12.13
Step 5: Run command show host lookup teldat.fake type A at DUT0 and check if output contains the following tokens:
teldat.fake has address 10.11.12.13Show output
teldat.fake has address 10.11.12.13
Step 6: Run command show host lookup www.teldat.com type A at DUT0 and check if output contains the following tokens:
www.teldat.com has address 10.11.12.13Show output
www.teldat.com has address 10.11.12.13
Step 7: Run command show host lookup www.teldat.es type A at DUT0 and check if output contains the following tokens:
www.teldat.es has address 10.11.12.13Show output
www.teldat.es has address 10.11.12.13
Step 8: Run command show host lookup 1234.teldat.net type A at DUT0 and check if output contains the following tokens:
1234.teldat.net has address 10.11.12.13Show output
1234.teldat.net has address 10.11.12.13