List Server

Test suite to validate domain/IP blocking and whitelisting

Server Blocklist Domain

Description

Performs a lookup over a domain that has been blocked.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac
set service dns proxy blocklist name domain 'example.org'
set service dns proxy blocklist name domain 'teldat.com'
set service dns proxy blocklist name domain '*sex*'
set service dns proxy blocklist ip address 10.215.168.42
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns static host-name teldat.com inet 10.11.12.13

Step 2: Set the following configuration in DUT1:

set service dns static host-name dns.dut0 inet 10.215.168.64
set system certificate trust running://CA.crt
set service dns proxy server-name DUT0
set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0
set service dns proxy static DUT0 protocol dns-over-https host port 3000
set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64
set service dns proxy static DUT0 protocol dns-over-https hash 6d9805f82318d5463b0c4085d9fdbff9ba3d881cc0179d164b9a3ed195e81697

Step 3: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

This query has been locally blocked

Show output

teldat.com host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 4: Run command show host lookup sex.example.page type A at DUT1 and check if output contains the following tokens:

This query has been locally blocked

Show output

sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 5: Run command show host lookup blocked-ip.net type A at DUT1 and check if output contains the following tokens:

This query has been locally blocked

Show output

blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"

---

Server Whitelist Domain

Description

Performs a lookup over a domain that has been whitelisted.

Scenario

Step 1: Set the following configuration in DUT0:

set system certificate trust running://remote.dns-server.crt
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac
set service dns proxy blocklist name domain 'example.org'
set service dns proxy blocklist name domain 'teldat.com'
set service dns proxy blocklist name domain '*sex*'
set service dns proxy blocklist ip address 10.215.168.42
set service dns proxy whitelist name domain 'teldat.com'
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns static host-name teldat.com inet 10.11.12.13

Step 2: Set the following configuration in DUT1:

set service dns static host-name dns.dut0 inet 10.215.168.64
set system certificate trust running://CA.crt
set service dns proxy server-name DUT0
set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0
set service dns proxy static DUT0 protocol dns-over-https host port 3000
set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64
set service dns proxy static DUT0 protocol dns-over-https hash 6d9805f82318d5463b0c4085d9fdbff9ba3d881cc0179d164b9a3ed195e81697

Step 3: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

teldat.com has address 10.11.12.13

Show output

teldat.com has address 10.11.12.13

Step 4: Run command show host lookup sex.example.page type A at DUT1 and check if output contains the following tokens:

This query has been locally blocked

Show output

sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"

Step 5: Run command show host lookup blocked-ip.net type A at DUT1 and check if output contains the following tokens:

This query has been locally blocked

Show output

blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"

---