Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:00 UTC, end at Wed 2023-12-13 00:59:06 UTC. -- Dec 13 00:59:00.380492 osdx systemd-journald[1450]: Runtime journal (/run/log/journal/fa37e9b1f0b54640986d40edb905b319) is 2.0M, max 16.0M, 14.0M free. Dec 13 00:59:00.397575 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:01.158078 osdx osdx-coredump[12885]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:01.168880 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:02.069944 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:02.213438 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 13 00:59:02.335583 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:02.497018 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:02.600972 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:02.643414 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:02.679885 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:02.854609 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 13 00:59:04.230938 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:04.329878 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 13 00:59:04.484406 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 13 00:59:04.581304 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 13 00:59:04.673407 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 13 00:59:04.770198 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Dec 13 00:59:04.859108 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 13 00:59:04.950946 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 13 00:59:05.040032 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 13 00:59:05.135525 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 13 00:59:05.272630 osdx ca-certificates[13029]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:05.570775 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:05.573530 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:05.575786 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:05.577637 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:05.587477 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:06.006369 osdx ca-certificates[14016]: 1 added, 0 removed; done. Dec 13 00:59:06.013591 osdx ca-certificates[14020]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:06.018498 osdx ca-certificates[14024]: done. Dec 13 00:59:06.174919 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:06.178938 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:06.189111 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:06.220636 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:06.221065 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Network connectivity detected Dec 13 00:59:06.221714 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Dropping privileges Dec 13 00:59:06.226977 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:06.227988 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Network connectivity detected Dec 13 00:59:06.228208 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:06.228300 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:06.228447 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 13 00:59:06.228447 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Firefox workaround initialized Dec 13 00:59:06.228447 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaTfmj1] Dec 13 00:59:06.401016 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] [RD] OK (DoH) - rtt: 121ms Dec 13 00:59:06.401016 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] Server with the lowest initial latency: RD (rtt: 121ms) Dec 13 00:59:06.401016 osdx dnscrypt-proxy[14077]: [2023-12-13 00:59:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:00 UTC, end at Wed 2023-12-13 00:59:10 UTC. -- Dec 13 00:59:00.396741 osdx systemd-journald[1327]: Runtime journal (/run/log/journal/8bc264c4220f423fbae87c3191371490) is 1.2M, max 9.7M, 8.5M free. Dec 13 00:59:00.414658 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:01.428630 osdx osdx-coredump[31205]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:01.437263 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:02.899389 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:03.038804 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 13 00:59:03.160409 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:03.262448 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service ssh'. Dec 13 00:59:03.431858 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:03.600526 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 13 00:59:03.614693 osdx sshd[31302]: Server listening on 0.0.0.0 port 22. Dec 13 00:59:03.615046 osdx sshd[31302]: Server listening on :: port 22. Dec 13 00:59:03.615218 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 13 00:59:03.634067 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:03.680322 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:03.720330 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:03.916669 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 13 00:59:06.549289 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:06.663173 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 13 00:59:06.803088 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 13 00:59:06.952953 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 13 00:59:07.146820 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 13 00:59:07.265226 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 13 00:59:07.389706 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 13 00:59:07.575536 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90'. Dec 13 00:59:07.762214 osdx ca-certificates[31365]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:08.528695 osdx ca-certificates[32347]: 1 added, 0 removed; done. Dec 13 00:59:08.535149 osdx ca-certificates[32353]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:08.541430 osdx ca-certificates[32357]: done. Dec 13 00:59:08.676130 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:08.678076 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:08.682897 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:08.730903 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:09.013095 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:09.051937 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:09.052356 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Network connectivity detected Dec 13 00:59:09.052765 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Dropping privileges Dec 13 00:59:09.055012 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Network connectivity detected Dec 13 00:59:09.055222 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:09.055304 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:09.055395 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Firefox workaround initialized Dec 13 00:59:09.055468 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:09] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6rw8ZB] Dec 13 00:59:09.261451 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:09.567940 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:09.849848 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:10.107741 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:10.368335 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:10.400470 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:10] [NOTICE] [DUT0] OK (DoH) - rtt: 724ms Dec 13 00:59:10.400470 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:10] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 724ms) Dec 13 00:59:10.400470 osdx dnscrypt-proxy[32364]: [2023-12-13 00:59:10] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:19 UTC, end at Wed 2023-12-13 00:59:26 UTC. -- Dec 13 00:59:19.403048 osdx systemd-journald[1450]: Runtime journal (/run/log/journal/fa37e9b1f0b54640986d40edb905b319) is 2.0M, max 16.0M, 14.0M free. Dec 13 00:59:19.417871 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:20.079799 osdx osdx-coredump[15718]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:20.088455 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:20.656293 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:20.659067 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:20.661368 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:20.663156 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:20.672982 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:21.100766 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:21.205095 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 13 00:59:21.341210 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:21.494570 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:21.630394 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:21.701084 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:21.735221 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:21.968666 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:21.976416 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 13 00:59:23.504434 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Dec 13 00:59:23.668207 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:23.775032 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 13 00:59:23.881610 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 13 00:59:24.005958 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Dec 13 00:59:24.099804 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 13 00:59:24.206954 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 13 00:59:24.328987 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 13 00:59:24.431839 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 13 00:59:24.560172 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 13 00:59:24.720779 osdx ca-certificates[15858]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:25.491721 osdx ca-certificates[16842]: 1 added, 0 removed; done. Dec 13 00:59:25.500294 osdx ca-certificates[16846]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:25.507799 osdx ca-certificates[16850]: done. Dec 13 00:59:25.650483 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:25.706014 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:25.709279 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:25.718290 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:25.748461 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:25.748845 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Network connectivity detected Dec 13 00:59:25.749462 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Dropping privileges Dec 13 00:59:25.751909 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Network connectivity detected Dec 13 00:59:25.752076 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:25.752161 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:25.752256 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 13 00:59:25.752349 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Firefox workaround initialized Dec 13 00:59:25.752423 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8XdAFm] Dec 13 00:59:25.763469 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:25.981680 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:26.002576 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:26] [NOTICE] [RD] OK (DoH) - rtt: 209ms Dec 13 00:59:26.002576 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 209ms) Dec 13 00:59:26.002576 osdx dnscrypt-proxy[16903]: [2023-12-13 00:59:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:19 UTC, end at Wed 2023-12-13 00:59:28 UTC. -- Dec 13 00:59:19.413538 osdx systemd-journald[1327]: Runtime journal (/run/log/journal/8bc264c4220f423fbae87c3191371490) is 1.2M, max 9.7M, 8.5M free. Dec 13 00:59:19.431149 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:20.369923 osdx osdx-coredump[1590]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:20.379899 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:22.097121 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:22.250741 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 13 00:59:22.367039 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:22.484744 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service ssh'. Dec 13 00:59:22.677794 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:22.859203 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 13 00:59:22.872969 osdx sshd[1687]: Server listening on 0.0.0.0 port 22. Dec 13 00:59:22.873308 osdx sshd[1687]: Server listening on :: port 22. Dec 13 00:59:22.873536 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 13 00:59:22.893348 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:22.946752 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:22.992127 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:23.198955 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 13 00:59:26.399058 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90'. Dec 13 00:59:26.595512 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:26.728435 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 13 00:59:26.847111 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 13 00:59:26.974875 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 13 00:59:27.117209 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 13 00:59:27.285240 osdx ca-certificates[1750]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:27.933366 osdx ca-certificates[2734]: 1 added, 0 removed; done. Dec 13 00:59:27.939241 osdx ca-certificates[2738]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:27.944600 osdx ca-certificates[2742]: done. Dec 13 00:59:28.021521 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:28.024328 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:28.028898 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:28.051886 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:28.052266 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Network connectivity detected Dec 13 00:59:28.052872 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Dropping privileges Dec 13 00:59:28.054963 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Network connectivity detected Dec 13 00:59:28.055093 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:28.055174 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:28.055262 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Firefox workaround initialized Dec 13 00:59:28.055334 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbbTs5g] Dec 13 00:59:28.072111 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:28.328346 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:28.597976 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:28.658058 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] [DUT0] OK (DoH) - rtt: 176ms Dec 13 00:59:28.658058 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 176ms) Dec 13 00:59:28.658058 osdx dnscrypt-proxy[2749]: [2023-12-13 00:59:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:38 UTC, end at Wed 2023-12-13 00:59:45 UTC. -- Dec 13 00:59:38.483450 osdx systemd-journald[1450]: Runtime journal (/run/log/journal/fa37e9b1f0b54640986d40edb905b319) is 2.0M, max 16.0M, 14.0M free. Dec 13 00:59:38.498315 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:39.157059 osdx osdx-coredump[18548]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:39.167762 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:40.117651 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:40.257094 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 13 00:59:40.377049 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:40.547876 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:40.658884 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:40.710131 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:40.758955 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:40.940243 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 13 00:59:41.296097 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:42.391199 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 13 00:59:42.608109 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:42.757225 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 13 00:59:42.876827 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 13 00:59:42.989122 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 13 00:59:43.147135 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 13 00:59:43.253390 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 13 00:59:43.360423 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f'. Dec 13 00:59:43.468771 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 13 00:59:43.573516 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 13 00:59:43.687044 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 13 00:59:43.797099 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 13 00:59:43.961651 osdx ca-certificates[18690]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:44.779243 osdx ca-certificates[19674]: 1 added, 0 removed; done. Dec 13 00:59:44.785869 osdx ca-certificates[19678]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:44.791738 osdx ca-certificates[19682]: done. Dec 13 00:59:44.954079 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:44.957161 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:44.965404 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:44.985554 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:44.986508 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Network connectivity detected Dec 13 00:59:44.986508 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Dropping privileges Dec 13 00:59:44.989017 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Network connectivity detected Dec 13 00:59:44.989198 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:44.989283 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:44.989389 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 13 00:59:44.989489 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Firefox workaround initialized Dec 13 00:59:44.989565 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpSfB3zL] Dec 13 00:59:44.991209 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 13 00:59:44.991339 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 13 00:59:44.991423 osdx dnscrypt-proxy[19735]: [2023-12-13 00:59:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 13 00:59:45.015254 osdx OSDxCLI[28897]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:38 UTC, end at Wed 2023-12-13 00:59:47 UTC. -- Dec 13 00:59:38.415083 osdx systemd-journald[1327]: Runtime journal (/run/log/journal/8bc264c4220f423fbae87c3191371490) is 1.2M, max 9.7M, 8.5M free. Dec 13 00:59:38.432269 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:39.399396 osdx osdx-coredump[4380]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:39.407144 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:41.024885 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:41.124101 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 13 00:59:41.283038 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:41.384401 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service ssh'. Dec 13 00:59:41.554557 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:41.743149 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 13 00:59:41.763526 osdx sshd[4477]: Server listening on 0.0.0.0 port 22. Dec 13 00:59:41.763958 osdx sshd[4477]: Server listening on :: port 22. Dec 13 00:59:41.764216 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 13 00:59:41.790248 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:41.860188 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:41.909454 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:42.087955 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 13 00:59:45.234748 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:45.352333 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 13 00:59:45.457788 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 13 00:59:45.609320 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 13 00:59:45.747262 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 13 00:59:45.871182 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 13 00:59:45.992219 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 13 00:59:46.123293 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90'. Dec 13 00:59:46.260668 osdx ca-certificates[4540]: Updating certificates in /etc/ssl/certs... Dec 13 00:59:46.934769 osdx ca-certificates[5524]: 1 added, 0 removed; done. Dec 13 00:59:46.940408 osdx ca-certificates[5528]: Running hooks in /etc/ca-certificates/update.d... Dec 13 00:59:46.945491 osdx ca-certificates[5532]: done. Dec 13 00:59:47.031853 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 00:59:47.034625 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:47.038975 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:47.060869 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 00:59:47.061282 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Network connectivity detected Dec 13 00:59:47.061948 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Dropping privileges Dec 13 00:59:47.064590 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Network connectivity detected Dec 13 00:59:47.064797 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 00:59:47.064944 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 00:59:47.065077 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Firefox workaround initialized Dec 13 00:59:47.065153 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_yDpUQ] Dec 13 00:59:47.089226 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:47.338530 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:47.615550 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 00:59:47.767964 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] [DUT0] OK (DoH) - rtt: 219ms Dec 13 00:59:47.767964 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 219ms) Dec 13 00:59:47.767964 osdx dnscrypt-proxy[5539]: [2023-12-13 00:59:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:55 UTC, end at Wed 2023-12-13 01:00:01 UTC. -- Dec 13 00:59:55.405794 osdx systemd-journald[1450]: Runtime journal (/run/log/journal/fa37e9b1f0b54640986d40edb905b319) is 2.0M, max 16.0M, 14.0M free. Dec 13 00:59:55.419597 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:55.540309 osdx zebra[1040]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 13 00:59:56.014445 osdx osdx-coredump[21376]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:56.022929 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:57.147868 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:57.266370 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 13 00:59:57.383426 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:57.547839 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:57.648536 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 00:59:57.691547 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 00:59:57.740500 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 00:59:57.921024 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 13 00:59:59.295114 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 13 00:59:59.453405 osdx OSDxCLI[28897]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443'. Dec 13 00:59:59.631553 osdx OSDxCLI[28897]: User 'admin' entered the configuration menu. Dec 13 00:59:59.750200 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 13 00:59:59.868556 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 13 00:59:59.985732 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Dec 13 01:00:00.096924 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 13 01:00:00.207884 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 13 01:00:00.328411 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 13 01:00:00.433043 osdx OSDxCLI[28897]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 13 01:00:00.587501 osdx ca-certificates[21517]: Updating certificates in /etc/ssl/certs... Dec 13 01:00:01.325652 osdx ca-certificates[22508]: 1 added, 0 removed; done. Dec 13 01:00:01.332304 osdx ca-certificates[22512]: Running hooks in /etc/ca-certificates/update.d... Dec 13 01:00:01.338190 osdx ca-certificates[22516]: done. Dec 13 01:00:01.485292 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 01:00:01.488974 osdx cfgd[1102]: [28897]Completed change to active configuration Dec 13 01:00:01.498564 osdx OSDxCLI[28897]: User 'admin' committed the configuration. Dec 13 01:00:01.526753 osdx OSDxCLI[28897]: User 'admin' left the configuration menu. Dec 13 01:00:01.533953 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 01:00:01.534336 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Network connectivity detected Dec 13 01:00:01.534952 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Dropping privileges Dec 13 01:00:01.537356 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Network connectivity detected Dec 13 01:00:01.537543 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 01:00:01.537644 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 01:00:01.537741 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 13 01:00:01.537831 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Firefox workaround initialized Dec 13 01:00:01.537904 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwH2GQO] Dec 13 01:00:01.539446 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 13 01:00:01.539565 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 13 01:00:01.539650 osdx dnscrypt-proxy[22569]: [2023-12-13 01:00:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Wed 2023-12-13 00:59:55 UTC, end at Wed 2023-12-13 01:00:04 UTC. -- Dec 13 00:59:55.373458 osdx systemd-journald[1327]: Runtime journal (/run/log/journal/8bc264c4220f423fbae87c3191371490) is 1.2M, max 9.7M, 8.5M free. Dec 13 00:59:55.386747 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal clear'. Dec 13 00:59:56.273228 osdx osdx-coredump[7170]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 13 00:59:56.281718 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system coredump delete all'. Dec 13 00:59:57.995002 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 00:59:58.128239 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 13 00:59:58.258622 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 13 00:59:58.372767 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service ssh'. Dec 13 00:59:58.538887 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 13 00:59:58.693468 osdx systemd[1]: Starting OpenBSD Secure Shell server... Dec 13 00:59:58.707351 osdx sshd[7267]: Server listening on 0.0.0.0 port 22. Dec 13 00:59:58.707663 osdx sshd[7267]: Server listening on :: port 22. Dec 13 00:59:58.707822 osdx systemd[1]: Started OpenBSD Secure Shell server. Dec 13 00:59:58.726392 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 00:59:58.769487 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 00:59:58.820349 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 00:59:58.993930 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 13 01:00:01.840986 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 44721993cf472ea85f61b39a2abc38358381fefe2705f56822c8126019ae9f90'. Dec 13 01:00:02.041008 osdx OSDxCLI[1421]: User 'admin' entered the configuration menu. Dec 13 01:00:02.177213 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 13 01:00:02.297861 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 13 01:00:02.418747 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 13 01:00:02.521670 osdx OSDxCLI[1421]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgRHIZk89HLqhfYbOaKrw4NYOB_v4nBfVoIsgSYBmun5ANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 13 01:00:02.645143 osdx ca-certificates[7336]: Updating certificates in /etc/ssl/certs... Dec 13 01:00:03.267519 osdx ca-certificates[8320]: 1 added, 0 removed; done. Dec 13 01:00:03.273405 osdx ca-certificates[8324]: Running hooks in /etc/ca-certificates/update.d... Dec 13 01:00:03.279740 osdx ca-certificates[8328]: done. Dec 13 01:00:03.378470 osdx systemd[1]: Started DNSCrypt client proxy. Dec 13 01:00:03.380946 osdx cfgd[985]: [1421]Completed change to active configuration Dec 13 01:00:03.388186 osdx OSDxCLI[1421]: User 'admin' committed the configuration. Dec 13 01:00:03.416177 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] dnscrypt-proxy 2.0.45 Dec 13 01:00:03.416655 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Network connectivity detected Dec 13 01:00:03.417343 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Dropping privileges Dec 13 01:00:03.420445 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Network connectivity detected Dec 13 01:00:03.420659 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 13 01:00:03.420783 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 13 01:00:03.420925 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Firefox workaround initialized Dec 13 01:00:03.421043 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkSmPKK] Dec 13 01:00:03.428088 osdx OSDxCLI[1421]: User 'admin' left the configuration menu. Dec 13 01:00:03.672568 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 01:00:03.941429 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 01:00:04.238298 osdx OSDxCLI[1421]: User 'admin' executed a new command: 'system journal show | cat'. Dec 13 01:00:04.256476 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:04] [NOTICE] [DUT0] OK (DoH) - rtt: 346ms Dec 13 01:00:04.256476 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:04] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 346ms) Dec 13 01:00:04.256476 osdx dnscrypt-proxy[8335]: [2023-12-13 01:00:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13