Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:10:54 UTC, end at Thu 2024-01-25 00:11:00 UTC. -- Jan 25 00:10:54.366816 osdx systemd-journald[1486]: Runtime journal (/run/log/journal/6c43fcb6d98c40f095ee4a4601056b4b) is 4.0M, max 16.0M, 12.0M free. Jan 25 00:10:54.386415 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:10:54.950588 osdx osdx-coredump[29781]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:10:54.958454 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:10:55.827943 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:10:55.959381 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:10:55.976403 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 25 00:10:56.080251 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:10:56.247186 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:10:56.362601 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:10:56.416602 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:10:56.486240 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:10:56.682601 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 25 00:10:57.999559 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:10:58.128653 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 25 00:10:58.232153 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 25 00:10:58.353958 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 25 00:10:58.460970 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 25 00:10:58.587567 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Jan 25 00:10:58.673395 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jan 25 00:10:58.801210 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jan 25 00:10:58.887626 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:10:58.927039 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 25 00:10:59.046973 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 25 00:10:59.200005 osdx ca-certificates[29920]: Updating certificates in /etc/ssl/certs... Jan 25 00:10:59.770680 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:10:59.970717 osdx ca-certificates[30904]: 1 added, 0 removed; done. Jan 25 00:10:59.976595 osdx ca-certificates[30908]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:10:59.981991 osdx ca-certificates[30912]: done. Jan 25 00:11:00.120852 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:00.123800 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:00.132372 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:00.153217 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:00.153609 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Network connectivity detected Jan 25 00:11:00.154285 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Dropping privileges Jan 25 00:11:00.156725 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Network connectivity detected Jan 25 00:11:00.156890 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:00.156975 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:00.157068 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 25 00:11:00.157167 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Firefox workaround initialized Jan 25 00:11:00.157242 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5m12_c] Jan 25 00:11:00.195537 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:11:00.385185 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] [RD] OK (DoH) - rtt: 192ms Jan 25 00:11:00.385185 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] Server with the lowest initial latency: RD (rtt: 192ms) Jan 25 00:11:00.385185 osdx dnscrypt-proxy[30965]: [2024-01-25 00:11:00] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 25 00:11:00.402608 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:10:54 UTC, end at Thu 2024-01-25 00:11:03 UTC. -- Jan 25 00:10:54.364918 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/4d0b7da89f49460287018e38b087a15a) is 1.2M, max 9.7M, 8.5M free. Jan 25 00:10:54.378189 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:10:55.195621 osdx osdx-coredump[4221]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:10:55.203589 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:10:56.749290 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:10:56.875844 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 25 00:10:56.964710 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:10:57.077806 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service ssh'. Jan 25 00:10:57.222473 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:10:57.403879 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jan 25 00:10:57.421467 osdx sshd[4318]: Server listening on 0.0.0.0 port 22. Jan 25 00:10:57.421769 osdx sshd[4318]: Server listening on :: port 22. Jan 25 00:10:57.421923 osdx systemd[1]: Started OpenBSD Secure Shell server. Jan 25 00:10:57.440108 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:10:57.489863 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:10:57.520273 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:10:57.715307 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 25 00:11:00.803515 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:00.925030 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 25 00:11:01.013886 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 25 00:11:01.103969 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 25 00:11:01.219604 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jan 25 00:11:01.303222 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jan 25 00:11:01.427189 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jan 25 00:11:01.525102 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54'. Jan 25 00:11:01.771810 osdx ca-certificates[4381]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:02.706146 osdx ca-certificates[5368]: 1 added, 0 removed; done. Jan 25 00:11:02.714656 osdx ca-certificates[5375]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:02.720500 osdx ca-certificates[5378]: done. Jan 25 00:11:02.819269 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:02.821239 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:02.825918 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:02.857030 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:03.173558 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:03.227875 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:03.228379 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Network connectivity detected Jan 25 00:11:03.228926 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Dropping privileges Jan 25 00:11:03.232022 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Network connectivity detected Jan 25 00:11:03.232205 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:03.232314 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:03.232440 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Firefox workaround initialized Jan 25 00:11:03.232540 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpWCo91B] Jan 25 00:11:03.496187 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:03.788572 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:03.947483 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] [DUT0] OK (DoH) - rtt: 239ms Jan 25 00:11:03.947483 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 239ms) Jan 25 00:11:03.947483 osdx dnscrypt-proxy[5385]: [2024-01-25 00:11:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:12 UTC, end at Thu 2024-01-25 00:11:17 UTC. -- Jan 25 00:11:12.425655 osdx systemd-journald[1486]: Runtime journal (/run/log/journal/6c43fcb6d98c40f095ee4a4601056b4b) is 2.0M, max 16.0M, 14.0M free. Jan 25 00:11:12.443352 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:13.040822 osdx osdx-coredump[32615]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:13.051385 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:13.607859 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:11:13.901910 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:14.034773 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 25 00:11:14.121504 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:14.253307 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:14.350414 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:14.395872 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:14.438906 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:11:14.488781 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:11:14.582214 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 25 00:11:15.874867 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Jan 25 00:11:16.048406 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:16.150821 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 25 00:11:16.267167 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 25 00:11:16.366890 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jan 25 00:11:16.446858 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jan 25 00:11:16.563462 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jan 25 00:11:16.668203 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 25 00:11:16.758077 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 25 00:11:16.860330 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 25 00:11:16.986868 osdx ca-certificates[32756]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:17.601377 osdx ca-certificates[1306]: 1 added, 0 removed; done. Jan 25 00:11:17.607243 osdx ca-certificates[1310]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:17.612309 osdx ca-certificates[1314]: done. Jan 25 00:11:17.741104 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:17.744040 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:17.748601 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:17.772855 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:11:17.775486 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:17.775852 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Network connectivity detected Jan 25 00:11:17.776523 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Dropping privileges Jan 25 00:11:17.778853 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Network connectivity detected Jan 25 00:11:17.779010 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:17.779098 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:17.779190 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 25 00:11:17.779286 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Firefox workaround initialized Jan 25 00:11:17.779361 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpMZgDz4] Jan 25 00:11:17.930046 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] [RD] OK (DoH) - rtt: 119ms Jan 25 00:11:17.930197 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Jan 25 00:11:17.930277 osdx dnscrypt-proxy[1367]: [2024-01-25 00:11:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:12 UTC, end at Thu 2024-01-25 00:11:20 UTC. -- Jan 25 00:11:12.405010 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/4d0b7da89f49460287018e38b087a15a) is 1.2M, max 9.7M, 8.5M free. Jan 25 00:11:12.418220 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:13.245270 osdx osdx-coredump[7019]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:13.254586 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:14.603928 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:14.734719 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 25 00:11:14.825124 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:14.930156 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service ssh'. Jan 25 00:11:15.074016 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:15.242523 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jan 25 00:11:15.256404 osdx sshd[7116]: Server listening on 0.0.0.0 port 22. Jan 25 00:11:15.256708 osdx sshd[7116]: Server listening on :: port 22. Jan 25 00:11:15.256864 osdx systemd[1]: Started OpenBSD Secure Shell server. Jan 25 00:11:15.276074 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:15.336292 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:15.371933 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:15.561224 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 25 00:11:18.088935 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54'. Jan 25 00:11:18.261062 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:18.361590 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 25 00:11:18.473175 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 25 00:11:18.594460 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 25 00:11:18.697704 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jan 25 00:11:18.832499 osdx ca-certificates[7181]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:19.567293 osdx ca-certificates[8165]: 1 added, 0 removed; done. Jan 25 00:11:19.573877 osdx ca-certificates[8169]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:19.579941 osdx ca-certificates[8173]: done. Jan 25 00:11:19.668940 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:19.672846 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:19.683944 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:19.710214 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:19.710639 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Network connectivity detected Jan 25 00:11:19.711163 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Dropping privileges Jan 25 00:11:19.713428 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Network connectivity detected Jan 25 00:11:19.713576 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:19.713660 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:19.713751 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Firefox workaround initialized Jan 25 00:11:19.713829 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpVXQj6s] Jan 25 00:11:19.727408 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:19.974405 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:20.278581 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:20.393741 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:20] [NOTICE] [DUT0] OK (DoH) - rtt: 217ms Jan 25 00:11:20.393741 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 217ms) Jan 25 00:11:20.393741 osdx dnscrypt-proxy[8180]: [2024-01-25 00:11:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:28 UTC, end at Thu 2024-01-25 00:11:34 UTC. -- Jan 25 00:11:28.376100 osdx systemd-journald[1486]: Runtime journal (/run/log/journal/6c43fcb6d98c40f095ee4a4601056b4b) is 2.0M, max 16.0M, 14.0M free. Jan 25 00:11:28.396431 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:29.046147 osdx zebra[1048]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jan 25 00:11:29.154059 osdx osdx-coredump[3013]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:29.162294 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:30.232405 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:30.346936 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 25 00:11:30.493975 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:30.645854 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:30.760717 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:30.809680 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:30.879242 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:11:31.060626 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 25 00:11:32.442733 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 25 00:11:32.623099 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:32.734666 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 25 00:11:32.851493 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 25 00:11:32.966971 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jan 25 00:11:33.051528 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jan 25 00:11:33.174750 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jan 25 00:11:33.304715 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f'. Jan 25 00:11:33.396428 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 25 00:11:33.492146 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jan 25 00:11:33.580090 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jan 25 00:11:33.693505 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 25 00:11:33.840608 osdx ca-certificates[3155]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:34.464780 osdx ca-certificates[4139]: 1 added, 0 removed; done. Jan 25 00:11:34.470713 osdx ca-certificates[4143]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:34.475922 osdx ca-certificates[4147]: done. Jan 25 00:11:34.615230 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:34.618263 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:34.627190 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:34.647545 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:34.647932 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Network connectivity detected Jan 25 00:11:34.648590 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Dropping privileges Jan 25 00:11:34.650850 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Network connectivity detected Jan 25 00:11:34.650987 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:34.651069 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:34.651161 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 25 00:11:34.651254 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Firefox workaround initialized Jan 25 00:11:34.651328 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7WgLuX] Jan 25 00:11:34.653094 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 25 00:11:34.653209 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 25 00:11:34.653289 osdx dnscrypt-proxy[4200]: [2024-01-25 00:11:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 25 00:11:34.672804 osdx OSDxCLI[13176]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:28 UTC, end at Thu 2024-01-25 00:11:37 UTC. -- Jan 25 00:11:28.424646 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/4d0b7da89f49460287018e38b087a15a) is 1.2M, max 9.7M, 8.5M free. Jan 25 00:11:28.441283 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:29.483602 osdx osdx-coredump[9811]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:29.494987 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:31.146227 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:31.248739 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 25 00:11:31.360894 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:31.471790 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service ssh'. Jan 25 00:11:31.660876 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:31.814895 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jan 25 00:11:31.828322 osdx sshd[9908]: Server listening on 0.0.0.0 port 22. Jan 25 00:11:31.828624 osdx sshd[9908]: Server listening on :: port 22. Jan 25 00:11:31.828804 osdx systemd[1]: Started OpenBSD Secure Shell server. Jan 25 00:11:31.847119 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:31.890691 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:31.949056 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:32.156366 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 25 00:11:35.006162 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:35.132037 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 25 00:11:35.220514 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 25 00:11:35.331563 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 25 00:11:35.426627 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jan 25 00:11:35.519105 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jan 25 00:11:35.609821 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jan 25 00:11:35.750087 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54'. Jan 25 00:11:35.867590 osdx ca-certificates[9971]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:36.542531 osdx ca-certificates[10955]: 1 added, 0 removed; done. Jan 25 00:11:36.548153 osdx ca-certificates[10959]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:36.553341 osdx ca-certificates[10963]: done. Jan 25 00:11:36.638503 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:36.641232 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:36.645580 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:36.666642 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:36.667040 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Network connectivity detected Jan 25 00:11:36.667560 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Dropping privileges Jan 25 00:11:36.669717 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Network connectivity detected Jan 25 00:11:36.669848 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:36.669929 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:36.670021 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Firefox workaround initialized Jan 25 00:11:36.670096 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqwMlhF] Jan 25 00:11:36.688568 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:36.854474 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:37.129958 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:37.459639 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:37.479688 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:37] [NOTICE] [DUT0] OK (DoH) - rtt: 224ms Jan 25 00:11:37.479688 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:37] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 224ms) Jan 25 00:11:37.479688 osdx dnscrypt-proxy[10970]: [2024-01-25 00:11:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:46 UTC, end at Thu 2024-01-25 00:11:52 UTC. -- Jan 25 00:11:46.393098 osdx systemd-journald[1486]: Runtime journal (/run/log/journal/6c43fcb6d98c40f095ee4a4601056b4b) is 2.0M, max 16.0M, 14.0M free. Jan 25 00:11:46.411846 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:46.993778 osdx osdx-coredump[5843]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:47.001936 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:47.949065 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:48.075927 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 25 00:11:48.163965 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:48.343346 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:48.453322 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:48.504896 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:48.571744 osdx OSDxCLI[13176]: User 'admin' left the configuration menu. Jan 25 00:11:48.776623 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 25 00:11:50.042129 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 25 00:11:50.170645 osdx OSDxCLI[13176]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443'. Jan 25 00:11:50.387340 osdx OSDxCLI[13176]: User 'admin' entered the configuration menu. Jan 25 00:11:50.497660 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 25 00:11:50.617025 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 25 00:11:50.771301 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jan 25 00:11:50.850972 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 25 00:11:50.970987 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jan 25 00:11:51.101948 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jan 25 00:11:51.225287 osdx OSDxCLI[13176]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 25 00:11:51.390918 osdx ca-certificates[5986]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:52.106639 osdx ca-certificates[6970]: 1 added, 0 removed; done. Jan 25 00:11:52.114908 osdx ca-certificates[6974]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:52.120805 osdx ca-certificates[6978]: done. Jan 25 00:11:52.252927 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:52.255758 osdx cfgd[1112]: [13176]Completed change to active configuration Jan 25 00:11:52.264380 osdx OSDxCLI[13176]: User 'admin' committed the configuration. Jan 25 00:11:52.284700 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:52.285089 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Network connectivity detected Jan 25 00:11:52.285876 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Dropping privileges Jan 25 00:11:52.288285 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Network connectivity detected Jan 25 00:11:52.288448 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:52.288532 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:52.288625 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 25 00:11:52.288717 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Firefox workaround initialized Jan 25 00:11:52.288794 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaT10Wx] Jan 25 00:11:52.290476 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 25 00:11:52.290580 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 25 00:11:52.290666 osdx dnscrypt-proxy[7031]: [2024-01-25 00:11:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 25 00:11:52.299840 osdx OSDxCLI[13176]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Thu 2024-01-25 00:11:46 UTC, end at Thu 2024-01-25 00:11:54 UTC. -- Jan 25 00:11:46.350067 osdx systemd-journald[1366]: Runtime journal (/run/log/journal/4d0b7da89f49460287018e38b087a15a) is 1.2M, max 9.7M, 8.5M free. Jan 25 00:11:46.362632 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal clear'. Jan 25 00:11:47.232837 osdx osdx-coredump[12606]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 25 00:11:47.240652 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system coredump delete all'. Jan 25 00:11:48.794250 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:48.915625 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 25 00:11:49.030955 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 25 00:11:49.141267 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service ssh'. Jan 25 00:11:49.319759 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 25 00:11:49.481711 osdx systemd[1]: Starting OpenBSD Secure Shell server... Jan 25 00:11:49.496076 osdx sshd[12703]: Server listening on 0.0.0.0 port 22. Jan 25 00:11:49.496403 osdx sshd[12703]: Server listening on :: port 22. Jan 25 00:11:49.496574 osdx systemd[1]: Started OpenBSD Secure Shell server. Jan 25 00:11:49.515570 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:49.558728 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:49.591646 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:49.774562 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 25 00:11:52.605150 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash f08a0f565709ee0ee9c83b27e3f1c2ed69a12527b522ae6773ecd1deb175fc54'. Jan 25 00:11:52.810501 osdx OSDxCLI[1558]: User 'admin' entered the configuration menu. Jan 25 00:11:52.909754 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 25 00:11:53.003741 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 25 00:11:53.095830 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 25 00:11:53.192497 osdx OSDxCLI[1558]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg8IoPVlcJ7g7pyDsn4_HC7WmhJSe1Iq5nc-zR3rF1_FQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jan 25 00:11:53.333747 osdx ca-certificates[12765]: Updating certificates in /etc/ssl/certs... Jan 25 00:11:53.988813 osdx ca-certificates[13749]: 1 added, 0 removed; done. Jan 25 00:11:53.994908 osdx ca-certificates[13753]: Running hooks in /etc/ca-certificates/update.d... Jan 25 00:11:54.000527 osdx ca-certificates[13757]: done. Jan 25 00:11:54.080621 osdx systemd[1]: Started DNSCrypt client proxy. Jan 25 00:11:54.083313 osdx cfgd[996]: [1558]Completed change to active configuration Jan 25 00:11:54.087662 osdx OSDxCLI[1558]: User 'admin' committed the configuration. Jan 25 00:11:54.110890 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] dnscrypt-proxy 2.0.45 Jan 25 00:11:54.111262 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Network connectivity detected Jan 25 00:11:54.111829 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Dropping privileges Jan 25 00:11:54.114211 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Network connectivity detected Jan 25 00:11:54.114405 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 25 00:11:54.114486 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 25 00:11:54.114577 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Firefox workaround initialized Jan 25 00:11:54.114654 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpseA5Nw] Jan 25 00:11:54.129910 osdx OSDxCLI[1558]: User 'admin' left the configuration menu. Jan 25 00:11:54.332389 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:54.630500 osdx OSDxCLI[1558]: User 'admin' executed a new command: 'system journal show | cat'. Jan 25 00:11:54.793231 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] [DUT0] OK (DoH) - rtt: 214ms Jan 25 00:11:54.793231 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 214ms) Jan 25 00:11:54.793231 osdx dnscrypt-proxy[13764]: [2024-01-25 00:11:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13