Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:13 UTC, end at Tue 2024-02-13 15:04:19 UTC. -- Feb 13 15:04:13.488620 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 15:04:13.507485 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:14.184449 osdx osdx-coredump[534]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:14.192491 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:15.235355 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:15.366845 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 15:04:15.514444 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:15.665928 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:15.777890 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:15.835634 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:15.898803 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:04:16.074069 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 15:04:17.358668 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:17.519083 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 15:04:17.656199 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 15:04:17.779273 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 15:04:17.936966 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 15:04:18.084569 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 15:04:18.226009 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 13 15:04:18.387592 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 13 15:04:18.541321 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 13 15:04:18.699343 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 13 15:04:18.866451 osdx ca-certificates[674]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:19.601323 osdx ca-certificates[1691]: 1 added, 0 removed; done. Feb 13 15:04:19.607419 osdx ca-certificates[1696]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:19.613234 osdx ca-certificates[1700]: done. Feb 13 15:04:19.784250 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:19.787207 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:19.791914 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:19.822954 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:19.823476 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Network connectivity detected Feb 13 15:04:19.824241 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Dropping privileges Feb 13 15:04:19.827745 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Network connectivity detected Feb 13 15:04:19.827976 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:19.828098 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:19.828224 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 13 15:04:19.828352 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Firefox workaround initialized Feb 13 15:04:19.828453 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnEAV12] Feb 13 15:04:19.838077 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:04:19.978678 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] [RD] OK (DoH) - rtt: 113ms Feb 13 15:04:19.978886 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 113ms) Feb 13 15:04:19.979013 osdx dnscrypt-proxy[1753]: [2024-02-13 15:04:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:14 UTC, end at Tue 2024-02-13 15:04:23 UTC. -- Feb 13 15:04:14.494330 osdx systemd-journald[1572]: Runtime journal (/run/log/journal/7f7d8271ef4745a88013dff99dde6bbe) is 1.2M, max 9.7M, 8.5M free. Feb 13 15:04:14.514605 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:15.473225 osdx osdx-coredump[763]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:15.481006 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:17.074885 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:17.196325 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 13 15:04:17.283419 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:17.363926 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Feb 13 15:04:17.546681 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:17.713896 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 13 15:04:17.727438 osdx sshd[865]: Server listening on 0.0.0.0 port 22. Feb 13 15:04:17.727708 osdx sshd[865]: Server listening on :: port 22. Feb 13 15:04:17.727861 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 13 15:04:17.746799 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:17.790026 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:17.816946 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:17.994311 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 13 15:04:21.152989 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:21.262020 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 13 15:04:21.346671 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 13 15:04:21.461510 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 13 15:04:21.576864 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 13 15:04:21.674271 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 13 15:04:21.768431 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 13 15:04:21.882119 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be'. Feb 13 15:04:22.023043 osdx ca-certificates[928]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:22.729546 osdx ca-certificates[1940]: 1 added, 0 removed; done. Feb 13 15:04:22.735566 osdx ca-certificates[1944]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:22.740743 osdx ca-certificates[1948]: done. Feb 13 15:04:22.828646 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:22.832703 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:22.844379 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:22.872770 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:22.873257 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Network connectivity detected Feb 13 15:04:22.873958 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Dropping privileges Feb 13 15:04:22.877262 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Network connectivity detected Feb 13 15:04:22.877463 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:22.877571 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:22.877700 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Firefox workaround initialized Feb 13 15:04:22.877799 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5GEKe0] Feb 13 15:04:22.889485 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:23.102298 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:23] [NOTICE] [DUT0] OK (DoH) - rtt: 113ms Feb 13 15:04:23.102298 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:23] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 113ms) Feb 13 15:04:23.102298 osdx dnscrypt-proxy[1955]: [2024-02-13 15:04:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 13 15:04:23.113840 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:30 UTC, end at Tue 2024-02-13 15:04:36 UTC. -- Feb 13 15:04:30.338724 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 15:04:30.353652 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:30.922641 osdx osdx-coredump[3394]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:30.932359 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:31.873706 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:32.000551 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 15:04:32.129446 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:32.259658 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:32.372934 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:32.422260 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:32.462652 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:04:32.705766 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 15:04:33.958968 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 15:04:34.130092 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:34.228352 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 15:04:34.328485 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 15:04:34.453586 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBWPE8Cxexus9AqH_ex4so4iERk5efiJ7oIfuZSTub7rApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Feb 13 15:04:34.561308 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 13 15:04:34.663354 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 13 15:04:34.778700 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 13 15:04:34.877000 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 13 15:04:35.024491 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 13 15:04:35.200485 osdx ca-certificates[3534]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:36.032732 osdx ca-certificates[4523]: 1 added, 0 removed; done. Feb 13 15:04:36.038910 osdx ca-certificates[4527]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:36.044495 osdx ca-certificates[4531]: done. Feb 13 15:04:36.211809 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:36.216069 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:36.225929 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:36.258317 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:36.258877 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Network connectivity detected Feb 13 15:04:36.259741 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Dropping privileges Feb 13 15:04:36.263531 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Network connectivity detected Feb 13 15:04:36.263811 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:36.263936 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:36.264072 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 13 15:04:36.264206 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Firefox workaround initialized Feb 13 15:04:36.264316 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpLcZFuz] Feb 13 15:04:36.271148 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:04:36.458341 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal show | cat'. Feb 13 15:04:36.476699 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] [RD] OK (DoH) - rtt: 118ms Feb 13 15:04:36.476699 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) Feb 13 15:04:36.476699 osdx dnscrypt-proxy[4584]: [2024-02-13 15:04:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:31 UTC, end at Tue 2024-02-13 15:04:39 UTC. -- Feb 13 15:04:31.322262 osdx systemd-journald[1572]: Runtime journal (/run/log/journal/7f7d8271ef4745a88013dff99dde6bbe) is 1.2M, max 9.7M, 8.5M free. Feb 13 15:04:31.335173 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:32.210685 osdx osdx-coredump[3582]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:32.221570 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:33.806330 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:33.927374 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 13 15:04:34.020412 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:34.100598 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Feb 13 15:04:34.241704 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:34.409022 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 13 15:04:34.424892 osdx sshd[3679]: Server listening on 0.0.0.0 port 22. Feb 13 15:04:34.425308 osdx sshd[3679]: Server listening on :: port 22. Feb 13 15:04:34.425649 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 13 15:04:34.446655 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:34.491693 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:34.520607 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:34.693509 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 13 15:04:37.920655 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be'. Feb 13 15:04:38.147710 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:38.273271 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 13 15:04:38.392468 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 13 15:04:38.517265 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 13 15:04:38.625767 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Feb 13 15:04:38.750209 osdx ca-certificates[3742]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:39.573011 osdx ca-certificates[4726]: 1 added, 0 removed; done. Feb 13 15:04:39.582419 osdx ca-certificates[4731]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:39.589638 osdx ca-certificates[4734]: done. Feb 13 15:04:39.694127 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:39.697138 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:39.701604 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:39.732851 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:39.733985 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Network connectivity detected Feb 13 15:04:39.733985 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Dropping privileges Feb 13 15:04:39.737171 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Network connectivity detected Feb 13 15:04:39.737393 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:39.737507 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:39.737631 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Firefox workaround initialized Feb 13 15:04:39.737739 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnHgaYx] Feb 13 15:04:39.772927 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:39.957184 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Feb 13 15:04:39.957184 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Feb 13 15:04:39.957184 osdx dnscrypt-proxy[4741]: [2024-02-13 15:04:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 13 15:04:39.988101 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:49 UTC, end at Tue 2024-02-13 15:04:55 UTC. -- Feb 13 15:04:49.463902 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 15:04:49.478646 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:50.174281 osdx osdx-coredump[6229]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:50.184994 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:51.100578 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:51.226104 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 15:04:51.327418 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:51.491989 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:51.594197 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:51.637374 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:51.680412 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:04:51.865011 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 15:04:53.258212 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 13 15:04:53.473141 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:04:53.649795 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 15:04:53.804223 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 15:04:53.969954 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 13 15:04:54.090638 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 13 15:04:54.215947 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 13 15:04:54.339594 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f'. Feb 13 15:04:54.441489 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 13 15:04:54.567635 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 13 15:04:54.682978 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 13 15:04:54.823496 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 13 15:04:54.979727 osdx ca-certificates[6371]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:55.741700 osdx ca-certificates[7357]: 1 added, 0 removed; done. Feb 13 15:04:55.748030 osdx ca-certificates[7361]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:55.753510 osdx ca-certificates[7365]: done. Feb 13 15:04:55.913284 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:55.917506 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:04:55.926028 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:04:55.945971 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:55.946391 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Network connectivity detected Feb 13 15:04:55.946979 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Dropping privileges Feb 13 15:04:55.949392 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Network connectivity detected Feb 13 15:04:55.949541 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:55.949624 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:55.949721 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 13 15:04:55.949811 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Firefox workaround initialized Feb 13 15:04:55.949885 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8K5bDb] Feb 13 15:04:55.951647 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 13 15:04:55.951750 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 13 15:04:55.951856 osdx dnscrypt-proxy[7418]: [2024-02-13 15:04:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 13 15:04:55.979331 osdx OSDxCLI[22889]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns proxy static DUT0 protocol dns-over-https hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:04:49 UTC, end at Tue 2024-02-13 15:04:58 UTC. -- Feb 13 15:04:49.462337 osdx systemd-journald[1572]: Runtime journal (/run/log/journal/7f7d8271ef4745a88013dff99dde6bbe) is 1.2M, max 9.7M, 8.5M free. Feb 13 15:04:49.481940 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:04:50.425169 osdx osdx-coredump[6366]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:04:50.433652 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:04:51.917824 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:52.015597 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 13 15:04:52.130661 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:04:52.255943 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Feb 13 15:04:52.441321 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:04:52.632958 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 13 15:04:52.653214 osdx sshd[6465]: Server listening on 0.0.0.0 port 22. Feb 13 15:04:52.653701 osdx sshd[6465]: Server listening on :: port 22. Feb 13 15:04:52.653888 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 13 15:04:52.674557 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:52.741180 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:52.786167 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:52.967472 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 13 15:04:56.242883 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:04:56.363876 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 13 15:04:56.449533 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 13 15:04:56.547354 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 13 15:04:56.647923 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 13 15:04:56.770344 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 13 15:04:56.939413 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 13 15:04:57.089225 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be'. Feb 13 15:04:57.233143 osdx ca-certificates[6528]: Updating certificates in /etc/ssl/certs... Feb 13 15:04:57.970313 osdx ca-certificates[7512]: 1 added, 0 removed; done. Feb 13 15:04:57.977727 osdx ca-certificates[7517]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:04:57.983042 osdx ca-certificates[7520]: done. Feb 13 15:04:58.097451 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:04:58.100228 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:04:58.104980 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:04:58.134615 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:04:58.135339 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:04:58.135660 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Network connectivity detected Feb 13 15:04:58.136251 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Dropping privileges Feb 13 15:04:58.138491 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Network connectivity detected Feb 13 15:04:58.138635 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:04:58.138722 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:04:58.138813 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Firefox workaround initialized Feb 13 15:04:58.138892 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptU7KA8] Feb 13 15:04:58.330487 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Feb 13 15:04:58.336618 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] [DUT0] OK (DoH) - rtt: 129ms Feb 13 15:04:58.336618 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 129ms) Feb 13 15:04:58.336618 osdx dnscrypt-proxy[7527]: [2024-02-13 15:04:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:05:06 UTC, end at Tue 2024-02-13 15:05:13 UTC. -- Feb 13 15:05:06.424195 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 15:05:06.441064 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:05:07.059366 osdx osdx-coredump[9063]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:05:07.067322 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:05:08.190187 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:05:08.301342 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 15:05:08.440096 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:05:08.665734 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:05:08.786685 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:05:08.850618 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:05:08.887992 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 15:05:09.114892 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 15:05:10.604758 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 13 15:05:10.760856 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 7b:34:34:cb:90:56:e5:68:1f:49:25:5f:bc:5e:ef:fa:27:91:15:94:3b:cf:1b:58:ff:17:de:b1:e3:4c:da:8f ip 10.215.168.1 port 8443'. Feb 13 15:05:10.938729 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 15:05:11.067824 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 15:05:11.172562 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 15:05:11.298954 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIHs0NMuQVuVoH0klX7xe7_onkRWUO88bWP8X3rHjTNqPGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Feb 13 15:05:11.373147 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 13 15:05:11.493948 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Feb 13 15:05:11.610536 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Feb 13 15:05:11.714458 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 13 15:05:11.934550 osdx ca-certificates[9204]: Updating certificates in /etc/ssl/certs... Feb 13 15:05:12.841880 osdx ca-certificates[10188]: 1 added, 0 removed; done. Feb 13 15:05:12.847937 osdx ca-certificates[10192]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:05:12.853530 osdx ca-certificates[10196]: done. Feb 13 15:05:12.992722 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:05:12.997348 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 15:05:13.007961 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 15:05:13.038357 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:05:13.038901 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Network connectivity detected Feb 13 15:05:13.039499 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Dropping privileges Feb 13 15:05:13.041987 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Network connectivity detected Feb 13 15:05:13.042163 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:05:13.042249 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:05:13.042342 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 13 15:05:13.042434 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Firefox workaround initialized Feb 13 15:05:13.042515 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpD4Dttf] Feb 13 15:05:13.044339 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 13 15:05:13.044471 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 13 15:05:13.044560 osdx dnscrypt-proxy[10249]: [2024-02-13 15:05:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 13 15:05:13.047998 osdx OSDxCLI[22889]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.64 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
-- Logs begin at Tue 2024-02-13 15:05:07 UTC, end at Tue 2024-02-13 15:05:16 UTC. -- Feb 13 15:05:07.391692 osdx systemd-journald[1572]: Runtime journal (/run/log/journal/7f7d8271ef4745a88013dff99dde6bbe) is 1.2M, max 9.7M, 8.5M free. Feb 13 15:05:07.408036 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Feb 13 15:05:08.362667 osdx osdx-coredump[9158]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 15:05:08.372587 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 15:05:10.194226 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:05:10.338465 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 13 15:05:10.456480 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 15:05:10.575500 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Feb 13 15:05:10.763965 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 15:05:10.953696 osdx systemd[1]: Starting OpenBSD Secure Shell server... Feb 13 15:05:10.973319 osdx sshd[9255]: Server listening on 0.0.0.0 port 22. Feb 13 15:05:10.973708 osdx sshd[9255]: Server listening on :: port 22. Feb 13 15:05:10.973914 osdx systemd[1]: Started OpenBSD Secure Shell server. Feb 13 15:05:10.994164 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:05:11.054251 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:05:11.102515 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:05:11.308505 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 13 15:05:14.337444 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b25836791e0c7d16fb1075b0ddfa3e223304b452cb8f37eefc6ca92f80dc97be'. Feb 13 15:05:14.561848 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Feb 13 15:05:14.690001 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 13 15:05:14.814340 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 13 15:05:14.935406 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 13 15:05:15.049110 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgslg2eR4MfRb7EHWw3fo-IjMEtFLLjzfu_GypL4Dcl74NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Feb 13 15:05:15.200853 osdx ca-certificates[9317]: Updating certificates in /etc/ssl/certs... Feb 13 15:05:16.020580 osdx ca-certificates[10301]: 1 added, 0 removed; done. Feb 13 15:05:16.027143 osdx ca-certificates[10305]: Running hooks in /etc/ca-certificates/update.d... Feb 13 15:05:16.032785 osdx ca-certificates[10309]: done. Feb 13 15:05:16.151451 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 15:05:16.155495 osdx cfgd[1203]: [1768]Completed change to active configuration Feb 13 15:05:16.163913 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Feb 13 15:05:16.191246 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Feb 13 15:05:16.200942 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] dnscrypt-proxy 2.0.45 Feb 13 15:05:16.201433 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Network connectivity detected Feb 13 15:05:16.202147 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Dropping privileges Feb 13 15:05:16.205478 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Network connectivity detected Feb 13 15:05:16.205693 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 13 15:05:16.205800 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 13 15:05:16.205926 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Firefox workaround initialized Feb 13 15:05:16.206026 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5BK_5V] Feb 13 15:05:16.426578 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Feb 13 15:05:16.487601 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] [DUT0] OK (DoH) - rtt: 123ms Feb 13 15:05:16.487601 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 123ms) Feb 13 15:05:16.487601 osdx dnscrypt-proxy[10316]: [2024-02-13 15:05:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
teldat.com has address 10.11.12.13