Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:09.292186 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.2M free. Jul 03 16:28:09.293696 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:09.293759 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:09.303239 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:09.620244 osdx osdx-coredump[300846]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:09.627671 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:10.077077 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:10.145720 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:28:10.223290 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:10.310097 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:10.433705 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:10.485933 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:10.511542 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:10.526735 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:10.679437 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:28:10.860461 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:10.917004 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:28:11.025998 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:28:11.087387 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:28:11.177927 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:28:11.231418 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:28:11.323190 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:28:11.402475 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:11.507239 osdx ca-certificates[300959]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:12.054567 osdx ca-certificates[301964]: 1 added, 0 removed; done. Jul 03 16:28:12.057663 osdx ca-certificates[301970]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:12.061677 osdx ca-certificates[301972]: done. Jul 03 16:28:12.174484 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:12.176897 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:12.181253 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:12.202445 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:12.206357 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:12.206607 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Network connectivity detected Jul 03 16:28:12.206686 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Dropping privileges Jul 03 16:28:12.208946 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Network connectivity detected Jul 03 16:28:12.208998 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:12.208998 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:12.209032 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Firefox workaround initialized Jul 03 16:28:12.209032 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp45vxlwln] Jul 03 16:28:12.355457 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] [RD] OK (DoH) - rtt: 122ms Jul 03 16:28:12.355457 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) Jul 03 16:28:12.355457 osdx dnscrypt-proxy[302029]: [2024-07-03 16:28:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 03 16:28:12.356015 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:17.282375 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:28:17.285499 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:17.285540 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:17.293799 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:17.636830 osdx osdx-coredump[303674]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:17.644651 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:18.131739 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:18.243646 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:28:18.307717 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:18.426824 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:18.513508 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:18.567637 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:18.601076 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:18.625722 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:18.764667 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:28:18.886271 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:28:19.022267 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:19.090367 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:28:19.178944 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:28:19.234826 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 03 16:28:19.322192 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:28:19.388629 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:19.506830 osdx ca-certificates[303789]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:20.041280 osdx ca-certificates[304792]: 1 added, 0 removed; done. Jul 03 16:28:20.045260 osdx ca-certificates[304799]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:20.049521 osdx ca-certificates[304801]: done. Jul 03 16:28:20.141932 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:20.143262 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:20.145746 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:20.172983 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:20.173256 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Network connectivity detected Jul 03 16:28:20.173306 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Dropping privileges Jul 03 16:28:20.173886 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:20.175584 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Network connectivity detected Jul 03 16:28:20.175677 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:20.175711 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:20.175760 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Firefox workaround initialized Jul 03 16:28:20.175793 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9oevpqx0] Jul 03 16:28:20.309248 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:28:20.330552 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] [RD] OK (DoH) - rtt: 132ms Jul 03 16:28:20.330552 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 132ms) Jul 03 16:28:20.330552 osdx dnscrypt-proxy[304858]: [2024-07-03 16:28:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 03 16:28:25.289026 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:28:25.292669 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:25.292727 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:25.300003 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:25.626992 osdx osdx-coredump[306502]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:25.634451 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:26.078274 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:26.146426 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:28:26.228842 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:26.295143 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:26.412640 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:26.474452 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:26.500909 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:26.522677 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:26.657867 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:28:26.760552 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 03 16:28:26.916930 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:26.975794 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:28:27.077885 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:28:27.165308 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 03 16:28:27.224116 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 03 16:28:27.313487 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 03 16:28:27.374048 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 03 16:28:27.462281 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:28:27.536257 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:27.652331 osdx ca-certificates[306619]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:28.200454 osdx ca-certificates[307622]: 1 added, 0 removed; done. Jul 03 16:28:28.203766 osdx ca-certificates[307629]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:28.206632 osdx ca-certificates[307631]: done. Jul 03 16:28:28.313044 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:28.314436 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:28.317061 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:28.341834 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:28.342046 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Network connectivity detected Jul 03 16:28:28.342090 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Dropping privileges Jul 03 16:28:28.344539 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Network connectivity detected Jul 03 16:28:28.344567 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:28.344567 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:28.344632 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Firefox workaround initialized Jul 03 16:28:28.344632 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgnowvoxn] Jul 03 16:28:28.345364 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 03 16:28:28.345364 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 03 16:28:28.345420 osdx dnscrypt-proxy[307688]: [2024-07-03 16:28:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 03 16:28:28.369953 osdx OSDxCLI[150173]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 03 16:28:32.302406 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:28:32.305803 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:32.305847 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:32.313914 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:32.633337 osdx osdx-coredump[309327]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:32.641287 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:33.093012 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:33.164483 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:28:33.246793 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:33.311424 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:33.425863 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:33.484631 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:33.524542 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:33.540248 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:33.681255 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:28:33.776247 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 03 16:28:33.866128 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 03 16:28:34.015729 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:34.076302 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:28:34.175578 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:28:34.237187 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 03 16:28:34.325856 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:28:34.408711 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:34.518562 osdx ca-certificates[309444]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:35.015630 osdx ca-certificates[310447]: 1 added, 0 removed; done. Jul 03 16:28:35.018529 osdx ca-certificates[310454]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:35.021405 osdx ca-certificates[310456]: done. Jul 03 16:28:35.114170 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:35.115524 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:35.117799 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:35.135481 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:35.135678 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Network connectivity detected Jul 03 16:28:35.135723 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Dropping privileges Jul 03 16:28:35.137763 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Network connectivity detected Jul 03 16:28:35.137792 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:35.137792 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:35.137822 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Firefox workaround initialized Jul 03 16:28:35.137822 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpn8l7umfx] Jul 03 16:28:35.138532 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 03 16:28:35.138555 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 03 16:28:35.138555 osdx dnscrypt-proxy[310513]: [2024-07-03 16:28:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 03 16:28:35.153333 osdx OSDxCLI[150173]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16