Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:47.282975 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.2M free. Jul 03 16:28:47.284620 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:47.284705 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:47.293110 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:47.672479 osdx osdx-coredump[312390]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:47.683224 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:48.162976 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:48.235897 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:28:48.317186 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:48.383916 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:48.496632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:48.564343 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:48.597582 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:48.615454 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:48.782026 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:28:49.722078 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:28:49.818468 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:28:49.871348 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:28:49.971441 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:28:50.022617 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:28:50.120331 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:28:50.169679 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 03 16:28:50.262674 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 03 16:28:50.312658 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:28:50.407651 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 03 16:28:50.474472 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:50.583395 osdx ca-certificates[312507]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:51.110980 osdx ca-certificates[313510]: 1 added, 0 removed; done. Jul 03 16:28:51.113977 osdx ca-certificates[313517]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:51.117165 osdx ca-certificates[313519]: done. Jul 03 16:28:51.229113 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:51.231188 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:28:51.234221 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:28:51.255012 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:51.255012 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Network connectivity detected Jul 03 16:28:51.255257 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Dropping privileges Jul 03 16:28:51.257606 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Network connectivity detected Jul 03 16:28:51.257647 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:51.257647 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:51.257647 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 03 16:28:51.257695 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Firefox workaround initialized Jul 03 16:28:51.257695 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpz42_72r7] Jul 03 16:28:51.259659 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:28:51.403177 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:28:51.408880 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] [RD] OK (DoH) - rtt: 127ms Jul 03 16:28:51.408880 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] Server with the lowest initial latency: RD (rtt: 127ms) Jul 03 16:28:51.408880 osdx dnscrypt-proxy[313579]: [2024-07-03 16:28:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:47.272802 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/831aeca402c6428e9ad074105f874d77) is 2.4M, max 9.7M, 7.3M free. Jul 03 16:28:47.276697 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Jul 03 16:28:47.276744 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/831aeca402c6428e9ad074105f874d77. Jul 03 16:28:47.283214 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:47.774632 osdx osdx-coredump[129713]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:47.782578 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:28:48.790603 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:28:48.852737 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 03 16:28:48.937662 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:28:48.995849 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service ssh'. Jul 03 16:28:49.107253 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:49.199006 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:28:49.306728 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 03 16:28:49.325297 osdx sshd[129779]: Server listening on 0.0.0.0 port 22. Jul 03 16:28:49.325529 osdx sshd[129779]: Server listening on :: port 22. Jul 03 16:28:49.325632 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 03 16:28:49.351043 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:28:49.377128 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:28:49.392748 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:28:49.527123 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 03 16:28:51.622336 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:28:51.678443 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 03 16:28:51.769244 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 03 16:28:51.819446 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 03 16:28:51.923798 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 03 16:28:51.976811 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 03 16:28:52.066644 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 03 16:28:52.119513 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440'. Jul 03 16:28:52.233475 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:28:52.319492 osdx ca-certificates[129851]: Updating certificates in /etc/ssl/certs... Jul 03 16:28:52.832093 osdx ca-certificates[130855]: 1 added, 0 removed; done. Jul 03 16:28:52.836710 osdx ca-certificates[130858]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:28:52.840771 osdx ca-certificates[130862]: done. Jul 03 16:28:52.906856 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:28:52.909803 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:28:52.916320 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:28:52.931661 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:28:52.937795 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:28:52.938075 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Network connectivity detected Jul 03 16:28:52.938330 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Dropping privileges Jul 03 16:28:52.940457 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Network connectivity detected Jul 03 16:28:52.940549 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:28:52.940581 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:28:52.940634 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Firefox workaround initialized Jul 03 16:28:52.940663 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpulqd26kg] Jul 03 16:28:53.107722 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:28:53.139350 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:53] [NOTICE] [DUT0] OK (DoH) - rtt: 124ms Jul 03 16:28:53.139350 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:53] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 124ms) Jul 03 16:28:53.139350 osdx dnscrypt-proxy[130870]: [2024-07-03 16:28:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:59.285225 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:28:59.289246 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:28:59.289312 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:28:59.295970 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:59.619311 osdx osdx-coredump[315221]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:59.626733 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:00.092979 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:00.255131 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:29:00.309241 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:00.419463 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:00.501312 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:00.554616 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:00.580761 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:00.596723 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:29:00.735480 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:29:01.655546 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:29:01.788050 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:01.841670 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:29:01.939346 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:29:02.000302 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 03 16:29:02.088988 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 03 16:29:02.142295 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 03 16:29:02.266775 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 03 16:29:02.316401 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:29:02.414592 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 03 16:29:02.484991 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:02.602132 osdx ca-certificates[315344]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:03.107549 osdx ca-certificates[316349]: 1 added, 0 removed; done. Jul 03 16:29:03.110604 osdx ca-certificates[316355]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:03.113697 osdx ca-certificates[316357]: done. Jul 03 16:29:03.237577 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:03.238689 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:03.241391 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:03.257905 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:29:03.259503 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:03.259715 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Network connectivity detected Jul 03 16:29:03.259798 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Dropping privileges Jul 03 16:29:03.261881 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Network connectivity detected Jul 03 16:29:03.261915 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:03.261915 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:03.261915 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 03 16:29:03.261979 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Firefox workaround initialized Jul 03 16:29:03.261979 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpm3sk2c_8] Jul 03 16:29:03.401875 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:29:03.423566 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] [RD] OK (DoH) - rtt: 140ms Jul 03 16:29:03.423566 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 140ms) Jul 03 16:29:03.423566 osdx dnscrypt-proxy[316417]: [2024-07-03 16:29:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:28:59.258095 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/831aeca402c6428e9ad074105f874d77) is 2.4M, max 9.7M, 7.3M free. Jul 03 16:28:59.261979 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Jul 03 16:28:59.262031 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/831aeca402c6428e9ad074105f874d77. Jul 03 16:28:59.268429 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:28:59.694751 osdx osdx-coredump[132483]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:28:59.702521 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:00.746796 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:00.808728 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 03 16:29:00.888532 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:00.934421 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service ssh'. Jul 03 16:29:01.044056 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:01.131570 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:01.243879 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 03 16:29:01.265154 osdx sshd[132549]: Server listening on 0.0.0.0 port 22. Jul 03 16:29:01.265357 osdx sshd[132549]: Server listening on :: port 22. Jul 03 16:29:01.265455 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 03 16:29:01.290320 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:01.320045 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:01.333912 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:01.469426 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 03 16:29:03.608616 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440'. Jul 03 16:29:03.743928 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:03.797262 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 03 16:29:03.888162 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 03 16:29:03.940001 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 03 16:29:04.062204 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 03 16:29:04.169693 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:04.254783 osdx ca-certificates[132626]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:04.784929 osdx ca-certificates[133630]: 1 added, 0 removed; done. Jul 03 16:29:04.789147 osdx ca-certificates[133633]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:04.793108 osdx ca-certificates[133637]: done. Jul 03 16:29:04.859957 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:04.862634 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:04.873410 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:04.886737 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:04.886993 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Network connectivity detected Jul 03 16:29:04.887216 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Dropping privileges Jul 03 16:29:04.889062 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Network connectivity detected Jul 03 16:29:04.889154 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:04.889191 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:04.889241 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Firefox workaround initialized Jul 03 16:29:04.889269 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9fa1ge76] Jul 03 16:29:04.896812 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:05.052219 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:29:05.148129 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:05] [NOTICE] [DUT0] OK (DoH) - rtt: 134ms Jul 03 16:29:05.148129 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:05] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 134ms) Jul 03 16:29:05.148129 osdx dnscrypt-proxy[133645]: [2024-07-03 16:29:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 03 16:29:11.287197 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:29:11.290013 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:29:11.290072 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:29:11.300402 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:29:11.613008 osdx osdx-coredump[318061]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:29:11.621937 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:12.099033 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:12.163876 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:29:12.249032 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:12.311836 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:12.422029 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:12.473990 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:12.500313 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:12.517828 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:29:12.652257 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:29:13.550956 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 03 16:29:13.694239 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:13.755475 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:29:13.871986 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:29:13.927065 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 03 16:29:14.025596 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 03 16:29:14.080230 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 03 16:29:14.177055 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 03 16:29:14.225677 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:29:14.320631 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 03 16:29:14.376184 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 03 16:29:14.470278 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 03 16:29:14.542997 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:14.652240 osdx ca-certificates[318180]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:15.191266 osdx ca-certificates[319185]: 1 added, 0 removed; done. Jul 03 16:29:15.195179 osdx ca-certificates[319191]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:15.198437 osdx ca-certificates[319193]: done. Jul 03 16:29:15.326403 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:15.327663 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:15.330105 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:15.347909 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:29:15.350218 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:15.350434 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Network connectivity detected Jul 03 16:29:15.350512 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Dropping privileges Jul 03 16:29:15.352628 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Network connectivity detected Jul 03 16:29:15.352665 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:15.352665 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:15.352713 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 03 16:29:15.352713 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Firefox workaround initialized Jul 03 16:29:15.352713 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6xhebkv3] Jul 03 16:29:15.353417 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 03 16:29:15.353495 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 03 16:29:15.353545 osdx dnscrypt-proxy[319253]: [2024-07-03 16:29:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:29:11.269400 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/831aeca402c6428e9ad074105f874d77) is 2.4M, max 9.7M, 7.3M free. Jul 03 16:29:11.273618 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Jul 03 16:29:11.273671 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/831aeca402c6428e9ad074105f874d77. Jul 03 16:29:11.280549 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:29:11.731343 osdx osdx-coredump[135258]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:29:11.741250 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:12.670188 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:12.733182 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 03 16:29:12.830554 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:12.878172 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service ssh'. Jul 03 16:29:12.987528 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:13.075056 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:13.179347 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 03 16:29:13.195861 osdx sshd[135324]: Server listening on 0.0.0.0 port 22. Jul 03 16:29:13.196073 osdx sshd[135324]: Server listening on :: port 22. Jul 03 16:29:13.196169 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 03 16:29:13.221399 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:13.245705 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:13.260453 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:13.391762 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 03 16:29:15.532172 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:15.603519 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 03 16:29:15.694177 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 03 16:29:15.751543 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 03 16:29:15.856698 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 03 16:29:15.923814 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 03 16:29:16.020540 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 03 16:29:16.087378 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440'. Jul 03 16:29:16.214991 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:16.337356 osdx ca-certificates[135396]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:16.894202 osdx ca-certificates[136400]: 1 added, 0 removed; done. Jul 03 16:29:16.900027 osdx ca-certificates[136404]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:16.904261 osdx ca-certificates[136408]: done. Jul 03 16:29:16.979310 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:16.982364 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:16.989013 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:17.004937 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:17.011591 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:17.011865 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Network connectivity detected Jul 03 16:29:17.012114 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Dropping privileges Jul 03 16:29:17.014046 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Network connectivity detected Jul 03 16:29:17.014141 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:17.014180 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:17.014233 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Firefox workaround initialized Jul 03 16:29:17.014264 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8dk4dmoq] Jul 03 16:29:17.162862 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:29:17.310360 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] [DUT0] OK (DoH) - rtt: 140ms Jul 03 16:29:17.310360 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 140ms) Jul 03 16:29:17.310360 osdx dnscrypt-proxy[136415]: [2024-07-03 16:29:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 03 16:29:23.308929 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:29:23.309666 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:29:23.309711 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:29:23.319375 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:29:23.699830 osdx osdx-coredump[320891]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:29:23.707612 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:24.187034 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:24.269329 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:29:24.363341 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:24.455195 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:24.585391 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:24.647543 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:24.674139 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:24.696549 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:29:24.849534 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:29:25.878676 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 03 16:29:25.968160 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 03 16:29:26.118366 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:29:26.175532 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:29:26.280432 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:29:26.347276 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 03 16:29:26.456812 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 03 16:29:26.510945 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 03 16:29:26.604770 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 03 16:29:26.661609 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 03 16:29:26.780378 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:26.872082 osdx ca-certificates[321011]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:27.408650 osdx ca-certificates[322015]: 1 added, 0 removed; done. Jul 03 16:29:27.411694 osdx ca-certificates[322021]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:27.414812 osdx ca-certificates[322023]: done. Jul 03 16:29:27.525809 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:27.527411 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:29:27.532723 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:29:27.572136 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:27.572322 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Network connectivity detected Jul 03 16:29:27.572426 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Dropping privileges Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Network connectivity detected Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Firefox workaround initialized Jul 03 16:29:27.574818 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4t2hyz09] Jul 03 16:29:27.575454 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 03 16:29:27.575500 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 03 16:29:27.575500 osdx dnscrypt-proxy[322083]: [2024-07-03 16:29:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 03 16:29:27.578232 osdx OSDxCLI[150173]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 03 16:29:23.334914 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/831aeca402c6428e9ad074105f874d77) is 2.4M, max 9.7M, 7.3M free. Jul 03 16:29:23.339195 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Jul 03 16:29:23.339249 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/831aeca402c6428e9ad074105f874d77. Jul 03 16:29:23.346370 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:29:23.791581 osdx osdx-coredump[138028]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:29:23.798627 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:29:24.903530 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:24.976732 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 03 16:29:25.054940 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:29:25.106947 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service ssh'. Jul 03 16:29:25.222053 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:25.316578 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:29:25.460958 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 03 16:29:25.479929 osdx sshd[138094]: Server listening on 0.0.0.0 port 22. Jul 03 16:29:25.480172 osdx sshd[138094]: Server listening on :: port 22. Jul 03 16:29:25.480272 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 03 16:29:25.512743 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:25.545564 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:25.574092 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:25.711814 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 03 16:29:27.787771 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 73fe3acf20e23694c696db39987165d3cbcfed6d12fa16c9bca8434b2080b440'. Jul 03 16:29:27.922563 osdx OSDxCLI[51782]: User 'admin' entered the configuration menu. Jul 03 16:29:27.981214 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 03 16:29:28.074426 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 03 16:29:28.130312 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 03 16:29:28.233660 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgc_46zyDiNpTGlts5mHFl08vP7W0S-hbJvKhDSyCAtEANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 03 16:29:28.313527 osdx OSDxCLI[51782]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:29:28.429166 osdx ca-certificates[138166]: Updating certificates in /etc/ssl/certs... Jul 03 16:29:29.016040 osdx ca-certificates[139170]: 1 added, 0 removed; done. Jul 03 16:29:29.023443 osdx ca-certificates[139174]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:29:29.029117 osdx ca-certificates[139178]: done. Jul 03 16:29:29.108958 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:29:29.111985 osdx cfgd[1223]: [51782]Completed change to active configuration Jul 03 16:29:29.123416 osdx OSDxCLI[51782]: User 'admin' committed the configuration. Jul 03 16:29:29.141326 osdx OSDxCLI[51782]: User 'admin' left the configuration menu. Jul 03 16:29:29.148260 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] dnscrypt-proxy 2.0.45 Jul 03 16:29:29.148612 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Network connectivity detected Jul 03 16:29:29.148885 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Dropping privileges Jul 03 16:29:29.150944 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Network connectivity detected Jul 03 16:29:29.151052 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 03 16:29:29.151095 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 03 16:29:29.151144 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Firefox workaround initialized Jul 03 16:29:29.151178 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptab_y2su] Jul 03 16:29:29.303776 osdx OSDxCLI[51782]: User 'admin' executed a new command: 'system journal show | cat'. Jul 03 16:29:29.432017 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] [DUT0] OK (DoH) - rtt: 132ms Jul 03 16:29:29.432017 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 132ms) Jul 03 16:29:29.432017 osdx dnscrypt-proxy[139185]: [2024-07-03 16:29:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13