Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:43:01.316976 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.2M free. Jul 17 16:43:01.317472 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:43:01.317504 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:43:01.327446 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:43:01.639904 osdx osdx-coredump[288699]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:43:01.647476 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:43:02.157239 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:02.283942 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:43:02.344701 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:43:02.466977 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:02.565251 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:43:02.638953 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:02.674429 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:02.718226 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:02.882307 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:43:03.013008 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:03.072312 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:43:03.158413 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:43:03.217462 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 17 16:43:03.312253 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 17 16:43:03.371726 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 17 16:43:03.458811 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:43:03.544532 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:03.667980 osdx ca-certificates[288836]: Updating certificates in /etc/ssl/certs... Jul 17 16:43:04.209638 osdx ca-certificates[289839]: 1 added, 0 removed; done. Jul 17 16:43:04.212657 osdx ca-certificates[289846]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:43:04.216243 osdx ca-certificates[289848]: done. Jul 17 16:43:04.313595 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:43:04.314873 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:04.317433 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:04.342747 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:43:04.342950 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Network connectivity detected Jul 17 16:43:04.343013 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Dropping privileges Jul 17 16:43:04.345004 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:04.345253 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Network connectivity detected Jul 17 16:43:04.345253 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:43:04.345253 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:43:04.345253 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Firefox workaround initialized Jul 17 16:43:04.345253 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpsvt1zmeu] Jul 17 16:43:04.491201 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:43:04.680900 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:43:04.875898 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:43:04.901319 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] [RD] OK (DoH) - rtt: 535ms Jul 17 16:43:04.901319 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 535ms) Jul 17 16:43:04.901319 osdx dnscrypt-proxy[289905]: [2024-07-17 16:43:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:43:09.311764 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:43:09.315113 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:43:09.315181 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:43:09.323213 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:43:09.647454 osdx osdx-coredump[291559]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:43:09.658620 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:43:10.076479 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:10.139288 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:43:10.224146 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:43:10.289155 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:10.403102 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:43:10.478002 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:10.506502 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:10.522550 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:10.658933 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:43:10.773521 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 17 16:43:10.938799 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:10.994321 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:43:11.087741 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:43:11.142427 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 17 16:43:11.231744 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:43:11.299456 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:11.415228 osdx ca-certificates[291697]: Updating certificates in /etc/ssl/certs... Jul 17 16:43:11.952051 osdx ca-certificates[292700]: 1 added, 0 removed; done. Jul 17 16:43:11.956122 osdx ca-certificates[292707]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:43:11.959270 osdx ca-certificates[292709]: done. Jul 17 16:43:12.071462 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:43:12.072786 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:12.075230 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:12.093367 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:43:12.093563 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Network connectivity detected Jul 17 16:43:12.093657 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Dropping privileges Jul 17 16:43:12.097198 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Network connectivity detected Jul 17 16:43:12.097198 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:43:12.097198 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:43:12.097198 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Firefox workaround initialized Jul 17 16:43:12.097198 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqvwaegr4] Jul 17 16:43:12.097580 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:12.253389 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] [RD] OK (DoH) - rtt: 135ms Jul 17 16:43:12.253389 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 135ms) Jul 17 16:43:12.253389 osdx dnscrypt-proxy[292766]: [2024-07-17 16:43:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 17 16:43:12.253509 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 17 16:43:18.314617 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:43:18.317554 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:43:18.317619 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:43:18.327251 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:43:18.660161 osdx osdx-coredump[294411]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:43:18.669903 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:43:19.151903 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:19.218735 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:43:19.314010 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:43:19.381322 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:19.497556 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:43:19.565737 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:19.592209 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:19.613435 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:19.757095 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:43:19.863828 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 17 16:43:20.026763 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:20.096420 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:43:20.191351 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:43:20.243111 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 17 16:43:20.340629 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 17 16:43:20.394299 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 17 16:43:20.494427 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 17 16:43:20.542195 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:43:20.655613 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:20.741288 osdx ca-certificates[294550]: Updating certificates in /etc/ssl/certs... Jul 17 16:43:21.298901 osdx ca-certificates[295554]: 1 added, 0 removed; done. Jul 17 16:43:21.302009 osdx ca-certificates[295561]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:43:21.306103 osdx ca-certificates[295563]: done. Jul 17 16:43:21.409902 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:43:21.411219 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:21.413670 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:21.430397 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:21.436310 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:43:21.436478 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Network connectivity detected Jul 17 16:43:21.436685 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Dropping privileges Jul 17 16:43:21.439547 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Network connectivity detected Jul 17 16:43:21.439585 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:43:21.439585 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:43:21.439613 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Firefox workaround initialized Jul 17 16:43:21.439613 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpom20t47h] Jul 17 16:43:21.440242 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 17 16:43:21.440242 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 17 16:43:21.440242 osdx dnscrypt-proxy[295620]: [2024-07-17 16:43:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 17 16:43:26.290036 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:43:26.292774 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:43:26.292842 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:43:26.300467 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:43:26.599768 osdx osdx-coredump[297259]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:43:26.607129 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:43:27.029756 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:27.094566 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:43:27.177120 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:43:27.244404 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:27.352745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:43:27.425928 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:27.451186 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:27.465834 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:43:27.634780 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:43:27.732541 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 17 16:43:27.815952 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 17 16:43:27.968566 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:43:28.021739 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:43:28.120384 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:43:28.178779 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 17 16:43:28.269279 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:43:28.350839 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:43:28.450191 osdx ca-certificates[297399]: Updating certificates in /etc/ssl/certs... Jul 17 16:43:29.000787 osdx ca-certificates[298403]: 1 added, 0 removed; done. Jul 17 16:43:29.004755 osdx ca-certificates[298409]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:43:29.008020 osdx ca-certificates[298411]: done. Jul 17 16:43:29.097233 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:43:29.098709 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:43:29.102651 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:43:29.118531 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:43:29.118799 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Network connectivity detected Jul 17 16:43:29.118879 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Dropping privileges Jul 17 16:43:29.121176 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Network connectivity detected Jul 17 16:43:29.121223 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:43:29.121223 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:43:29.121223 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Firefox workaround initialized Jul 17 16:43:29.121273 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6m3plgtz] Jul 17 16:43:29.121922 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 17 16:43:29.121962 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 17 16:43:29.121962 osdx dnscrypt-proxy[298468]: [2024-07-17 16:43:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 17 16:43:29.148893 osdx OSDxCLI[170971]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16