Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:04.323969 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:42:04.326613 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:42:04.326675 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:42:04.336078 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:04.694025 osdx osdx-coredump[277054]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:04.702476 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:05.252599 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:05.346104 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:42:05.432526 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:05.616900 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:05.742618 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:05.828282 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:05.861761 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:05.884390 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:06.044705 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:42:07.222748 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:07.284337 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:42:07.382759 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:42:07.442691 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 17 16:42:07.537041 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 17 16:42:07.593196 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 17 16:42:07.686052 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 17 16:42:07.740283 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 17 16:42:07.834084 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:42:07.891873 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 17 16:42:08.009250 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:08.102820 osdx ca-certificates[277196]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:08.668594 osdx ca-certificates[278200]: 1 added, 0 removed; done. Jul 17 16:42:08.673036 osdx ca-certificates[278206]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:08.675961 osdx ca-certificates[278208]: done. Jul 17 16:42:08.795225 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:08.797766 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:08.801666 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:08.828786 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:08.829488 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:08.829740 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Network connectivity detected Jul 17 16:42:08.830074 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Dropping privileges Jul 17 16:42:08.833068 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Network connectivity detected Jul 17 16:42:08.833123 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:08.833123 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:08.833123 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 17 16:42:08.833123 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Firefox workaround initialized Jul 17 16:42:08.833123 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqpn4vn6d] Jul 17 16:42:08.967588 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] [RD] OK (DoH) - rtt: 105ms Jul 17 16:42:08.967588 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] Server with the lowest initial latency: RD (rtt: 105ms) Jul 17 16:42:08.967588 osdx dnscrypt-proxy[278268]: [2024-07-17 16:42:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:04.296855 osdx systemd-journald[1360]: Runtime Journal (/run/log/journal/1136bfd51c6042e9ac02f83740870c06) is 2.5M, max 9.7M, 7.2M free. Jul 17 16:42:04.300751 osdx systemd-journald[1360]: Received client request to rotate journal, rotating. Jul 17 16:42:04.300798 osdx systemd-journald[1360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/1136bfd51c6042e9ac02f83740870c06. Jul 17 16:42:04.308108 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:04.786326 osdx osdx-coredump[122949]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:04.795735 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:06.112886 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:06.238688 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 17 16:42:06.316716 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:06.412505 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service ssh'. Jul 17 16:42:06.505683 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:06.630834 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:06.775061 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 17 16:42:06.793852 osdx sshd[123037]: Server listening on 0.0.0.0 port 22. Jul 17 16:42:06.794113 osdx sshd[123037]: Server listening on :: port 22. Jul 17 16:42:06.794232 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 17 16:42:06.820587 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:06.851953 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:06.868942 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:07.018835 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 17 16:42:09.032135 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:09.123095 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 17 16:42:09.176670 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 17 16:42:09.267179 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 17 16:42:09.325585 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 17 16:42:09.415127 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 17 16:42:09.469534 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 17 16:42:09.563171 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481'. Jul 17 16:42:09.638420 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:09.743505 osdx ca-certificates[123109]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:10.247375 osdx ca-certificates[124113]: 1 added, 0 removed; done. Jul 17 16:42:10.251937 osdx ca-certificates[124116]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:10.256307 osdx ca-certificates[124120]: done. Jul 17 16:42:10.323139 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:10.326269 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:10.336958 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:10.353051 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:10.353344 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Network connectivity detected Jul 17 16:42:10.353594 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Dropping privileges Jul 17 16:42:10.355656 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Network connectivity detected Jul 17 16:42:10.355755 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:10.355790 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:10.355845 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Firefox workaround initialized Jul 17 16:42:10.355875 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqe7m34sv] Jul 17 16:42:10.368059 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:10.511322 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:42:10.654539 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] [DUT0] OK (DoH) - rtt: 122ms Jul 17 16:42:10.654539 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 122ms) Jul 17 16:42:10.654539 osdx dnscrypt-proxy[124128]: [2024-07-17 16:42:10] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:16.286686 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:42:16.287188 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:42:16.287219 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:42:16.297717 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:16.660371 osdx osdx-coredump[279906]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:16.668073 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:17.266464 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:17.340013 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:42:17.423485 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:17.489428 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:17.598940 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:17.673955 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:17.699801 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:17.720399 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:17.857283 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:42:18.842543 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 17 16:42:18.987900 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:19.084495 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:42:19.147900 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:42:19.240116 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 17 16:42:19.296238 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 17 16:42:19.420174 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 17 16:42:19.495473 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 17 16:42:19.601802 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:42:19.671957 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 17 16:42:19.796006 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:19.893446 osdx ca-certificates[280048]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:20.494585 osdx ca-certificates[281052]: 1 added, 0 removed; done. Jul 17 16:42:20.498765 osdx ca-certificates[281058]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:20.502952 osdx ca-certificates[281060]: done. Jul 17 16:42:20.635365 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:20.636660 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:20.639015 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:20.665123 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:20.665322 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Network connectivity detected Jul 17 16:42:20.665528 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Dropping privileges Jul 17 16:42:20.668290 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Network connectivity detected Jul 17 16:42:20.668330 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:20.668330 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:20.668357 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 17 16:42:20.668372 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Firefox workaround initialized Jul 17 16:42:20.668372 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpcnfbr5m4] Jul 17 16:42:20.673021 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:20.820990 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] [RD] OK (DoH) - rtt: 126ms Jul 17 16:42:20.820990 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 126ms) Jul 17 16:42:20.820990 osdx dnscrypt-proxy[281120]: [2024-07-17 16:42:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:17.261971 osdx systemd-journald[1360]: Runtime Journal (/run/log/journal/1136bfd51c6042e9ac02f83740870c06) is 2.4M, max 9.7M, 7.2M free. Jul 17 16:42:17.265525 osdx systemd-journald[1360]: Received client request to rotate journal, rotating. Jul 17 16:42:17.265575 osdx systemd-journald[1360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/1136bfd51c6042e9ac02f83740870c06. Jul 17 16:42:17.272773 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:17.757602 osdx osdx-coredump[125741]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:17.768440 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:18.881699 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:18.955897 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 17 16:42:19.039570 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:19.090391 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service ssh'. Jul 17 16:42:19.201380 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:19.297533 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:19.417772 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 17 16:42:19.435723 osdx sshd[125829]: Server listening on 0.0.0.0 port 22. Jul 17 16:42:19.435929 osdx sshd[125829]: Server listening on :: port 22. Jul 17 16:42:19.436023 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 17 16:42:19.459893 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:19.486126 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:19.501265 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:19.640983 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 17 16:42:21.882818 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481'. Jul 17 16:42:22.018851 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:22.081067 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 17 16:42:22.175389 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 17 16:42:22.229684 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 17 16:42:22.336501 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 17 16:42:22.423272 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:22.547395 osdx ca-certificates[125903]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:23.050822 osdx ca-certificates[126907]: 1 added, 0 removed; done. Jul 17 16:42:23.055295 osdx ca-certificates[126910]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:23.059759 osdx ca-certificates[126914]: done. Jul 17 16:42:23.125740 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:23.128234 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:23.135264 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:23.153022 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:23.153310 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Network connectivity detected Jul 17 16:42:23.153871 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Dropping privileges Jul 17 16:42:23.155559 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Network connectivity detected Jul 17 16:42:23.155640 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:23.155674 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:23.155720 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Firefox workaround initialized Jul 17 16:42:23.155747 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbfveu6op] Jul 17 16:42:23.162347 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:23.338208 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:42:23.440943 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] [DUT0] OK (DoH) - rtt: 141ms Jul 17 16:42:23.440943 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 141ms) Jul 17 16:42:23.440943 osdx dnscrypt-proxy[126922]: [2024-07-17 16:42:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 17 16:42:29.295794 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:42:29.299393 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:42:29.299449 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:42:29.305988 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:29.634994 osdx osdx-coredump[282758]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:29.645843 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:30.126823 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:30.209467 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:42:30.308311 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:30.395731 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:30.503311 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:30.580398 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:30.606789 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:30.623344 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:30.762475 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:42:31.813830 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 17 16:42:31.985157 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:32.042913 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:42:32.141897 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:42:32.198404 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 17 16:42:32.293895 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 17 16:42:32.351935 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 17 16:42:32.451589 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 17 16:42:32.503102 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:42:32.621601 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 17 16:42:32.709995 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 17 16:42:32.766465 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 17 16:42:32.883203 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:32.982258 osdx ca-certificates[282901]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:33.533378 osdx ca-certificates[283905]: 1 added, 0 removed; done. Jul 17 16:42:33.536590 osdx ca-certificates[283911]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:33.540020 osdx ca-certificates[283913]: done. Jul 17 16:42:33.667658 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:33.668877 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:33.671088 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:33.687521 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:33.692239 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:33.692389 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Network connectivity detected Jul 17 16:42:33.692619 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Dropping privileges Jul 17 16:42:33.695510 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Network connectivity detected Jul 17 16:42:33.695606 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:33.695646 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:33.695686 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 17 16:42:33.695737 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Firefox workaround initialized Jul 17 16:42:33.695768 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbory12eq] Jul 17 16:42:33.739147 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] [RD] OK (DNSCrypt) - rtt: 42ms Jul 17 16:42:33.739306 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 42ms) Jul 17 16:42:33.739350 osdx dnscrypt-proxy[283973]: [2024-07-17 16:42:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:29.260676 osdx systemd-journald[1360]: Runtime Journal (/run/log/journal/1136bfd51c6042e9ac02f83740870c06) is 2.4M, max 9.7M, 7.3M free. Jul 17 16:42:29.261812 osdx systemd-journald[1360]: Received client request to rotate journal, rotating. Jul 17 16:42:29.261854 osdx systemd-journald[1360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/1136bfd51c6042e9ac02f83740870c06. Jul 17 16:42:29.271164 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:29.708503 osdx osdx-coredump[128536]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:29.716838 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:30.794602 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:30.881857 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 17 16:42:30.974299 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:31.024347 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service ssh'. Jul 17 16:42:31.138363 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:31.225515 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:31.337765 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 17 16:42:31.354100 osdx sshd[128624]: Server listening on 0.0.0.0 port 22. Jul 17 16:42:31.354307 osdx sshd[128624]: Server listening on :: port 22. Jul 17 16:42:31.354401 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 17 16:42:31.378054 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:31.402849 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:31.427840 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:31.573891 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 17 16:42:33.857965 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:33.918158 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 17 16:42:34.006677 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 17 16:42:34.063433 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 17 16:42:34.241045 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 17 16:42:34.299953 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 17 16:42:34.398694 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 17 16:42:34.461096 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481'. Jul 17 16:42:34.570895 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:34.653276 osdx ca-certificates[128696]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:35.128782 osdx ca-certificates[129700]: 1 added, 0 removed; done. Jul 17 16:42:35.132897 osdx ca-certificates[129703]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:35.136840 osdx ca-certificates[129707]: done. Jul 17 16:42:35.201767 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:35.204429 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:35.211228 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:35.226849 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:35.231204 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:35.231438 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Network connectivity detected Jul 17 16:42:35.231664 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Dropping privileges Jul 17 16:42:35.233609 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Network connectivity detected Jul 17 16:42:35.233695 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:35.233729 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:35.233779 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Firefox workaround initialized Jul 17 16:42:35.233805 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8wpht24i] Jul 17 16:42:35.385072 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:42:35.490366 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] [DUT0] OK (DoH) - rtt: 118ms Jul 17 16:42:35.490366 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 118ms) Jul 17 16:42:35.490366 osdx dnscrypt-proxy[129715]: [2024-07-17 16:42:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 17 16:42:41.336172 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 16:42:41.339379 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 16:42:41.339421 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 16:42:41.346656 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:41.697803 osdx osdx-coredump[285610]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:41.707290 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:42.185564 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:42.249890 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 17 16:42:42.340569 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:42.408653 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:42.539335 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:42.619580 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:42.653787 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:42.669340 osdx OSDxCLI[170971]: User 'admin' left the configuration menu. Jul 17 16:42:42.819648 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 16:42:43.949669 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 17 16:42:44.037643 osdx OSDxCLI[170971]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 17 16:42:44.212512 osdx OSDxCLI[170971]: User 'admin' entered the configuration menu. Jul 17 16:42:44.302515 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 17 16:42:44.406507 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 17 16:42:44.472369 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 17 16:42:44.587997 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 17 16:42:44.652347 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 17 16:42:44.774380 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 17 16:42:44.833999 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 17 16:42:44.939851 osdx OSDxCLI[170971]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:45.030537 osdx ca-certificates[285753]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:45.636306 osdx ca-certificates[286757]: 1 added, 0 removed; done. Jul 17 16:42:45.639466 osdx ca-certificates[286763]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:45.642606 osdx ca-certificates[286765]: done. Jul 17 16:42:45.783969 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:45.785835 osdx cfgd[1240]: [170971]Completed change to active configuration Jul 17 16:42:45.788547 osdx OSDxCLI[170971]: User 'admin' committed the configuration. Jul 17 16:42:45.806013 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:45.806379 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Network connectivity detected Jul 17 16:42:45.806724 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Dropping privileges Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Network connectivity detected Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Firefox workaround initialized Jul 17 16:42:45.809667 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpd_778hsj] Jul 17 16:42:45.810361 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 17 16:42:45.810420 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 17 16:42:45.810458 osdx dnscrypt-proxy[286825]: [2024-07-17 16:42:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 17 16:42:45.823982 osdx OSDxCLI[170971]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 17 16:42:41.299890 osdx systemd-journald[1360]: Runtime Journal (/run/log/journal/1136bfd51c6042e9ac02f83740870c06) is 2.4M, max 9.7M, 7.3M free. Jul 17 16:42:41.303232 osdx systemd-journald[1360]: Received client request to rotate journal, rotating. Jul 17 16:42:41.303288 osdx systemd-journald[1360]: Vacuuming done, freed 0B of archived journals from /run/log/journal/1136bfd51c6042e9ac02f83740870c06. Jul 17 16:42:41.310302 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal clear'. Jul 17 16:42:41.761590 osdx osdx-coredump[131328]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 16:42:41.769604 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 16:42:42.844207 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:42.971460 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 17 16:42:43.037002 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 17 16:42:43.136161 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service ssh'. Jul 17 16:42:43.225815 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:43.347239 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 16:42:43.475442 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 17 16:42:43.493992 osdx sshd[131416]: Server listening on 0.0.0.0 port 22. Jul 17 16:42:43.494222 osdx sshd[131416]: Server listening on :: port 22. Jul 17 16:42:43.494326 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 17 16:42:43.520950 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:43.552251 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:43.568454 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:43.725396 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 17 16:42:46.210628 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 2b3de116dbbc6ca138139ec98673a25a44709affb1d6b9139f7b4a54bb2a0481'. Jul 17 16:42:46.344813 osdx OSDxCLI[75437]: User 'admin' entered the configuration menu. Jul 17 16:42:46.405447 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 17 16:42:46.503148 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 17 16:42:46.557733 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 17 16:42:46.665281 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgKz3hFtu8bKE4E57JhnOiWkRwmv-x1rkTn3tKVLsqBIENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 17 16:42:46.739577 osdx OSDxCLI[75437]: User 'admin' added a new cfg line: 'show working'. Jul 17 16:42:46.844961 osdx ca-certificates[131488]: Updating certificates in /etc/ssl/certs... Jul 17 16:42:47.354697 osdx ca-certificates[132492]: 1 added, 0 removed; done. Jul 17 16:42:47.359023 osdx ca-certificates[132495]: Running hooks in /etc/ca-certificates/update.d... Jul 17 16:42:47.363002 osdx ca-certificates[132499]: done. Jul 17 16:42:47.427530 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 17 16:42:47.430367 osdx cfgd[1028]: [75437]Completed change to active configuration Jul 17 16:42:47.441067 osdx OSDxCLI[75437]: User 'admin' committed the configuration. Jul 17 16:42:47.456119 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] dnscrypt-proxy 2.0.45 Jul 17 16:42:47.456413 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Network connectivity detected Jul 17 16:42:47.456658 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Dropping privileges Jul 17 16:42:47.458695 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Network connectivity detected Jul 17 16:42:47.458797 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 17 16:42:47.458842 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 17 16:42:47.458888 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Firefox workaround initialized Jul 17 16:42:47.458922 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf66d00iq] Jul 17 16:42:47.467448 osdx OSDxCLI[75437]: User 'admin' left the configuration menu. Jul 17 16:42:47.666130 osdx OSDxCLI[75437]: User 'admin' executed a new command: 'system journal show | cat'. Jul 17 16:42:47.685443 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Jul 17 16:42:47.685443 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Jul 17 16:42:47.685443 osdx dnscrypt-proxy[132507]: [2024-07-17 16:42:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13