Listen Address
Test suite to validate DNS Proxy listen-address configuration. It simply configures a DNS server that may or may not block queries or even servers.
IPv4 Address
Description
DUT0 is configured on a specific IPv4 address and checked by the local resolver to see if it works as expected.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy listen-address 10.215.168.64 port 53 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver name-server 10.215.168.64 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to 10.215.168.64#53: timed out teldat.com has address 19.18.17.16
IPv4 Address With Port Changed
Description
DUT0 is configured on a specific IPv4 address and a different port, then checked by the local resolver to see if it works properly.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns forwarding name-server 10.215.168.64 port 5353 set service dns proxy listen-address 10.215.168.64 port 5353 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
IPv6 Address
Description
DUT0 is configured on a specific IPv6 address and then checked by the local resolver to see if it works properly.
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set interfaces ethernet eth1 address 10::2/64 at DUT0 and expect this output:
Step 3: Run command commit at DUT0 and expect this output:
Step 4: Ping IP address 10::2 from DUT0:
admin@DUT0$ ping 10::2 count 1 size 56 timeout 1Show output
PING 10::2(10::2) 56 data bytes 64 bytes from 10::2: icmp_seq=1 ttl=64 time=0.013 ms --- 10::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.013/0.013/0.013/0.000 ms
Step 5: Run command configure at DUT0 and expect this output:
Step 6: Run command set system certificate trust running://remote.dns-server.crt at DUT0 and expect this output:
Step 7: Run command set service dns proxy server-name RD at DUT0 and expect this output:
Step 8: Run command set service dns proxy static RD protocol dns-over-https host name remote.dns at DUT0 and expect this output:
Step 9: Run command set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 at DUT0 and expect this output:
Step 10: Run command set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Step 11: Run command set service dns proxy listen-address 10::2 port 53 at DUT0 and expect this output:
Step 12: Run command set service dns resolver name-server 10::2 at DUT0 and expect this output:
Step 13: Run command commit at DUT0 and expect this output:
Show output
[ system certificate trust running://remote.dns-server.crt ] rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Step 14: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to 10::2#53: timed out teldat.com has address 19.18.17.16
IPv6 Address With Port Changed
Description
DUT0 is configured on a specific IPv6 address and a different port and then checked by the local resolver to see if it works properly.
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set interfaces ethernet eth1 address 10::2/64 at DUT0 and expect this output:
Step 3: Run command commit at DUT0 and expect this output:
Step 4: Ping IP address 10::2 from DUT0:
admin@DUT0$ ping 10::2 count 1 size 56 timeout 1Show output
PING 10::2(10::2) 56 data bytes 64 bytes from 10::2: icmp_seq=1 ttl=64 time=0.014 ms --- 10::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.014/0.014/0.014/0.000 ms
Step 5: Run command configure at DUT0 and expect this output:
Step 6: Run command set system certificate trust running://remote.dns-server.crt at DUT0 and expect this output:
Step 7: Run command set service dns proxy server-name RD at DUT0 and expect this output:
Step 8: Run command set service dns proxy static RD protocol dns-over-https host name remote.dns at DUT0 and expect this output:
Step 9: Run command set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 at DUT0 and expect this output:
Step 10: Run command set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Step 11: Run command set service dns proxy listen-address 10::2 port 5353 at DUT0 and expect this output:
Step 12: Run command set service dns resolver local at DUT0 and expect this output:
Step 13: Run command set service dns forwarding name-server 10::2 port 5353 at DUT0 and expect this output:
Step 14: Run command commit at DUT0 and expect this output:
Show output
[ system certificate trust running://remote.dns-server.crt ] rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Step 15: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: timed out teldat.com has address 19.18.17.16