Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:23:26.277361 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.2M free. Jul 30 12:23:26.280500 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:23:26.280559 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:23:26.288791 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:26.575772 osdx osdx-coredump[371889]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:26.583080 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:26.969291 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:27.075589 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:27.125587 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:27.224370 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:27.296489 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:27.353839 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:27.377529 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:27.391443 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:27.527642 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:27.636056 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:27.689176 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:27.781363 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:27.837456 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 30 12:23:27.923215 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 30 12:23:27.976025 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 30 12:23:28.061273 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:28.126660 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:28.234024 osdx ca-certificates[372026]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:28.687282 osdx ca-certificates[373029]: 1 added, 0 removed; done. Jul 30 12:23:28.689999 osdx ca-certificates[373036]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:28.692428 osdx ca-certificates[373038]: done. Jul 30 12:23:28.784750 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:28.786020 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:28.789365 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:28.805152 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:28.807959 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:28.808120 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Network connectivity detected Jul 30 12:23:28.808230 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Dropping privileges Jul 30 12:23:28.810292 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Network connectivity detected Jul 30 12:23:28.810328 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:28.810328 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:28.810366 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Firefox workaround initialized Jul 30 12:23:28.810366 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6gu5fafq] Jul 30 12:23:28.942925 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:23:28.954713 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] [RD] OK (DoH) - rtt: 123ms Jul 30 12:23:28.954713 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 123ms) Jul 30 12:23:28.954713 osdx dnscrypt-proxy[373095]: [2024-07-30 12:23:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:23:34.271208 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 12:23:34.273362 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:23:34.273402 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:23:34.280180 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:34.554487 osdx osdx-coredump[374738]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:34.561122 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:34.948870 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:35.055710 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:35.104854 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:35.208728 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:35.281370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:35.344807 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:35.368124 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:35.382631 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:35.509988 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:35.613381 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 30 12:23:35.748639 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:35.800314 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:35.893456 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:35.950765 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 30 12:23:36.035496 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:36.101515 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:36.208895 osdx ca-certificates[374876]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:36.670417 osdx ca-certificates[375880]: 1 added, 0 removed; done. Jul 30 12:23:36.673068 osdx ca-certificates[375886]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:36.675684 osdx ca-certificates[375888]: done. Jul 30 12:23:36.765730 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:36.766806 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:36.769357 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:36.786230 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:36.786413 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Network connectivity detected Jul 30 12:23:36.786471 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Dropping privileges Jul 30 12:23:36.788804 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Network connectivity detected Jul 30 12:23:36.788804 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:36.788804 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:36.788883 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Firefox workaround initialized Jul 30 12:23:36.788883 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3fbmsdo6] Jul 30 12:23:36.806835 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:36.945392 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] [RD] OK (DoH) - rtt: 135ms Jul 30 12:23:36.945392 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] Server with the lowest initial latency: RD (rtt: 135ms) Jul 30 12:23:36.945392 osdx dnscrypt-proxy[375945]: [2024-07-30 12:23:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 30 12:23:36.945341 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 30 12:23:41.277027 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 12:23:41.277624 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:23:41.277657 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:23:41.286757 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:41.639008 osdx osdx-coredump[377589]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:41.646333 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:42.049280 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:42.153522 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:42.201569 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:42.308689 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:42.385642 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:42.452288 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:42.476890 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:42.492072 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:42.622243 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:42.710675 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 30 12:23:42.841533 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:42.893412 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:42.989020 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:43.039993 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 30 12:23:43.131637 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 30 12:23:43.182294 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 30 12:23:43.278037 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 30 12:23:43.321864 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:43.436628 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:43.510031 osdx ca-certificates[377729]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:43.973376 osdx ca-certificates[378733]: 1 added, 0 removed; done. Jul 30 12:23:43.975987 osdx ca-certificates[378739]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:43.978976 osdx ca-certificates[378741]: done. Jul 30 12:23:44.086086 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:44.088419 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:44.092150 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:44.107555 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:44.107814 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Network connectivity detected Jul 30 12:23:44.107814 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Dropping privileges Jul 30 12:23:44.110004 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Network connectivity detected Jul 30 12:23:44.110065 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:44.110065 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:44.110065 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Firefox workaround initialized Jul 30 12:23:44.110065 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwow4hfb3] Jul 30 12:23:44.110640 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 30 12:23:44.110640 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 30 12:23:44.110640 osdx dnscrypt-proxy[378798]: [2024-07-30 12:23:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 30 12:23:44.113445 osdx OSDxCLI[210769]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 30 12:23:48.288274 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 12:23:48.288969 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:23:48.289008 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:23:48.297523 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:48.587649 osdx osdx-coredump[380436]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:48.595094 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:48.976955 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:49.071539 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:49.119905 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:49.228493 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:49.304829 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:49.369671 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:49.393555 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:49.409509 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:49.543235 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:49.669310 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 30 12:23:49.752202 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 30 12:23:49.898611 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:49.950468 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:50.038871 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:50.094674 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 30 12:23:50.181557 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:50.258355 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:50.361844 osdx ca-certificates[380576]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:50.835944 osdx ca-certificates[381580]: 1 added, 0 removed; done. Jul 30 12:23:50.838745 osdx ca-certificates[381586]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:50.841488 osdx ca-certificates[381588]: done. Jul 30 12:23:50.941066 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:50.942331 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:50.944804 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:50.961597 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:50.962986 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:50.963138 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Network connectivity detected Jul 30 12:23:50.963196 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Dropping privileges Jul 30 12:23:50.965239 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Network connectivity detected Jul 30 12:23:50.965280 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:50.965280 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:50.965312 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Firefox workaround initialized Jul 30 12:23:50.965312 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpcy8csyfd] Jul 30 12:23:50.965887 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 30 12:23:50.965926 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 30 12:23:50.965953 osdx dnscrypt-proxy[381645]: [2024-07-30 12:23:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16