Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:22:37.277823 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.1M, max 15.3M, 13.2M free. Jul 30 12:22:37.278308 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:22:37.278338 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:22:37.287121 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:37.565098 osdx osdx-coredump[360235]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:37.572335 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:22:37.997321 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:22:38.064188 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:22:38.153707 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:22:38.219413 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:38.330027 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:22:38.391033 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:22:38.415737 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:22:38.432290 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:22:38.574141 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:22:39.487202 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:22:39.543079 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:22:39.638085 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:22:39.708820 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 30 12:22:39.788842 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 30 12:22:39.846956 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 30 12:22:39.938121 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 30 12:22:39.986610 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 30 12:22:40.103751 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:22:40.157840 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 30 12:22:40.275097 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:40.360366 osdx ca-certificates[360375]: Updating certificates in /etc/ssl/certs... Jul 30 12:22:40.851609 osdx ca-certificates[361379]: 1 added, 0 removed; done. Jul 30 12:22:40.854474 osdx ca-certificates[361385]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:22:40.858058 osdx ca-certificates[361387]: done. Jul 30 12:22:40.978337 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:22:40.979714 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:22:40.982764 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:22:41.000122 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:22:41.000691 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:22:41.000838 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Network connectivity detected Jul 30 12:22:41.001044 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Dropping privileges Jul 30 12:22:41.003941 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Network connectivity detected Jul 30 12:22:41.003941 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:22:41.003941 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:22:41.003941 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 30 12:22:41.004023 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Firefox workaround initialized Jul 30 12:22:41.004023 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1g11w3sc] Jul 30 12:22:41.130029 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:22:41.230598 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] [RD] OK (DoH) - rtt: 202ms Jul 30 12:22:41.230598 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 202ms) Jul 30 12:22:41.230598 osdx dnscrypt-proxy[361447]: [2024-07-30 12:22:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:22:38.246838 osdx systemd-journald[1361]: Runtime Journal (/run/log/journal/022a18c941d64f479a590b363c3a1b1d) is 2.4M, max 9.7M, 7.3M free. Jul 30 12:22:38.250266 osdx systemd-journald[1361]: Received client request to rotate journal, rotating. Jul 30 12:22:38.250306 osdx systemd-journald[1361]: Vacuuming done, freed 0B of archived journals from /run/log/journal/022a18c941d64f479a590b363c3a1b1d. Jul 30 12:22:38.255885 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:38.633067 osdx osdx-coredump[164776]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:38.642116 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:22:39.601314 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:22:39.666633 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 30 12:22:39.738490 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:22:39.790236 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service ssh'. Jul 30 12:22:39.900351 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:39.988277 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:22:40.096687 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 30 12:22:40.113567 osdx sshd[164864]: Server listening on 0.0.0.0 port 22. Jul 30 12:22:40.113770 osdx sshd[164864]: Server listening on :: port 22. Jul 30 12:22:40.113854 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 30 12:22:40.135850 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:22:40.159945 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:22:40.174435 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:22:40.303202 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 30 12:22:42.342088 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:22:42.395902 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 30 12:22:42.485884 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 30 12:22:42.534010 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 30 12:22:42.635917 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 30 12:22:42.689253 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 30 12:22:42.774351 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 30 12:22:42.831543 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086'. Jul 30 12:22:42.940682 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:43.020718 osdx ca-certificates[164936]: Updating certificates in /etc/ssl/certs... Jul 30 12:22:43.475643 osdx ca-certificates[165940]: 1 added, 0 removed; done. Jul 30 12:22:43.479472 osdx ca-certificates[165943]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:22:43.482915 osdx ca-certificates[165947]: done. Jul 30 12:22:43.544577 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:22:43.547271 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:22:43.554057 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:22:43.574458 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:22:43.574955 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:22:43.575167 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Network connectivity detected Jul 30 12:22:43.575398 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Dropping privileges Jul 30 12:22:43.577261 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Network connectivity detected Jul 30 12:22:43.577351 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:22:43.577384 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:22:43.577436 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Firefox workaround initialized Jul 30 12:22:43.577465 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpchcby_y8] Jul 30 12:22:43.731346 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:22:43.849768 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] [DUT0] OK (DoH) - rtt: 184ms Jul 30 12:22:43.849768 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 184ms) Jul 30 12:22:43.849768 osdx dnscrypt-proxy[165955]: [2024-07-30 12:22:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:22:48.278212 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.7M, max 15.3M, 12.5M free. Jul 30 12:22:48.281776 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:22:48.281832 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:22:48.288064 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:48.581286 osdx osdx-coredump[363090]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:48.588354 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:22:48.986648 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:22:49.049303 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:22:49.135310 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:22:49.195778 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:49.301749 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:22:49.364353 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:22:49.387540 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:22:49.402437 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:22:49.537777 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:22:50.446241 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 30 12:22:50.578562 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:22:50.629265 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:22:50.732339 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:22:50.792769 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBlQ2DuUYKb9KjOqcQeOHtknYqGhByiDsgE9texfupIVApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Jul 30 12:22:50.879859 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 30 12:22:50.929001 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 30 12:22:51.022541 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 30 12:22:51.069253 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:22:51.163718 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 30 12:22:51.229855 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:51.331421 osdx ca-certificates[363232]: Updating certificates in /etc/ssl/certs... Jul 30 12:22:51.776145 osdx ca-certificates[364236]: 1 added, 0 removed; done. Jul 30 12:22:51.778925 osdx ca-certificates[364242]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:22:51.781698 osdx ca-certificates[364244]: done. Jul 30 12:22:51.894484 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:22:51.897792 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:22:51.904620 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:22:51.928306 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:22:51.928510 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Network connectivity detected Jul 30 12:22:51.928627 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Dropping privileges Jul 30 12:22:51.930721 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Network connectivity detected Jul 30 12:22:51.930765 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:22:51.930765 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:22:51.930765 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 30 12:22:51.930804 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Firefox workaround initialized Jul 30 12:22:51.930804 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7ssn0qoa] Jul 30 12:22:51.933937 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:22:52.071372 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:52] [NOTICE] [RD] OK (DoH) - rtt: 119ms Jul 30 12:22:52.071372 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Jul 30 12:22:52.071372 osdx dnscrypt-proxy[364304]: [2024-07-30 12:22:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 30 12:22:52.077803 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:22:48.249922 osdx systemd-journald[1361]: Runtime Journal (/run/log/journal/022a18c941d64f479a590b363c3a1b1d) is 2.4M, max 9.7M, 7.3M free. Jul 30 12:22:48.252718 osdx systemd-journald[1361]: Received client request to rotate journal, rotating. Jul 30 12:22:48.252764 osdx systemd-journald[1361]: Vacuuming done, freed 0B of archived journals from /run/log/journal/022a18c941d64f479a590b363c3a1b1d. Jul 30 12:22:48.259396 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:48.646962 osdx osdx-coredump[167568]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:48.653788 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:22:49.550996 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:22:49.617761 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 30 12:22:49.697575 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:22:49.746118 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service ssh'. Jul 30 12:22:49.854973 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:49.940728 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:22:50.053113 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 30 12:22:50.068614 osdx sshd[167656]: Server listening on 0.0.0.0 port 22. Jul 30 12:22:50.068898 osdx sshd[167656]: Server listening on :: port 22. Jul 30 12:22:50.068995 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 30 12:22:50.089906 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:22:50.113003 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:22:50.127623 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:22:50.260044 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 30 12:22:52.282606 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086'. Jul 30 12:22:52.415228 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:22:52.466895 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 30 12:22:52.559336 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 30 12:22:52.608445 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 30 12:22:52.704770 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 30 12:22:52.771756 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:22:52.874218 osdx ca-certificates[167728]: Updating certificates in /etc/ssl/certs... Jul 30 12:22:53.296377 osdx ca-certificates[168732]: 1 added, 0 removed; done. Jul 30 12:22:53.299760 osdx ca-certificates[168735]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:22:53.302947 osdx ca-certificates[168739]: done. Jul 30 12:22:53.361010 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:22:53.363484 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:22:53.370369 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:22:53.384525 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:22:53.388119 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:22:53.388338 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Network connectivity detected Jul 30 12:22:53.388556 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Dropping privileges Jul 30 12:22:53.390227 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Network connectivity detected Jul 30 12:22:53.390303 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:22:53.390333 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:22:53.390377 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Firefox workaround initialized Jul 30 12:22:53.390402 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxv56l962] Jul 30 12:22:53.543940 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:22:53.559021 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] [DUT0] OK (DoH) - rtt: 123ms Jul 30 12:22:53.559021 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 123ms) Jul 30 12:22:53.559021 osdx dnscrypt-proxy[168747]: [2024-07-30 12:22:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 30 12:22:59.292012 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 12:22:59.293885 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:22:59.293944 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:22:59.302824 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:59.603560 osdx osdx-coredump[365948]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:59.611013 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:00.013479 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:00.076264 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:00.165028 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:00.227793 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:00.333895 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:00.396486 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:00.420607 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:00.435265 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:00.565814 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:01.431691 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 30 12:23:01.565686 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:01.616266 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:01.707637 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:01.760208 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 30 12:23:01.853475 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 30 12:23:01.903605 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 30 12:23:01.998321 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16'. Jul 30 12:23:02.044023 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:02.135126 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 30 12:23:02.182865 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 30 12:23:02.275242 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 30 12:23:02.343569 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:02.441698 osdx ca-certificates[366096]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:02.924767 osdx ca-certificates[367100]: 1 added, 0 removed; done. Jul 30 12:23:02.927379 osdx ca-certificates[367106]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:02.930253 osdx ca-certificates[367108]: done. Jul 30 12:23:03.030338 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:03.031900 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:03.035409 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:03.052831 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:03.061592 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:03.061814 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Network connectivity detected Jul 30 12:23:03.062080 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Dropping privileges Jul 30 12:23:03.064077 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Network connectivity detected Jul 30 12:23:03.064114 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:03.064114 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:03.064114 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 30 12:23:03.064153 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Firefox workaround initialized Jul 30 12:23:03.064153 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf0_2zmw5] Jul 30 12:23:03.064739 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 30 12:23:03.064783 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 30 12:23:03.064783 osdx dnscrypt-proxy[367168]: [2024-07-30 12:23:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:22:59.264045 osdx systemd-journald[1361]: Runtime Journal (/run/log/journal/022a18c941d64f479a590b363c3a1b1d) is 2.4M, max 9.7M, 7.3M free. Jul 30 12:22:59.267320 osdx systemd-journald[1361]: Received client request to rotate journal, rotating. Jul 30 12:22:59.267371 osdx systemd-journald[1361]: Vacuuming done, freed 0B of archived journals from /run/log/journal/022a18c941d64f479a590b363c3a1b1d. Jul 30 12:22:59.274173 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:22:59.666355 osdx osdx-coredump[170360]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:22:59.673900 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:00.581051 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:23:00.642694 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 30 12:23:00.725043 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:00.770785 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service ssh'. Jul 30 12:23:00.876545 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:00.963327 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:01.071549 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 30 12:23:01.086954 osdx sshd[170448]: Server listening on 0.0.0.0 port 22. Jul 30 12:23:01.087140 osdx sshd[170448]: Server listening on :: port 22. Jul 30 12:23:01.087227 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 30 12:23:01.107188 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:23:01.129468 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:23:01.143441 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:23:01.271274 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 30 12:23:03.207956 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:23:03.261951 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 30 12:23:03.346683 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 30 12:23:03.400630 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 30 12:23:03.504364 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jul 30 12:23:03.553964 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jul 30 12:23:03.644592 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jul 30 12:23:03.697021 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086'. Jul 30 12:23:03.810758 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:03.892310 osdx ca-certificates[170525]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:04.377352 osdx ca-certificates[171529]: 1 added, 0 removed; done. Jul 30 12:23:04.381478 osdx ca-certificates[171532]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:04.385284 osdx ca-certificates[171536]: done. Jul 30 12:23:04.443525 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:04.446152 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:23:04.453022 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:23:04.470340 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:04.472095 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Network connectivity detected Jul 30 12:23:04.472432 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:23:04.472942 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Dropping privileges Jul 30 12:23:04.474840 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Network connectivity detected Jul 30 12:23:04.474920 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:04.474952 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:04.475016 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Firefox workaround initialized Jul 30 12:23:04.475045 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdg76bb1t] Jul 30 12:23:04.613513 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:23:04.726812 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Jul 30 12:23:04.726812 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Jul 30 12:23:04.726812 osdx dnscrypt-proxy[171544]: [2024-07-30 12:23:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 30 12:23:10.273968 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 12:23:10.276095 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 12:23:10.276146 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 12:23:10.284025 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:10.597219 osdx osdx-coredump[368806]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:10.605125 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:10.998730 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:11.092364 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 30 12:23:11.142048 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:11.249803 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:11.328103 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:11.393114 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:11.417010 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:11.433665 osdx OSDxCLI[210769]: User 'admin' left the configuration menu. Jul 30 12:23:11.569737 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 12:23:12.454841 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 30 12:23:12.532813 osdx OSDxCLI[210769]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 63:4b:3e:53:30:96:2f:1e:1f:c1:c3:33:b2:32:2f:f9:b4:a9:a2:ae:50:ef:03:8f:5e:78:c3:99:0d:ec:09:16 ip 10.215.168.1 port 8443'. Jul 30 12:23:12.687175 osdx OSDxCLI[210769]: User 'admin' entered the configuration menu. Jul 30 12:23:12.747806 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 30 12:23:12.832316 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 30 12:23:12.894297 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIGNLPlMwli8eH8HDM7IyL_m0qaKuUO8Dj154w5kN7AkWGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Jul 30 12:23:12.981012 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 30 12:23:13.041868 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Jul 30 12:23:13.135889 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Jul 30 12:23:13.193270 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jul 30 12:23:13.304719 osdx OSDxCLI[210769]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:13.383766 osdx ca-certificates[368949]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:13.853914 osdx ca-certificates[369953]: 1 added, 0 removed; done. Jul 30 12:23:13.857251 osdx ca-certificates[369959]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:13.860334 osdx ca-certificates[369961]: done. Jul 30 12:23:13.960424 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:13.962171 osdx cfgd[1242]: [210769]Completed change to active configuration Jul 30 12:23:13.964526 osdx OSDxCLI[210769]: User 'admin' committed the configuration. Jul 30 12:23:13.979790 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:13.980109 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Network connectivity detected Jul 30 12:23:13.980457 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Dropping privileges Jul 30 12:23:13.982833 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Network connectivity detected Jul 30 12:23:13.982923 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:13.982962 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:13.983005 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jul 30 12:23:13.983060 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Firefox workaround initialized Jul 30 12:23:13.983096 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdi82tj7m] Jul 30 12:23:13.983840 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 30 12:23:13.983840 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 30 12:23:13.983840 osdx dnscrypt-proxy[370021]: [2024-07-30 12:23:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 30 12:23:13.994961 osdx OSDxCLI[210769]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 30 12:23:10.251878 osdx systemd-journald[1361]: Runtime Journal (/run/log/journal/022a18c941d64f479a590b363c3a1b1d) is 2.4M, max 9.7M, 7.3M free. Jul 30 12:23:10.255526 osdx systemd-journald[1361]: Received client request to rotate journal, rotating. Jul 30 12:23:10.255569 osdx systemd-journald[1361]: Vacuuming done, freed 0B of archived journals from /run/log/journal/022a18c941d64f479a590b363c3a1b1d. Jul 30 12:23:10.261913 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal clear'. Jul 30 12:23:10.666982 osdx osdx-coredump[173158]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 12:23:10.674742 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 12:23:11.594971 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:23:11.659829 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jul 30 12:23:11.738463 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 30 12:23:11.786563 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service ssh'. Jul 30 12:23:11.892455 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:11.977828 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 12:23:12.085982 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 30 12:23:12.102030 osdx sshd[173246]: Server listening on 0.0.0.0 port 22. Jul 30 12:23:12.102200 osdx sshd[173246]: Server listening on :: port 22. Jul 30 12:23:12.102280 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 30 12:23:12.122308 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:23:12.146208 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:23:12.159796 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:23:12.294447 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jul 30 12:23:14.147600 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe9dddb79ec5f24bce76639e766350063460fae4b3ab3490268510b421252086'. Jul 30 12:23:14.275757 osdx OSDxCLI[96653]: User 'admin' entered the configuration menu. Jul 30 12:23:14.325513 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jul 30 12:23:14.416600 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jul 30 12:23:14.467555 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jul 30 12:23:14.568043 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_p3dt57F8kvOdmOedmNQBjRg-uSzqzSQJoUQtCElIIYNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Jul 30 12:23:14.635501 osdx OSDxCLI[96653]: User 'admin' added a new cfg line: 'show working'. Jul 30 12:23:14.736229 osdx ca-certificates[173318]: Updating certificates in /etc/ssl/certs... Jul 30 12:23:15.197594 osdx ca-certificates[174322]: 1 added, 0 removed; done. Jul 30 12:23:15.201068 osdx ca-certificates[174325]: Running hooks in /etc/ca-certificates/update.d... Jul 30 12:23:15.204254 osdx ca-certificates[174329]: done. Jul 30 12:23:15.262151 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 30 12:23:15.265123 osdx cfgd[1029]: [96653]Completed change to active configuration Jul 30 12:23:15.275671 osdx OSDxCLI[96653]: User 'admin' committed the configuration. Jul 30 12:23:15.290675 osdx OSDxCLI[96653]: User 'admin' left the configuration menu. Jul 30 12:23:15.292146 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] dnscrypt-proxy 2.0.45 Jul 30 12:23:15.292384 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Network connectivity detected Jul 30 12:23:15.292613 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Dropping privileges Jul 30 12:23:15.294585 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Network connectivity detected Jul 30 12:23:15.294674 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 30 12:23:15.294706 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 30 12:23:15.294754 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Firefox workaround initialized Jul 30 12:23:15.294781 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpj7gr88oa] Jul 30 12:23:15.433449 osdx OSDxCLI[96653]: User 'admin' executed a new command: 'system journal show | cat'. Jul 30 12:23:15.527936 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] [DUT0] OK (DoH) - rtt: 157ms Jul 30 12:23:15.527936 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 157ms) Jul 30 12:23:15.527936 osdx dnscrypt-proxy[174337]: [2024-07-30 12:23:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13