Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:40:50.416287 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.2M free. Oct 09 09:40:50.416941 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:40:50.417007 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:40:50.430537 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:40:50.966980 osdx osdx-coredump[277142]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:40:50.978961 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:40:51.717955 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:51.833535 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:40:51.962979 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:40:52.078863 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:52.224966 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:40:52.393269 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:52.441118 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:52.481016 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:40:52.669776 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:40:52.866390 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:52.964577 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:40:53.095794 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:40:53.215230 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 09:40:53.305268 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 09:40:53.431296 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 09 09:40:53.518723 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:40:53.652320 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:53.786944 osdx ca-certificates[277282]: Updating certificates in /etc/ssl/certs... Oct 09 09:40:54.623357 osdx ca-certificates[278287]: 1 added, 0 removed; done. Oct 09 09:40:54.627748 osdx ca-certificates[278293]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:40:54.631993 osdx ca-certificates[278295]: done. Oct 09 09:40:54.761415 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:40:54.762885 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:54.766692 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:54.802487 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:40:54.802857 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Network connectivity detected Oct 09 09:40:54.802857 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Dropping privileges Oct 09 09:40:54.805829 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Network connectivity detected Oct 09 09:40:54.805924 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:40:54.805924 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:40:54.805924 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Firefox workaround initialized Oct 09 09:40:54.805924 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpmecj5ave] Oct 09 09:40:54.809451 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:40:54.965145 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] [RD] OK (DoH) - rtt: 116ms Oct 09 09:40:54.965145 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] Server with the lowest initial latency: RD (rtt: 116ms) Oct 09 09:40:54.965145 osdx dnscrypt-proxy[278352]: [2024-10-09 09:40:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:41:02.570204 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.3M free. Oct 09 09:41:02.577465 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:41:02.577561 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:41:02.595613 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:41:03.126395 osdx osdx-coredump[280001]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:41:03.138394 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:41:03.928993 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:04.078621 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:41:04.214346 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:41:04.364632 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:04.517387 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:41:04.718581 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:04.763190 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:04.812966 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:41:05.007673 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:41:05.214540 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 09 09:41:05.408081 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:05.541853 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:41:05.675173 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:41:05.814030 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 09 09:41:05.939064 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:41:06.078458 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:06.222113 osdx ca-certificates[280143]: Updating certificates in /etc/ssl/certs... Oct 09 09:41:07.086026 osdx ca-certificates[281146]: 1 added, 0 removed; done. Oct 09 09:41:07.090477 osdx ca-certificates[281153]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:41:07.094757 osdx ca-certificates[281155]: done. Oct 09 09:41:07.225884 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:41:07.227924 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:07.237036 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:07.262897 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:41:07.271335 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:41:07.271650 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Network connectivity detected Oct 09 09:41:07.271755 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Dropping privileges Oct 09 09:41:07.275660 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Network connectivity detected Oct 09 09:41:07.275750 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:41:07.275750 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:41:07.275750 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Firefox workaround initialized Oct 09 09:41:07.275855 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprsoi6unw] Oct 09 09:41:07.462150 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] [RD] OK (DoH) - rtt: 143ms Oct 09 09:41:07.462150 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 143ms) Oct 09 09:41:07.462150 osdx dnscrypt-proxy[281212]: [2024-10-09 09:41:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 09 09:41:15.484683 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.3M free. Oct 09 09:41:15.487886 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:41:15.487989 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:41:15.504273 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:41:16.049633 osdx osdx-coredump[282855]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:41:16.062776 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:41:16.802625 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:16.948841 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:41:17.031972 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:41:17.184101 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:17.315934 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:41:17.470813 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:17.506393 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:17.536708 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:41:17.744681 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:41:17.917632 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 09:41:18.125410 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:18.238969 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:41:18.343000 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:41:18.472982 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 09 09:41:18.575341 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 09 09:41:18.698462 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 09 09:41:18.812158 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f'. Oct 09 09:41:18.902329 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:41:19.040798 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:19.194883 osdx ca-certificates[282999]: Updating certificates in /etc/ssl/certs... Oct 09 09:41:20.081119 osdx ca-certificates[284003]: 1 added, 0 removed; done. Oct 09 09:41:20.086906 osdx ca-certificates[284009]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:41:20.092857 osdx ca-certificates[284011]: done. Oct 09 09:41:20.224282 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:41:20.226005 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:20.231548 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:20.266128 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:41:20.266451 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Network connectivity detected Oct 09 09:41:20.266534 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Dropping privileges Oct 09 09:41:20.269509 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Network connectivity detected Oct 09 09:41:20.269509 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:41:20.269630 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:41:20.269630 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Firefox workaround initialized Oct 09 09:41:20.269630 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6im70855] Oct 09 09:41:20.270485 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 09:41:20.270485 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 09:41:20.270581 osdx dnscrypt-proxy[284068]: [2024-10-09 09:41:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 09 09:41:20.288642 osdx OSDxCLI[101017]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 09 09:41:27.407593 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.3M free. Oct 09 09:41:27.408558 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:41:27.408621 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:41:27.427186 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:41:27.960680 osdx osdx-coredump[285710]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:41:27.970855 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:41:28.687133 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:28.862013 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:41:28.946446 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:41:29.068924 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:29.188313 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:41:29.349855 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:29.385912 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:29.421028 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:41:29.617325 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:41:29.758838 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 09:41:29.913886 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443'. Oct 09 09:41:30.098490 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:41:30.198343 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:41:30.255833 osdx zebra[1399]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 09:41:30.293734 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:41:30.401015 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 09 09:41:30.524482 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:41:30.643750 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:41:30.767033 osdx ca-certificates[285853]: Updating certificates in /etc/ssl/certs... Oct 09 09:41:31.585371 osdx ca-certificates[286857]: 1 added, 0 removed; done. Oct 09 09:41:31.591830 osdx ca-certificates[286864]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:41:31.597932 osdx ca-certificates[286866]: done. Oct 09 09:41:31.732770 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:41:31.734966 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:41:31.739345 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:41:31.778038 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:41:31.778560 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Network connectivity detected Oct 09 09:41:31.779076 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Dropping privileges Oct 09 09:41:31.782994 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Network connectivity detected Oct 09 09:41:31.783082 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:41:31.783082 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:41:31.783082 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Firefox workaround initialized Oct 09 09:41:31.783082 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxkjzukqv] Oct 09 09:41:31.783765 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:41:31.784187 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 09:41:31.784187 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 09:41:31.784283 osdx dnscrypt-proxy[286923]: [2024-10-09 09:41:31] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16