Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:39:21.422428 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.2M free. Oct 09 09:39:21.425204 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:39:21.425277 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:39:21.441178 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:39:21.924928 osdx osdx-coredump[265451]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:39:21.937084 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:39:22.739992 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:39:22.899658 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:39:23.005948 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:39:23.124042 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:23.253225 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:39:23.398417 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:39:23.436740 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:39:23.469419 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:39:23.647937 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:39:25.345563 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:39:25.477093 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:39:25.603105 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:39:25.714632 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 09:39:25.830772 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 09:39:26.014076 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 09 09:39:26.119751 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 09:39:26.307561 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 09:39:26.395027 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:39:26.522818 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 09:39:26.651772 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:26.832552 osdx ca-certificates[265595]: Updating certificates in /etc/ssl/certs... Oct 09 09:39:27.652136 osdx ca-certificates[266599]: 1 added, 0 removed; done. Oct 09 09:39:27.658213 osdx ca-certificates[266605]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:39:27.664775 osdx ca-certificates[266607]: done. Oct 09 09:39:27.853831 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:39:27.855841 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:39:27.860468 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:39:27.893630 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:39:27.893891 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Network connectivity detected Oct 09 09:39:27.894194 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Dropping privileges Oct 09 09:39:27.898289 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Network connectivity detected Oct 09 09:39:27.898414 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:39:27.898463 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:39:27.898520 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 09:39:27.898590 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Firefox workaround initialized Oct 09 09:39:27.898632 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpg2qjzclx] Oct 09 09:39:27.902582 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:39:28.055321 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:28] [NOTICE] [RD] OK (DoH) - rtt: 119ms Oct 09 09:39:28.055321 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Oct 09 09:39:28.055321 osdx dnscrypt-proxy[266667]: [2024-10-09 09:39:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:39:22.366009 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/74236e08c7024a4484070d6014d45b65) is 2.4M, max 9.7M, 7.3M free. Oct 09 09:39:22.369889 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Oct 09 09:39:22.369963 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/74236e08c7024a4484070d6014d45b65. Oct 09 09:39:22.382065 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:39:23.043243 osdx osdx-coredump[125172]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:39:23.055935 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:39:24.674815 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:39:24.800635 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 09:39:24.925336 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:39:25.057441 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 09:39:25.182244 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:25.345797 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:39:25.562159 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 09 09:39:25.590422 osdx sshd[125264]: Server listening on 0.0.0.0 port 22. Oct 09 09:39:25.590726 osdx sshd[125264]: Server listening on :: port 22. Oct 09 09:39:25.590921 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 09 09:39:25.628590 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:39:25.671713 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:39:25.718521 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:39:25.904343 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 09:39:29.145469 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:39:29.271518 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 09:39:29.375490 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 09:39:29.468951 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 09:39:29.591072 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 09 09:39:29.685419 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 09 09:39:29.805807 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 09 09:39:29.911878 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb'. Oct 09 09:39:30.023037 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:30.160805 osdx ca-certificates[125336]: Updating certificates in /etc/ssl/certs... Oct 09 09:39:30.976441 osdx ca-certificates[126340]: 1 added, 0 removed; done. Oct 09 09:39:30.982300 osdx ca-certificates[126344]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:39:30.989145 osdx ca-certificates[126348]: done. Oct 09 09:39:31.098136 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:39:31.101317 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:39:31.111850 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:39:31.154835 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:39:31.155309 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Network connectivity detected Oct 09 09:39:31.155835 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Dropping privileges Oct 09 09:39:31.159281 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Network connectivity detected Oct 09 09:39:31.159445 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:39:31.159539 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:39:31.159655 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Firefox workaround initialized Oct 09 09:39:31.159741 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpti5nutku] Oct 09 09:39:31.173315 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:39:31.345438 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] [DUT0] OK (DoH) - rtt: 115ms Oct 09 09:39:31.345438 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 115ms) Oct 09 09:39:31.345438 osdx dnscrypt-proxy[126355]: [2024-10-09 09:39:31] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:39:39.468670 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.3M free. Oct 09 09:39:39.471059 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:39:39.471144 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:39:39.485472 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:39:40.042714 osdx osdx-coredump[268311]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:39:40.057238 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:39:40.873945 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:39:40.996236 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:39:41.123646 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:39:41.299795 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:41.427059 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:39:41.583804 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:39:41.638771 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:39:41.682915 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:39:41.905271 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:39:43.812224 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 09 09:39:43.976753 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:39:44.104039 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:39:44.231848 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:39:44.374101 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCTGOLlaYJHf8a0dTgJdAY8URiyhMkDx4ncUp3SCB55uQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 09 09:39:44.527228 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 09:39:44.590434 osdx zebra[1399]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 09:39:44.662064 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 09:39:44.805783 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 09:39:44.945415 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:39:45.062278 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 09:39:45.226271 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:45.386358 osdx ca-certificates[268457]: Updating certificates in /etc/ssl/certs... Oct 09 09:39:46.376255 osdx ca-certificates[269460]: 1 added, 0 removed; done. Oct 09 09:39:46.382754 osdx ca-certificates[269467]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:39:46.390119 osdx ca-certificates[269469]: done. Oct 09 09:39:46.591629 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:39:46.611461 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:39:46.616802 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:39:46.662184 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:39:46.662184 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Network connectivity detected Oct 09 09:39:46.662562 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:39:46.662805 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Dropping privileges Oct 09 09:39:46.666440 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Network connectivity detected Oct 09 09:39:46.666624 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:39:46.666717 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:39:46.666814 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 09:39:46.666916 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Firefox workaround initialized Oct 09 09:39:46.666993 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_uc3x9vg] Oct 09 09:39:46.880297 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal show | cat'. Oct 09 09:39:46.883423 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] [RD] OK (DoH) - rtt: 167ms Oct 09 09:39:46.883423 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 167ms) Oct 09 09:39:46.883576 osdx dnscrypt-proxy[269529]: [2024-10-09 09:39:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:39:40.479487 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/74236e08c7024a4484070d6014d45b65) is 2.4M, max 9.7M, 7.3M free. Oct 09 09:39:40.482943 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Oct 09 09:39:40.483021 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/74236e08c7024a4484070d6014d45b65. Oct 09 09:39:40.500939 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:39:41.227444 osdx osdx-coredump[127966]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:39:41.242203 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:39:43.036771 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:39:43.211126 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 09:39:43.337872 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:39:43.496832 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 09:39:43.694321 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:43.854941 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:39:44.111281 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 09 09:39:44.145328 osdx sshd[128058]: Server listening on 0.0.0.0 port 22. Oct 09 09:39:44.145750 osdx sshd[128058]: Server listening on :: port 22. Oct 09 09:39:44.145962 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 09 09:39:44.188004 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:39:44.243103 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:39:44.293339 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:39:44.493050 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 09:39:48.402511 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb'. Oct 09 09:39:48.627241 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:39:48.758159 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 09:39:48.875220 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 09:39:49.008660 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 09:39:49.189447 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 09 09:39:49.336829 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:39:49.477164 osdx ca-certificates[128130]: Updating certificates in /etc/ssl/certs... Oct 09 09:39:50.470098 osdx ca-certificates[129134]: 1 added, 0 removed; done. Oct 09 09:39:50.479931 osdx ca-certificates[129138]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:39:50.487806 osdx ca-certificates[129142]: done. Oct 09 09:39:50.615505 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:39:50.619397 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:39:50.633073 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:39:50.672861 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:39:50.678492 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:39:50.679057 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Network connectivity detected Oct 09 09:39:50.679925 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Dropping privileges Oct 09 09:39:50.683829 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Network connectivity detected Oct 09 09:39:50.684029 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:39:50.684140 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:39:50.684262 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Firefox workaround initialized Oct 09 09:39:50.684358 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjqitb69a] Oct 09 09:39:50.885133 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] [DUT0] OK (DoH) - rtt: 128ms Oct 09 09:39:50.885133 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 128ms) Oct 09 09:39:50.885133 osdx dnscrypt-proxy[129149]: [2024-10-09 09:39:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 09 09:39:59.456160 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.2M free. Oct 09 09:39:59.458819 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:39:59.458904 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:39:59.473233 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:39:59.666209 osdx zebra[1399]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 09:40:00.167766 osdx osdx-coredump[271176]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:40:00.181236 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:40:01.050055 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:01.241729 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:40:01.409852 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:40:01.612881 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:01.790832 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:40:01.983505 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:02.041978 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:02.083226 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:40:02.334082 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:40:04.423383 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 09:40:04.627726 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:04.762916 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:40:04.905355 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:40:05.026294 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 09 09:40:05.162405 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 09 09:40:05.306631 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 09 09:40:05.481856 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f'. Oct 09 09:40:05.574168 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:40:05.691708 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 09:40:05.820948 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 09:40:05.918719 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 09:40:06.102563 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:06.324705 osdx ca-certificates[271329]: Updating certificates in /etc/ssl/certs... Oct 09 09:40:07.274346 osdx ca-certificates[272332]: 1 added, 0 removed; done. Oct 09 09:40:07.280608 osdx ca-certificates[272339]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:40:07.285477 osdx ca-certificates[272341]: done. Oct 09 09:40:07.467442 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:40:07.470551 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:07.474276 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:07.515631 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:40:07.516132 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Network connectivity detected Oct 09 09:40:07.516631 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Dropping privileges Oct 09 09:40:07.524317 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:40:07.525870 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Network connectivity detected Oct 09 09:40:07.525958 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:40:07.525958 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:40:07.525958 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 09:40:07.525958 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Firefox workaround initialized Oct 09 09:40:07.526088 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0vkyacst] Oct 09 09:40:07.527059 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 09:40:07.527116 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 09:40:07.527116 osdx dnscrypt-proxy[272401]: [2024-10-09 09:40:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:40:00.492347 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/74236e08c7024a4484070d6014d45b65) is 2.4M, max 9.7M, 7.3M free. Oct 09 09:40:00.494508 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Oct 09 09:40:00.494583 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/74236e08c7024a4484070d6014d45b65. Oct 09 09:40:00.514045 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:40:01.343985 osdx osdx-coredump[130760]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:40:01.354234 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:40:03.520836 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:40:03.743221 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 09:40:03.851523 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:40:03.998405 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 09:40:04.135973 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:04.313860 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:40:04.638493 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 09 09:40:04.679548 osdx sshd[130857]: Server listening on 0.0.0.0 port 22. Oct 09 09:40:04.679889 osdx sshd[130857]: Server listening on :: port 22. Oct 09 09:40:04.680059 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 09 09:40:04.720841 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:40:04.774555 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:40:04.829237 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:40:05.089197 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 09:40:08.856089 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:40:08.988194 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 09:40:09.101746 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 09:40:09.228733 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 09:40:09.376240 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 09 09:40:09.490271 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 09 09:40:09.615651 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 09 09:40:09.714758 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb'. Oct 09 09:40:09.871680 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:10.009724 osdx ca-certificates[130929]: Updating certificates in /etc/ssl/certs... Oct 09 09:40:10.854876 osdx ca-certificates[131933]: 1 added, 0 removed; done. Oct 09 09:40:10.860658 osdx ca-certificates[131937]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:40:10.866137 osdx ca-certificates[131941]: done. Oct 09 09:40:10.978302 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:40:10.981288 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:40:10.989206 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:40:11.017634 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:40:11.018045 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Network connectivity detected Oct 09 09:40:11.018605 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Dropping privileges Oct 09 09:40:11.021345 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Network connectivity detected Oct 09 09:40:11.021864 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:40:11.021864 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:40:11.021864 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Firefox workaround initialized Oct 09 09:40:11.021864 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpt0bgc15y] Oct 09 09:40:11.044513 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:40:11.202533 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms Oct 09 09:40:11.202738 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) Oct 09 09:40:11.202839 osdx dnscrypt-proxy[131948]: [2024-10-09 09:40:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 09 09:40:20.455856 osdx systemd-journald[1768]: Runtime Journal (/run/log/journal/da0729972954483f829d339572dde7c1) is 2.0M, max 15.3M, 13.2M free. Oct 09 09:40:20.456533 osdx systemd-journald[1768]: Received client request to rotate journal, rotating. Oct 09 09:40:20.456581 osdx systemd-journald[1768]: Vacuuming done, freed 0B of archived journals from /run/log/journal/da0729972954483f829d339572dde7c1. Oct 09 09:40:20.473848 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:40:21.017217 osdx osdx-coredump[274042]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:40:21.028031 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:40:21.804111 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:21.949064 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 09:40:22.055790 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:40:22.214811 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:22.435972 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:40:22.648332 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:22.708317 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:22.753387 osdx OSDxCLI[101017]: User 'admin' left the configuration menu. Oct 09 09:40:23.002406 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 09:40:24.932145 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 09 09:40:25.191867 osdx OSDxCLI[101017]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8f:55:bf:24:0a:dd:ec:43:e6:03:c6:11:d8:7f:8e:48:84:2f:29:c7:d8:62:12:d4:5f:84:06:e4:56:ab:df:3f ip 10.215.168.1 port 8443'. Oct 09 09:40:25.406272 osdx OSDxCLI[101017]: User 'admin' entered the configuration menu. Oct 09 09:40:25.573044 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 09:40:25.741750 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 09:40:25.897056 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII9VvyQK3exD5gPGEdh_jkiELynH2GIS1F-EBuRWq98_GjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 09 09:40:26.003144 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 09 09:40:26.134159 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 09 09:40:26.290847 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 09 09:40:26.452613 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 09 09:40:26.605681 osdx OSDxCLI[101017]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:26.775843 osdx ca-certificates[274189]: Updating certificates in /etc/ssl/certs... Oct 09 09:40:27.680866 osdx ca-certificates[275192]: 1 added, 0 removed; done. Oct 09 09:40:27.686322 osdx ca-certificates[275196]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:40:27.690905 osdx ca-certificates[275201]: done. Oct 09 09:40:27.872575 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:40:27.878840 osdx cfgd[1434]: [101017]Completed change to active configuration Oct 09 09:40:27.889307 osdx OSDxCLI[101017]: User 'admin' committed the configuration. Oct 09 09:40:27.944844 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:40:27.945317 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Network connectivity detected Oct 09 09:40:27.945836 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Dropping privileges Oct 09 09:40:27.953559 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Network connectivity detected Oct 09 09:40:27.953759 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:40:27.953847 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:40:27.953942 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 09 09:40:27.954048 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Firefox workaround initialized Oct 09 09:40:27.954129 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqp6o2pub] Oct 09 09:40:27.955959 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 09 09:40:27.956100 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 09 09:40:27.956178 osdx dnscrypt-proxy[275261]: [2024-10-09 09:40:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 09 09:40:28.005500 osdx OSDxCLI[101017]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 09 09:40:20.416793 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/74236e08c7024a4484070d6014d45b65) is 2.4M, max 9.7M, 7.3M free. Oct 09 09:40:20.417593 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Oct 09 09:40:20.417658 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/74236e08c7024a4484070d6014d45b65. Oct 09 09:40:20.438649 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system journal clear'. Oct 09 09:40:21.131551 osdx osdx-coredump[133561]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 09:40:21.145756 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 09:40:23.091983 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:40:23.227465 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 09 09:40:23.362714 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 09:40:23.476723 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service ssh'. Oct 09 09:40:23.653730 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:23.833128 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 09:40:24.158270 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 09 09:40:24.212118 osdx sshd[133653]: Server listening on 0.0.0.0 port 22. Oct 09 09:40:24.212602 osdx sshd[133653]: Server listening on :: port 22. Oct 09 09:40:24.212837 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 09 09:40:24.255591 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:40:24.307115 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:40:24.351586 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:40:24.577543 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 09 09:40:28.358477 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash b59c913a1a592c28188306c1518bb8648c15811c0c428c69d59a613ffeef2abb'. Oct 09 09:40:28.554665 osdx OSDxCLI[9385]: User 'admin' entered the configuration menu. Oct 09 09:40:28.682206 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 09 09:40:28.774527 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 09 09:40:28.901136 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 09 09:40:29.038538 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgtZyROhpZLCgYgwbBUYu4ZIwVgRwMQoxp1ZphP_7vKrsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 09 09:40:29.194710 osdx OSDxCLI[9385]: User 'admin' added a new cfg line: 'show working'. Oct 09 09:40:29.396416 osdx ca-certificates[133725]: Updating certificates in /etc/ssl/certs... Oct 09 09:40:30.336214 osdx ca-certificates[134729]: 1 added, 0 removed; done. Oct 09 09:40:30.342895 osdx ca-certificates[134733]: Running hooks in /etc/ca-certificates/update.d... Oct 09 09:40:30.348679 osdx ca-certificates[134737]: done. Oct 09 09:40:30.469546 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 09 09:40:30.473321 osdx cfgd[1223]: [9385]Completed change to active configuration Oct 09 09:40:30.484193 osdx OSDxCLI[9385]: User 'admin' committed the configuration. Oct 09 09:40:30.512868 osdx OSDxCLI[9385]: User 'admin' left the configuration menu. Oct 09 09:40:30.530897 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] dnscrypt-proxy 2.0.45 Oct 09 09:40:30.531447 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Network connectivity detected Oct 09 09:40:30.532003 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Dropping privileges Oct 09 09:40:30.535910 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Network connectivity detected Oct 09 09:40:30.536118 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 09 09:40:30.536227 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 09 09:40:30.536352 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Firefox workaround initialized Oct 09 09:40:30.536458 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppkayvl7n] Oct 09 09:40:30.733875 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] [DUT0] OK (DoH) - rtt: 113ms Oct 09 09:40:30.733875 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 113ms) Oct 09 09:40:30.733875 osdx dnscrypt-proxy[134744]: [2024-10-09 09:40:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 09 09:40:30.758478 osdx OSDxCLI[9385]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13