Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:20:21.301654 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.2M free. Dec 04 15:20:21.304223 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:20:21.304287 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:20:21.312541 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:21.673767 osdx osdx-coredump[118826]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:21.681484 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:22.224279 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:22.299511 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:20:22.380180 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:22.447479 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:22.572231 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:22.692595 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:22.727305 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:22.743588 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:22.889034 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:20:23.010945 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:23.072686 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:20:23.168203 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:20:23.229594 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 04 15:20:23.324654 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 04 15:20:23.601346 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 04 15:20:23.674081 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:20:23.763657 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:23.870483 osdx ca-certificates[118966]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:24.424799 osdx ca-certificates[119971]: 1 added, 0 removed; done. Dec 04 15:20:24.428400 osdx ca-certificates[119977]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:24.431433 osdx ca-certificates[119979]: done. Dec 04 15:20:24.536648 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:24.537936 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:24.541307 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:24.557219 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:24.566213 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:24.566440 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Network connectivity detected Dec 04 15:20:24.566440 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Dropping privileges Dec 04 15:20:24.568618 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Network connectivity detected Dec 04 15:20:24.568618 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:24.568618 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:24.568618 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Firefox workaround initialized Dec 04 15:20:24.568618 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbjin1w8z] Dec 04 15:20:24.707437 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal show | cat'. Dec 04 15:20:24.713419 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] [RD] OK (DoH) - rtt: 122ms Dec 04 15:20:24.713419 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) Dec 04 15:20:24.713486 osdx dnscrypt-proxy[120036]: [2024-12-04 15:20:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:20:30.304017 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.3M free. Dec 04 15:20:30.307908 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:20:30.307968 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:20:30.314716 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:30.647218 osdx osdx-coredump[121684]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:30.654913 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:31.126528 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:31.212167 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:20:31.302423 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:31.390254 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:31.519917 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:31.614308 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:31.639717 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:31.654470 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:31.789820 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:20:31.905426 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 04 15:20:32.047739 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:32.102578 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:20:32.198479 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:20:32.254535 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Dec 04 15:20:32.344839 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:20:32.417210 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:32.534859 osdx ca-certificates[121826]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:33.110815 osdx ca-certificates[122830]: 1 added, 0 removed; done. Dec 04 15:20:33.113760 osdx ca-certificates[122836]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:33.116803 osdx ca-certificates[122838]: done. Dec 04 15:20:33.212456 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:33.214257 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:33.216611 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:33.234983 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:33.235200 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Network connectivity detected Dec 04 15:20:33.235297 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Dropping privileges Dec 04 15:20:33.238083 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Network connectivity detected Dec 04 15:20:33.238148 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:33.238148 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:33.238148 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Firefox workaround initialized Dec 04 15:20:33.238148 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkg133kmm] Dec 04 15:20:33.243308 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:33.391402 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] [RD] OK (DoH) - rtt: 107ms Dec 04 15:20:33.391402 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 107ms) Dec 04 15:20:33.391402 osdx dnscrypt-proxy[122895]: [2024-12-04 15:20:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 04 15:20:33.392264 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 04 15:20:38.287817 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.3M free. Dec 04 15:20:38.289116 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:20:38.289166 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:20:38.298656 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:38.615730 osdx osdx-coredump[124542]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:38.623349 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:39.052952 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:39.118300 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:20:39.200655 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:39.262116 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:39.373216 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:39.493125 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:39.523720 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:39.538805 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:39.670130 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:20:39.766820 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 04 15:20:39.906711 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:39.960233 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:20:40.052359 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:20:40.104765 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 04 15:20:40.198353 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 04 15:20:40.250589 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 04 15:20:40.349837 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Dec 04 15:20:40.398409 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:20:40.510284 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:40.585378 osdx ca-certificates[124685]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:41.118715 osdx ca-certificates[125690]: 1 added, 0 removed; done. Dec 04 15:20:41.121428 osdx ca-certificates[125696]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:41.124243 osdx ca-certificates[125698]: done. Dec 04 15:20:41.217426 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:41.218523 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:41.221398 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:41.237131 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:41.237316 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Network connectivity detected Dec 04 15:20:41.237395 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Dropping privileges Dec 04 15:20:41.239602 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Network connectivity detected Dec 04 15:20:41.239650 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:41.239650 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:41.239650 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Firefox workaround initialized Dec 04 15:20:41.239706 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpb177wpy3] Dec 04 15:20:41.240198 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 04 15:20:41.240198 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 04 15:20:41.240266 osdx dnscrypt-proxy[125755]: [2024-12-04 15:20:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 04 15:20:41.243608 osdx OSDxCLI[44364]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 04 15:20:46.282634 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.3M free. Dec 04 15:20:46.284710 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:20:46.284772 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:20:46.292486 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:46.613233 osdx osdx-coredump[127398]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:46.621115 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:47.075704 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:47.147509 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:20:47.242853 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:47.324473 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:47.436711 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:47.557952 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:47.585612 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:47.610303 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:47.784181 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:20:47.898323 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 04 15:20:47.986019 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Dec 04 15:20:48.138927 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:48.200849 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:20:48.296581 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:20:48.362876 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Dec 04 15:20:48.489301 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:20:48.569677 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:48.667007 osdx ca-certificates[127542]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:49.216980 osdx ca-certificates[128546]: 1 added, 0 removed; done. Dec 04 15:20:49.219760 osdx ca-certificates[128552]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:49.222497 osdx ca-certificates[128554]: done. Dec 04 15:20:49.321029 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:49.322143 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:49.325658 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:49.342552 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:49.342792 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Network connectivity detected Dec 04 15:20:49.342792 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Dropping privileges Dec 04 15:20:49.342751 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:49.344743 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Network connectivity detected Dec 04 15:20:49.344779 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:49.344779 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:49.344779 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Firefox workaround initialized Dec 04 15:20:49.344779 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplbx_3549] Dec 04 15:20:49.345278 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 04 15:20:49.345278 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 04 15:20:49.345278 osdx dnscrypt-proxy[128611]: [2024-12-04 15:20:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16