Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:19:23.323777 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.2M free. Dec 04 15:19:23.326760 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:19:23.326821 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:19:23.335147 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:23.634449 osdx osdx-coredump[107129]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:23.641958 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:24.092150 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:24.176013 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:19:24.256717 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:24.327042 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:24.434764 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:24.554155 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:24.580422 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:24.601517 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:24.745755 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:19:25.826445 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:25.880785 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:19:25.974781 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:19:26.034306 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 04 15:19:26.124642 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 04 15:19:26.179937 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 04 15:19:26.268775 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 04 15:19:26.321592 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 04 15:19:26.414084 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:19:26.465249 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 04 15:19:26.580347 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:26.661278 osdx ca-certificates[107272]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:27.200339 osdx ca-certificates[108277]: 1 added, 0 removed; done. Dec 04 15:19:27.203560 osdx ca-certificates[108283]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:27.206047 osdx ca-certificates[108285]: done. Dec 04 15:19:27.327166 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:27.328633 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:27.332598 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:27.349189 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:27.358437 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:27.358654 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Network connectivity detected Dec 04 15:19:27.358717 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Dropping privileges Dec 04 15:19:27.360922 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Network connectivity detected Dec 04 15:19:27.360997 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:27.360997 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:27.360997 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 04 15:19:27.360997 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Firefox workaround initialized Dec 04 15:19:27.360997 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgbp5v7_w] Dec 04 15:19:27.499141 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] [RD] OK (DoH) - rtt: 111ms Dec 04 15:19:27.499141 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] Server with the lowest initial latency: RD (rtt: 111ms) Dec 04 15:19:27.499141 osdx dnscrypt-proxy[108345]: [2024-12-04 15:19:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 04 15:19:27.505751 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:19:23.276419 osdx systemd-journald[1388]: Runtime Journal (/run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b) is 1.2M, max 9.7M, 8.4M free. Dec 04 15:19:23.278271 osdx systemd-journald[1388]: Received client request to rotate journal, rotating. Dec 04 15:19:23.278322 osdx systemd-journald[1388]: Vacuuming done, freed 0B of archived journals from /run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b. Dec 04 15:19:23.285628 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:23.684707 osdx osdx-coredump[56316]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:23.691728 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:24.750518 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:24.821705 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 04 15:19:24.908778 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:24.961555 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service ssh'. Dec 04 15:19:25.071296 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:25.162292 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:25.350769 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 15:19:25.375069 osdx sshd[56409]: Server listening on 0.0.0.0 port 22. Dec 04 15:19:25.375295 osdx sshd[56409]: Server listening on :: port 22. Dec 04 15:19:25.375504 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 15:19:25.396170 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:25.425885 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:25.442880 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:25.584396 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 04 15:19:27.735022 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:27.793472 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 04 15:19:27.887746 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 04 15:19:27.941916 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 04 15:19:28.052459 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 04 15:19:28.121371 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 04 15:19:28.226001 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 04 15:19:28.289416 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441'. Dec 04 15:19:28.398647 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:28.477713 osdx ca-certificates[56481]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:28.950704 osdx ca-certificates[57486]: 1 added, 0 removed; done. Dec 04 15:19:28.953638 osdx ca-certificates[57491]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:28.956397 osdx ca-certificates[57493]: done. Dec 04 15:19:29.034706 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:29.036506 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:29.039398 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:29.066090 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:29.066090 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Network connectivity detected Dec 04 15:19:29.066090 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Dropping privileges Dec 04 15:19:29.068832 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:29.069327 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Network connectivity detected Dec 04 15:19:29.069396 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:29.069426 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:29.069469 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Firefox workaround initialized Dec 04 15:19:29.069493 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2q8d08s6] Dec 04 15:19:29.221486 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal show | cat'. Dec 04 15:19:29.224281 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] [DUT0] OK (DoH) - rtt: 104ms Dec 04 15:19:29.224281 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 104ms) Dec 04 15:19:29.224281 osdx dnscrypt-proxy[57500]: [2024-12-04 15:19:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:19:35.312592 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.3M free. Dec 04 15:19:35.313771 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:19:35.313808 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:19:35.322545 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:35.655045 osdx osdx-coredump[109993]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:35.662363 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:36.120722 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:36.209311 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:19:36.318644 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:36.391142 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:36.497774 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:36.616568 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:36.644435 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:36.666419 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:36.810788 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:19:37.840749 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 04 15:19:37.978349 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:38.037917 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:19:38.137972 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:19:38.205483 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Dec 04 15:19:38.309208 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 04 15:19:38.367172 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 04 15:19:38.474561 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 04 15:19:38.537664 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:19:38.636388 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 04 15:19:38.711944 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:38.836395 osdx ca-certificates[110139]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:39.379682 osdx ca-certificates[111143]: 1 added, 0 removed; done. Dec 04 15:19:39.382528 osdx ca-certificates[111149]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:39.385284 osdx ca-certificates[111151]: done. Dec 04 15:19:39.514082 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:39.515313 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:39.517786 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:39.534355 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:39.535095 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:39.535218 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Network connectivity detected Dec 04 15:19:39.535383 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Dropping privileges Dec 04 15:19:39.537316 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Network connectivity detected Dec 04 15:19:39.537344 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:39.537344 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:39.537381 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 04 15:19:39.537381 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Firefox workaround initialized Dec 04 15:19:39.537381 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvuywpqmx] Dec 04 15:19:39.689209 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] [RD] OK (DoH) - rtt: 130ms Dec 04 15:19:39.689209 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] Server with the lowest initial latency: RD (rtt: 130ms) Dec 04 15:19:39.689209 osdx dnscrypt-proxy[111211]: [2024-12-04 15:19:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 04 15:19:39.690133 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:19:35.288176 osdx systemd-journald[1388]: Runtime Journal (/run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b) is 1.3M, max 9.7M, 8.4M free. Dec 04 15:19:35.288587 osdx systemd-journald[1388]: Received client request to rotate journal, rotating. Dec 04 15:19:35.288617 osdx systemd-journald[1388]: Vacuuming done, freed 0B of archived journals from /run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b. Dec 04 15:19:35.299579 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:35.736260 osdx osdx-coredump[59120]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:35.743858 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:36.815494 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:36.884243 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 04 15:19:36.964304 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:37.015104 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service ssh'. Dec 04 15:19:37.137317 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:37.224566 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:37.393120 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 15:19:37.409925 osdx sshd[59213]: Server listening on 0.0.0.0 port 22. Dec 04 15:19:37.409951 osdx sshd[59213]: Server listening on :: port 22. Dec 04 15:19:37.410040 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 15:19:37.429885 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:37.458536 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:37.485181 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:37.625770 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 04 15:19:39.886431 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441'. Dec 04 15:19:40.025668 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:40.082973 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 04 15:19:40.175414 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 04 15:19:40.226702 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 04 15:19:40.328165 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 04 15:19:40.395701 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:40.506121 osdx ca-certificates[59285]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:41.001546 osdx ca-certificates[60288]: 1 added, 0 removed; done. Dec 04 15:19:41.004298 osdx ca-certificates[60295]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:41.006965 osdx ca-certificates[60297]: done. Dec 04 15:19:41.081212 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:41.084222 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:41.087403 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:41.103173 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:41.103754 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:41.103910 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Network connectivity detected Dec 04 15:19:41.103971 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Dropping privileges Dec 04 15:19:41.106204 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Network connectivity detected Dec 04 15:19:41.106204 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:41.106204 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:41.106204 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Firefox workaround initialized Dec 04 15:19:41.106204 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpv0smmuyw] Dec 04 15:19:41.260921 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal show | cat'. Dec 04 15:19:41.273301 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] [DUT0] OK (DoH) - rtt: 116ms Dec 04 15:19:41.273301 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 116ms) Dec 04 15:19:41.273301 osdx dnscrypt-proxy[60304]: [2024-12-04 15:19:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 04 15:19:47.304648 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.0M, max 15.3M, 13.3M free. Dec 04 15:19:47.305185 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:19:47.305223 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:19:47.315516 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:47.673825 osdx osdx-coredump[112858]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:47.682962 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:48.181728 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:48.257132 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:19:48.340705 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:48.411030 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:48.521072 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:48.652163 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:48.692813 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:48.715359 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:48.869193 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:19:50.001468 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 04 15:19:50.161229 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:19:50.252621 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:19:50.330179 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:19:50.452148 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 04 15:19:50.544515 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 04 15:19:50.603958 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 04 15:19:50.722457 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Dec 04 15:19:50.788138 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:19:50.893809 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 04 15:19:50.956734 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 04 15:19:51.057965 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 04 15:19:51.147095 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:51.283124 osdx ca-certificates[113005]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:51.842193 osdx ca-certificates[114010]: 1 added, 0 removed; done. Dec 04 15:19:51.845345 osdx ca-certificates[114015]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:51.848056 osdx ca-certificates[114017]: done. Dec 04 15:19:51.961396 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:51.962896 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:19:51.966214 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:19:51.985105 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:19:51.998415 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:51] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:51.998631 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:51] [NOTICE] Network connectivity detected Dec 04 15:19:51.998697 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:51] [NOTICE] Dropping privileges Dec 04 15:19:52.000718 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Network connectivity detected Dec 04 15:19:52.000774 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:52.000774 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:52.000774 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 04 15:19:52.000774 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Firefox workaround initialized Dec 04 15:19:52.000774 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp70skp837] Dec 04 15:19:52.001655 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 04 15:19:52.001707 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 04 15:19:52.001707 osdx dnscrypt-proxy[114077]: [2024-12-04 15:19:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:19:48.289834 osdx systemd-journald[1388]: Runtime Journal (/run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b) is 1.5M, max 9.7M, 8.1M free. Dec 04 15:19:48.293518 osdx systemd-journald[1388]: Received client request to rotate journal, rotating. Dec 04 15:19:48.293596 osdx systemd-journald[1388]: Vacuuming done, freed 0B of archived journals from /run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b. Dec 04 15:19:48.300661 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:19:48.772157 osdx osdx-coredump[61923]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:19:48.780474 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:19:49.893275 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:49.978389 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 04 15:19:50.069080 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:19:50.130155 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service ssh'. Dec 04 15:19:50.236130 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:50.329539 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:19:50.505835 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 15:19:50.523640 osdx sshd[62016]: Server listening on 0.0.0.0 port 22. Dec 04 15:19:50.523922 osdx sshd[62016]: Server listening on :: port 22. Dec 04 15:19:50.524088 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 15:19:50.545208 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:50.572423 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:50.591570 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:50.744786 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 04 15:19:53.181781 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:19:53.285336 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 04 15:19:53.344638 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 04 15:19:53.441115 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 04 15:19:53.522208 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 04 15:19:53.612766 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 04 15:19:53.672953 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 04 15:19:53.777031 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441'. Dec 04 15:19:53.853315 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:19:53.967852 osdx ca-certificates[62088]: Updating certificates in /etc/ssl/certs... Dec 04 15:19:54.441053 osdx ca-certificates[63093]: 1 added, 0 removed; done. Dec 04 15:19:54.443593 osdx ca-certificates[63098]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:19:54.446034 osdx ca-certificates[63100]: done. Dec 04 15:19:54.517819 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:19:54.519446 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:19:54.521989 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:19:54.537639 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:19:54.540857 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:19:54.541093 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Network connectivity detected Dec 04 15:19:54.541359 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Dropping privileges Dec 04 15:19:54.544013 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Network connectivity detected Dec 04 15:19:54.544061 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:19:54.544061 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:19:54.544061 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Firefox workaround initialized Dec 04 15:19:54.544117 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdwkaxp37] Dec 04 15:19:54.682928 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal show | cat'. Dec 04 15:19:54.803517 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] [DUT0] OK (DoH) - rtt: 109ms Dec 04 15:19:54.803517 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 109ms) Dec 04 15:19:54.803517 osdx dnscrypt-proxy[63107]: [2024-12-04 15:19:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 04 15:20:02.302369 osdx systemd-journald[1574]: Runtime Journal (/run/log/journal/2754912ae611401eb118833e63cf0c07) is 2.6M, max 15.3M, 12.7M free. Dec 04 15:20:02.305729 osdx systemd-journald[1574]: Received client request to rotate journal, rotating. Dec 04 15:20:02.305801 osdx systemd-journald[1574]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2754912ae611401eb118833e63cf0c07. Dec 04 15:20:02.312217 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:02.635973 osdx osdx-coredump[115724]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:02.643333 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:03.169372 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:03.240348 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 04 15:20:03.317966 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:03.391395 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:03.501722 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:03.627305 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:03.652691 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:03.674992 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:03.817549 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 04 15:20:04.861263 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 04 15:20:04.987455 osdx OSDxCLI[44364]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Dec 04 15:20:05.138518 osdx OSDxCLI[44364]: User 'admin' entered the configuration menu. Dec 04 15:20:05.224141 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 04 15:20:05.283445 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 04 15:20:05.375917 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Dec 04 15:20:05.426452 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 04 15:20:05.526407 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Dec 04 15:20:05.606818 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Dec 04 15:20:05.711858 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 04 15:20:05.780225 osdx OSDxCLI[44364]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:05.887388 osdx ca-certificates[115871]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:06.386572 osdx ca-certificates[116875]: 1 added, 0 removed; done. Dec 04 15:20:06.389237 osdx ca-certificates[116881]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:06.392003 osdx ca-certificates[116883]: done. Dec 04 15:20:06.514077 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:06.515590 osdx cfgd[1239]: [44364]Completed change to active configuration Dec 04 15:20:06.517919 osdx OSDxCLI[44364]: User 'admin' committed the configuration. Dec 04 15:20:06.534171 osdx OSDxCLI[44364]: User 'admin' left the configuration menu. Dec 04 15:20:06.545118 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:06.545350 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Network connectivity detected Dec 04 15:20:06.545627 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Dropping privileges Dec 04 15:20:06.547839 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Network connectivity detected Dec 04 15:20:06.547883 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:06.547883 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:06.547883 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 04 15:20:06.547928 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Firefox workaround initialized Dec 04 15:20:06.547928 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyvqjcm84] Dec 04 15:20:06.548461 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 04 15:20:06.548484 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 04 15:20:06.548484 osdx dnscrypt-proxy[116943]: [2024-12-04 15:20:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 04 15:20:02.262196 osdx systemd-journald[1388]: Runtime Journal (/run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b) is 1.3M, max 9.7M, 8.4M free. Dec 04 15:20:02.263953 osdx systemd-journald[1388]: Received client request to rotate journal, rotating. Dec 04 15:20:02.264001 osdx systemd-journald[1388]: Vacuuming done, freed 0B of archived journals from /run/log/journal/e00a4863307c4ec795c6f3eeb7a5801b. Dec 04 15:20:02.271816 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal clear'. Dec 04 15:20:02.729343 osdx osdx-coredump[64730]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 04 15:20:02.737570 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system coredump delete all'. Dec 04 15:20:03.813177 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:20:03.876733 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 04 15:20:03.957834 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 04 15:20:04.010563 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service ssh'. Dec 04 15:20:04.131182 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:04.215934 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 04 15:20:04.412311 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 04 15:20:04.429424 osdx sshd[64823]: Server listening on 0.0.0.0 port 22. Dec 04 15:20:04.429613 osdx sshd[64823]: Server listening on :: port 22. Dec 04 15:20:04.429721 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 04 15:20:04.450151 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:20:04.477293 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:20:04.492227 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:20:04.643233 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 04 15:20:06.676454 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash d54c3f6932c2f9209d0899e7220db08ccf61fe0d7dd0b25d25f65ddd209e8441'. Dec 04 15:20:06.814013 osdx OSDxCLI[1605]: User 'admin' entered the configuration menu. Dec 04 15:20:06.881847 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 04 15:20:06.996119 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 04 15:20:07.056763 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 04 15:20:07.164180 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg1Uw_aTLC-SCdCJnnIg2wjM9h_g190LJdJfZd3SCehEENZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Dec 04 15:20:07.262297 osdx OSDxCLI[1605]: User 'admin' added a new cfg line: 'show working'. Dec 04 15:20:07.377600 osdx ca-certificates[64895]: Updating certificates in /etc/ssl/certs... Dec 04 15:20:07.911890 osdx ca-certificates[65900]: 1 added, 0 removed; done. Dec 04 15:20:07.915005 osdx ca-certificates[65905]: Running hooks in /etc/ca-certificates/update.d... Dec 04 15:20:07.917870 osdx ca-certificates[65907]: done. Dec 04 15:20:07.996620 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 04 15:20:07.998467 osdx cfgd[1056]: [1605]Completed change to active configuration Dec 04 15:20:08.002053 osdx OSDxCLI[1605]: User 'admin' committed the configuration. Dec 04 15:20:08.030758 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] dnscrypt-proxy 2.0.45 Dec 04 15:20:08.031042 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Network connectivity detected Dec 04 15:20:08.031123 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Dropping privileges Dec 04 15:20:08.034530 osdx OSDxCLI[1605]: User 'admin' left the configuration menu. Dec 04 15:20:08.035065 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Network connectivity detected Dec 04 15:20:08.035115 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 04 15:20:08.035115 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 04 15:20:08.035163 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Firefox workaround initialized Dec 04 15:20:08.035163 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp769jkyza] Dec 04 15:20:08.180970 osdx OSDxCLI[1605]: User 'admin' executed a new command: 'system journal show | cat'. Dec 04 15:20:08.287484 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] [DUT0] OK (DoH) - rtt: 132ms Dec 04 15:20:08.287484 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 132ms) Dec 04 15:20:08.287484 osdx dnscrypt-proxy[65914]: [2024-12-04 15:20:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13