List
Test suite to validate domain/IP blocking and whitelisting
Blocklist Domain
Description
Performs a lookup over a domain that has been blocked.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy blocklist ip address 10.215.168.42 set service dns proxy blocklist name domain '*sex*' set service dns proxy blocklist name domain example.org set service dns proxy blocklist name domain teldat.com set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 3: Run command show host lookup sex.example.page type A at DUT0 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 4: Run command show host lookup blocked-ip.net type A at DUT0 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"
Whitelist Domain
Description
Performs a lookup over a domain that has been whitelisted.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy blocklist ip address 10.215.168.42 set service dns proxy blocklist name domain '*sex*' set service dns proxy blocklist name domain example.org set service dns proxy blocklist name domain teldat.com set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy whitelist name domain teldat.com set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command show host lookup sex.example.page type A at DUT0 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 4: Run command show host lookup blocked-ip.net type A at DUT0 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"