List Server
Test suite to validate domain/IP blocking and whitelisting
Server Blocklist Domain
Description
Performs a lookup over a domain that has been blocked.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy blocklist ip address 10.215.168.42 set service dns proxy blocklist name domain '*sex*' set service dns proxy blocklist name domain example.org set service dns proxy blocklist name domain teldat.com set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 10c92d41fda7e2cc7e9abf8c6fbd5aa9e321e5d11cf9692145bd51d9d5f3b0ae set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 4: Run command show host lookup sex.example.page type A at DUT1 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 5: Run command show host lookup blocked-ip.net type A at DUT1 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"
Server Whitelist Domain
Description
Performs a lookup over a domain that has been whitelisted.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy blocklist ip address 10.215.168.42 set service dns proxy blocklist name domain '*sex*' set service dns proxy blocklist name domain example.org set service dns proxy blocklist name domain teldat.com set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy whitelist name domain teldat.com set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 10c92d41fda7e2cc7e9abf8c6fbd5aa9e321e5d11cf9692145bd51d9d5f3b0ae set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Step 4: Run command show host lookup sex.example.page type A at DUT1 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused sex.example.page host information "This query has been locally blocked" "by dnscrypt-proxy"
Step 5: Run command show host lookup blocked-ip.net type A at DUT1 and check if output contains the following tokens:
This query has been locally blockedShow output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused blocked-ip.net host information "This query has been locally blocked" "by dnscrypt-proxy"