Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:37:37.356878 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free. Oct 07 12:37:37.359619 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:37:37.359663 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:37:37.365898 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:37.691173 osdx osdx-coredump[308954]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:37.699849 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:37.929876 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:37.930474 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:38.177999 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:38.256771 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:37:38.356742 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:38.423601 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:38.539632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:38.611590 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:38.646056 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:38.664469 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:38.810701 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:37:39.007479 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:39.067264 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:37:39.166343 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:37:39.252026 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 07 12:37:39.345429 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 07 12:37:39.413018 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 07 12:37:39.501268 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:37:39.574861 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:39.689784 osdx ca-certificates[309095]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:40.208697 osdx ca-certificates[310099]: 1 added, 0 removed; done. Oct 07 12:37:40.212411 osdx ca-certificates[310105]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:40.216278 osdx ca-certificates[310107]: done. Oct 07 12:37:40.315970 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:40.317204 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:40.319737 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:40.349170 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:40.349353 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Network connectivity detected Oct 07 12:37:40.349224 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:40.349638 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Dropping privileges Oct 07 12:37:40.351899 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Network connectivity detected Oct 07 12:37:40.351943 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:40.351943 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:40.351943 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Firefox workaround initialized Oct 07 12:37:40.351985 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2dx97mr0] Oct 07 12:37:40.494582 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:37:40.569803 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] [RD] OK (DoH) - rtt: 130ms Oct 07 12:37:40.569803 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] Server with the lowest initial latency: RD (rtt: 130ms) Oct 07 12:37:40.569803 osdx dnscrypt-proxy[310164]: [2024-10-07 12:37:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:37:45.307936 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free. Oct 07 12:37:45.311080 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:37:45.311124 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:37:45.320364 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:45.639902 osdx osdx-coredump[311808]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:45.647141 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:46.144975 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:46.229851 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:37:46.319157 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:46.416242 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:46.535093 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:46.613392 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:46.640364 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:46.657336 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:46.658204 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:46.820324 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:37:46.969282 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 07 12:37:47.129347 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:47.211668 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:37:47.321170 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:37:47.402103 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 07 12:37:47.503649 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:37:47.588485 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:47.704570 osdx ca-certificates[311950]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:48.233141 osdx ca-certificates[312954]: 1 added, 0 removed; done. Oct 07 12:37:48.236930 osdx ca-certificates[312960]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:48.239850 osdx ca-certificates[312962]: done. Oct 07 12:37:48.351488 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:48.352712 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:48.354674 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:48.371632 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:48.374036 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:48.374304 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Network connectivity detected Oct 07 12:37:48.374565 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Dropping privileges Oct 07 12:37:48.377290 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Network connectivity detected Oct 07 12:37:48.377342 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:48.377342 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:48.377342 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Firefox workaround initialized Oct 07 12:37:48.377342 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprrwbaf9x] Oct 07 12:37:48.514043 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] [RD] OK (DoH) - rtt: 115ms Oct 07 12:37:48.514043 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 115ms) Oct 07 12:37:48.514043 osdx dnscrypt-proxy[313019]: [2024-10-07 12:37:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 07 12:37:48.529304 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 07 12:37:53.282182 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free. Oct 07 12:37:53.284723 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:37:53.284794 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:37:53.293923 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:53.652044 osdx osdx-coredump[314662]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:53.661406 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:54.161537 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:54.249006 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:37:54.321419 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:54.417520 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:54.500724 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:54.577035 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:54.602145 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:54.626580 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:54.784193 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:37:54.896343 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 07 12:37:55.041893 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:55.102650 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:37:55.210279 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:37:55.270133 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 07 12:37:55.377171 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 07 12:37:55.459394 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 07 12:37:55.564010 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5'. Oct 07 12:37:55.617328 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:37:55.731964 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:55.821912 osdx ca-certificates[314805]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:56.394055 osdx ca-certificates[315810]: 1 added, 0 removed; done. Oct 07 12:37:56.398013 osdx ca-certificates[315816]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:56.400940 osdx ca-certificates[315818]: done. Oct 07 12:37:56.509140 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:56.510590 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:56.512914 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:56.537630 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:56.541923 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:56.542152 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Network connectivity detected Oct 07 12:37:56.542245 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Dropping privileges Oct 07 12:37:56.544924 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Network connectivity detected Oct 07 12:37:56.544959 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:56.544959 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:56.545004 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Firefox workaround initialized Oct 07 12:37:56.545004 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqx4v_9pe] Oct 07 12:37:56.550121 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] [RD] OK (DNSCrypt) - rtt: 4ms Oct 07 12:37:56.550121 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] Server with the lowest initial latency: RD (rtt: 4ms) Oct 07 12:37:56.550232 osdx dnscrypt-proxy[315875]: [2024-10-07 12:37:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 07 12:38:02.373352 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free. Oct 07 12:38:02.376857 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:38:02.376928 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:38:02.383338 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:38:02.715422 osdx osdx-coredump[317522]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:38:02.722775 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:38:03.181551 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:38:03.260154 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:38:03.347646 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:38:03.415581 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:38:03.528888 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:38:03.593004 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:38:03.620231 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:38:03.647929 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:38:03.784990 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:38:03.884460 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 07 12:38:03.979153 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443'. Oct 07 12:38:04.140456 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:38:04.212690 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:38:04.320062 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:38:04.394004 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 07 12:38:04.479719 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:38:04.551235 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:38:04.664807 osdx ca-certificates[317665]: Updating certificates in /etc/ssl/certs... Oct 07 12:38:05.179288 osdx ca-certificates[318669]: 1 added, 0 removed; done. Oct 07 12:38:05.181899 osdx ca-certificates[318676]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:38:05.185630 osdx ca-certificates[318678]: done. Oct 07 12:38:05.289215 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:38:05.290590 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:38:05.292966 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:38:05.310109 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:38:05.317804 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:38:05.318042 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Network connectivity detected Oct 07 12:38:05.318256 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Dropping privileges Oct 07 12:38:05.320417 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Network connectivity detected Oct 07 12:38:05.320452 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:38:05.320452 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:38:05.320483 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Firefox workaround initialized Oct 07 12:38:05.320483 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjuee153e] Oct 07 12:38:05.321149 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 07 12:38:05.321180 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 07 12:38:05.321180 osdx dnscrypt-proxy[318735]: [2024-10-07 12:38:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 07 12:38:05.399738 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16