Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:36:41.302723 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free. Oct 07 12:36:41.305652 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:36:41.305718 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:36:41.314795 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:36:41.632640 osdx osdx-coredump[297277]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:36:41.640308 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:36:42.097646 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:36:42.176647 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:36:42.264716 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:36:42.332184 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:42.445651 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:36:42.523135 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:36:42.549097 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:36:42.574630 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:36:42.727859 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:36:43.760406 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:36:43.821114 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:36:43.919545 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:36:43.988637 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 07 12:36:44.094498 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 07 12:36:44.219938 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 07 12:36:44.274336 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 07 12:36:44.370829 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 07 12:36:44.427065 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:36:44.538303 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 07 12:36:44.651861 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:44.755005 osdx ca-certificates[297421]: Updating certificates in /etc/ssl/certs... Oct 07 12:36:45.295325 osdx ca-certificates[298423]: 1 added, 0 removed; done. Oct 07 12:36:45.298618 osdx ca-certificates[298431]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:36:45.302701 osdx ca-certificates[298433]: done. Oct 07 12:36:45.425926 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:36:45.427192 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:36:45.429381 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:36:45.451251 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:36:45.451533 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Network connectivity detected Oct 07 12:36:45.451820 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Dropping privileges Oct 07 12:36:45.454880 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Network connectivity detected Oct 07 12:36:45.454937 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:36:45.454937 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:36:45.454937 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 07 12:36:45.455010 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Firefox workaround initialized Oct 07 12:36:45.455010 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp786pve6c] Oct 07 12:36:45.458246 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:36:45.620786 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:36:45.646182 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] [RD] OK (DoH) - rtt: 120ms Oct 07 12:36:45.646182 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 120ms) Oct 07 12:36:45.646182 osdx dnscrypt-proxy[298490]: [2024-10-07 12:36:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:36:41.274812 osdx systemd-journald[1498]: Runtime Journal (/run/log/journal/ea535239cdf24d6195135cccfda89139) is 1.3M, max 9.7M, 8.4M free. Oct 07 12:36:41.276185 osdx systemd-journald[1498]: Received client request to rotate journal, rotating. Oct 07 12:36:41.276228 osdx systemd-journald[1498]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea535239cdf24d6195135cccfda89139. Oct 07 12:36:41.287022 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:36:41.709201 osdx osdx-coredump[173394]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:36:41.716655 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:36:42.769518 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:36:42.837886 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 07 12:36:42.926833 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:36:42.981875 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service ssh'. Oct 07 12:36:43.101890 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:43.196126 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:36:43.316324 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 07 12:36:43.328319 osdx sshd[173482]: Server listening on 0.0.0.0 port 22. Oct 07 12:36:43.328520 osdx sshd[173482]: Server listening on :: port 22. Oct 07 12:36:43.328614 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 07 12:36:43.352462 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:36:43.377966 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:36:43.399009 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:36:43.554053 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 07 12:36:45.863964 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:36:45.923703 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 07 12:36:46.021329 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 07 12:36:46.075626 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 07 12:36:46.181348 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 07 12:36:46.235918 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 07 12:36:46.331267 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 07 12:36:46.389444 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847'. Oct 07 12:36:46.511249 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:46.609505 osdx ca-certificates[173558]: Updating certificates in /etc/ssl/certs... Oct 07 12:36:47.172302 osdx ca-certificates[174560]: 1 added, 0 removed; done. Oct 07 12:36:47.176432 osdx ca-certificates[174566]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:36:47.179372 osdx ca-certificates[174570]: done. Oct 07 12:36:47.248465 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:36:47.250539 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:36:47.265360 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:36:47.284738 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:36:47.522218 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:36:47.642005 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:36:47.642341 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Network connectivity detected Oct 07 12:36:47.642573 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Dropping privileges Oct 07 12:36:47.644593 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Network connectivity detected Oct 07 12:36:47.644706 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:36:47.644739 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:36:47.644787 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Firefox workaround initialized Oct 07 12:36:47.644814 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpa3ss3r1i] Oct 07 12:36:47.737672 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:36:47.830239 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] [DUT0] OK (DoH) - rtt: 130ms Oct 07 12:36:47.830239 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 130ms) Oct 07 12:36:47.830239 osdx dnscrypt-proxy[174577]: [2024-10-07 12:36:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:36:53.340765 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free. Oct 07 12:36:53.341842 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:36:53.341903 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:36:53.352806 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:36:53.700507 osdx osdx-coredump[300134]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:36:53.708021 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:36:54.178252 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:36:54.249105 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:36:54.335635 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:36:54.403121 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:54.677856 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:36:54.744203 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:36:54.769690 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:36:54.840523 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:36:54.984874 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:36:56.003569 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 07 12:36:56.167473 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:36:56.239119 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:36:56.345640 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:36:56.408211 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSD4vFC8WsFc4PduMOagBKBziJp4j2k4ZvFbkKYdJtJsTwpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 07 12:36:56.499345 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 07 12:36:56.554699 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 07 12:36:56.653459 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 07 12:36:56.706812 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:36:56.803274 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 07 12:36:56.880196 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:56.987836 osdx ca-certificates[300280]: Updating certificates in /etc/ssl/certs... Oct 07 12:36:57.489489 osdx ca-certificates[301283]: 1 added, 0 removed; done. Oct 07 12:36:57.492420 osdx ca-certificates[301290]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:36:57.495117 osdx ca-certificates[301292]: done. Oct 07 12:36:57.638137 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:36:57.639627 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:36:57.643363 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:36:57.661086 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:36:57.661267 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Network connectivity detected Oct 07 12:36:57.661434 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Dropping privileges Oct 07 12:36:57.663850 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Network connectivity detected Oct 07 12:36:57.663921 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:36:57.663947 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:36:57.663976 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 07 12:36:57.664014 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Firefox workaround initialized Oct 07 12:36:57.664036 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf1byevnn] Oct 07 12:36:57.668609 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:36:57.818898 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:36:57.819084 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] [RD] OK (DoH) - rtt: 122ms Oct 07 12:36:57.819084 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) Oct 07 12:36:57.819084 osdx dnscrypt-proxy[301352]: [2024-10-07 12:36:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:36:53.316130 osdx systemd-journald[1498]: Runtime Journal (/run/log/journal/ea535239cdf24d6195135cccfda89139) is 1.3M, max 9.7M, 8.4M free. Oct 07 12:36:53.318137 osdx systemd-journald[1498]: Received client request to rotate journal, rotating. Oct 07 12:36:53.318196 osdx systemd-journald[1498]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea535239cdf24d6195135cccfda89139. Oct 07 12:36:53.330707 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:36:53.788317 osdx osdx-coredump[176195]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:36:53.798056 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:36:55.009449 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:36:55.079188 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 07 12:36:55.166436 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:36:55.221138 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service ssh'. Oct 07 12:36:55.334063 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:55.421909 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:36:55.538112 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 07 12:36:55.550491 osdx sshd[176283]: Server listening on 0.0.0.0 port 22. Oct 07 12:36:55.550704 osdx sshd[176283]: Server listening on :: port 22. Oct 07 12:36:55.550810 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 07 12:36:55.576189 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:36:55.602635 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:36:55.618268 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:36:55.761183 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 07 12:36:58.148363 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847'. Oct 07 12:36:58.296490 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:36:58.356516 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 07 12:36:58.448887 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 07 12:36:58.507023 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 07 12:36:58.630901 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 07 12:36:58.704999 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:36:58.811397 osdx ca-certificates[176359]: Updating certificates in /etc/ssl/certs... Oct 07 12:36:59.282366 osdx ca-certificates[177363]: 1 added, 0 removed; done. Oct 07 12:36:59.286679 osdx ca-certificates[177367]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:36:59.289656 osdx ca-certificates[177371]: done. Oct 07 12:36:59.354095 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:36:59.356710 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:36:59.363243 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:36:59.379487 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:36:59.384967 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:36:59.385202 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Network connectivity detected Oct 07 12:36:59.385426 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Dropping privileges Oct 07 12:36:59.387128 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Network connectivity detected Oct 07 12:36:59.387210 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:36:59.387249 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:36:59.387290 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Firefox workaround initialized Oct 07 12:36:59.387316 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7zhniz7h] Oct 07 12:36:59.556563 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:36:59.570840 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] [DUT0] OK (DoH) - rtt: 121ms Oct 07 12:36:59.570840 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 121ms) Oct 07 12:36:59.570840 osdx dnscrypt-proxy[177378]: [2024-10-07 12:36:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 07 12:37:06.355382 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free. Oct 07 12:37:06.356823 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:37:06.356870 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:37:06.366664 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:06.711780 osdx osdx-coredump[303002]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:06.720945 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:07.193943 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:07.262231 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:37:07.349931 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:07.444366 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:07.536830 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:07.606057 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:07.633032 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:07.658793 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:07.816163 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:37:08.121467 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:08.121530 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:08.945884 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 07 12:37:09.103710 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:09.178936 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:37:09.290810 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:37:09.355409 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 07 12:37:09.461495 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 07 12:37:09.519614 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 07 12:37:09.618021 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5'. Oct 07 12:37:09.675274 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:37:09.778365 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 07 12:37:09.875929 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 07 12:37:09.934843 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 07 12:37:10.073924 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:10.161913 osdx ca-certificates[303149]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:10.699656 osdx ca-certificates[304153]: 1 added, 0 removed; done. Oct 07 12:37:10.702905 osdx ca-certificates[304159]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:10.705594 osdx ca-certificates[304161]: done. Oct 07 12:37:10.845239 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:10.846688 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:10.848996 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:10.866235 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:10.881161 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:10.881394 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Network connectivity detected Oct 07 12:37:10.881430 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Dropping privileges Oct 07 12:37:10.883470 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Network connectivity detected Oct 07 12:37:10.883499 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:10.883499 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:10.883551 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 07 12:37:10.883551 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Firefox workaround initialized Oct 07 12:37:10.883551 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpmlhzqte9] Oct 07 12:37:10.904776 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] [RD] OK (DNSCrypt) - rtt: 20ms Oct 07 12:37:10.904776 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] Server with the lowest initial latency: RD (rtt: 20ms) Oct 07 12:37:10.904776 osdx dnscrypt-proxy[304221]: [2024-10-07 12:37:10] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:37:06.337657 osdx systemd-journald[1498]: Runtime Journal (/run/log/journal/ea535239cdf24d6195135cccfda89139) is 1.3M, max 9.7M, 8.4M free. Oct 07 12:37:06.340391 osdx systemd-journald[1498]: Received client request to rotate journal, rotating. Oct 07 12:37:06.340463 osdx systemd-journald[1498]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea535239cdf24d6195135cccfda89139. Oct 07 12:37:06.351024 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:06.785021 osdx osdx-coredump[178996]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:06.792694 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:07.936493 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:37:08.018345 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 07 12:37:08.122767 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:08.171706 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service ssh'. Oct 07 12:37:08.301676 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:08.404006 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:08.532253 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 07 12:37:08.543851 osdx sshd[179084]: Server listening on 0.0.0.0 port 22. Oct 07 12:37:08.544089 osdx sshd[179084]: Server listening on :: port 22. Oct 07 12:37:08.544184 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 07 12:37:08.573462 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:37:08.598655 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:37:08.614653 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:37:08.763823 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 07 12:37:11.051649 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:37:11.118540 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 07 12:37:11.208041 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 07 12:37:11.267674 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 07 12:37:11.397022 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Oct 07 12:37:11.482516 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Oct 07 12:37:11.602133 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Oct 07 12:37:11.701001 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847'. Oct 07 12:37:11.789826 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:11.891115 osdx ca-certificates[179160]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:12.390774 osdx ca-certificates[180164]: 1 added, 0 removed; done. Oct 07 12:37:12.394952 osdx ca-certificates[180168]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:12.398281 osdx ca-certificates[180172]: done. Oct 07 12:37:12.460217 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:12.462959 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:37:12.473346 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:37:12.489826 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:12.490086 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Network connectivity detected Oct 07 12:37:12.490305 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Dropping privileges Oct 07 12:37:12.492203 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Network connectivity detected Oct 07 12:37:12.492286 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:12.492316 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:12.492368 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Firefox workaround initialized Oct 07 12:37:12.492395 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2g6rouvt] Oct 07 12:37:12.502740 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:37:12.668099 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal show | cat'. Oct 07 12:37:12.714390 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] [DUT0] OK (DoH) - rtt: 145ms Oct 07 12:37:12.714390 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 145ms) Oct 07 12:37:12.714390 osdx dnscrypt-proxy[180179]: [2024-10-07 12:37:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 07 12:37:18.314786 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free. Oct 07 12:37:18.317114 osdx systemd-journald[115269]: Received client request to rotate journal, rotating. Oct 07 12:37:18.317170 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc. Oct 07 12:37:18.325474 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:18.666448 osdx osdx-coredump[305858]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:18.673813 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:19.155424 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:19.225588 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 07 12:37:19.315057 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:19.382428 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:19.501158 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:19.567742 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:19.594374 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:19.610701 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:19.753445 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 07 12:37:19.885561 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:20.815629 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 07 12:37:20.913488 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:5a:f8:ef:03:f3:9f:02:f3:7b:dc:f1:02:81:be:3f:e9:e8:54:2c:e7:ce:b4:4f:c9:30:58:aa:6a:cf:19:e5 ip 10.215.168.1 port 8443'. Oct 07 12:37:21.092545 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu. Oct 07 12:37:21.151597 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 07 12:37:21.250690 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 07 12:37:21.315040 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJFa-O8D858C83vc8QKBvj_p6FQs5860T8kwWKpqzxnlGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 07 12:37:21.405898 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 07 12:37:21.465905 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. Oct 07 12:37:21.564804 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. Oct 07 12:37:21.623777 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Oct 07 12:37:21.755103 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:21.844619 osdx ca-certificates[306004]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:22.328619 osdx ca-certificates[307008]: 1 added, 0 removed; done. Oct 07 12:37:22.332095 osdx ca-certificates[307015]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:22.334742 osdx ca-certificates[307017]: done. Oct 07 12:37:22.461404 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:22.462739 osdx cfgd[1439]: [267623]Completed change to active configuration Oct 07 12:37:22.464726 osdx OSDxCLI[267623]: User 'admin' committed the configuration. Oct 07 12:37:22.482042 osdx OSDxCLI[267623]: User 'admin' left the configuration menu. Oct 07 12:37:22.485461 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:22.485674 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Network connectivity detected Oct 07 12:37:22.485917 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Dropping privileges Oct 07 12:37:22.488197 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Network connectivity detected Oct 07 12:37:22.488236 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:22.488236 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:22.488236 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Oct 07 12:37:22.488279 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Firefox workaround initialized Oct 07 12:37:22.488279 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5hh978ss] Oct 07 12:37:22.488851 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 07 12:37:22.488890 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 07 12:37:22.488890 osdx dnscrypt-proxy[307077]: [2024-10-07 12:37:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 07 12:37:22.579915 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 07 12:37:22.581079 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 07 12:37:18.271142 osdx systemd-journald[1498]: Runtime Journal (/run/log/journal/ea535239cdf24d6195135cccfda89139) is 1.3M, max 9.7M, 8.4M free. Oct 07 12:37:18.273475 osdx systemd-journald[1498]: Received client request to rotate journal, rotating. Oct 07 12:37:18.273522 osdx systemd-journald[1498]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea535239cdf24d6195135cccfda89139. Oct 07 12:37:18.281041 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal clear'. Oct 07 12:37:18.733078 osdx osdx-coredump[181792]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 07 12:37:18.740455 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system coredump delete all'. Oct 07 12:37:19.787266 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:37:19.869915 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Oct 07 12:37:19.967334 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 07 12:37:20.049194 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service ssh'. Oct 07 12:37:20.173518 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:20.269122 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 07 12:37:20.385339 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 07 12:37:20.397846 osdx sshd[181880]: Server listening on 0.0.0.0 port 22. Oct 07 12:37:20.398067 osdx sshd[181880]: Server listening on :: port 22. Oct 07 12:37:20.398171 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 07 12:37:20.422762 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:37:20.448625 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:37:20.476275 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:37:20.623080 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Oct 07 12:37:22.663142 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a144d6f1c58abc8bd27125dadc2b1f160def324b8556a7b8f92a4ede30552847'. Oct 07 12:37:22.833161 osdx OSDxCLI[117440]: User 'admin' entered the configuration menu. Oct 07 12:37:22.905049 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Oct 07 12:37:22.994556 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Oct 07 12:37:23.052428 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Oct 07 12:37:23.155708 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgoUTW8cWKvIvScSXa3CsfFg3vMkuFVqe4-SpO3jBVKEcNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. Oct 07 12:37:23.226573 osdx OSDxCLI[117440]: User 'admin' added a new cfg line: 'show working'. Oct 07 12:37:23.337406 osdx ca-certificates[181956]: Updating certificates in /etc/ssl/certs... Oct 07 12:37:23.808836 osdx ca-certificates[182960]: 1 added, 0 removed; done. Oct 07 12:37:23.812895 osdx ca-certificates[182964]: Running hooks in /etc/ca-certificates/update.d... Oct 07 12:37:23.816150 osdx ca-certificates[182968]: done. Oct 07 12:37:23.873313 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 07 12:37:23.875845 osdx cfgd[1206]: [117440]Completed change to active configuration Oct 07 12:37:23.886466 osdx OSDxCLI[117440]: User 'admin' committed the configuration. Oct 07 12:37:23.902865 osdx OSDxCLI[117440]: User 'admin' left the configuration menu. Oct 07 12:37:23.903369 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] dnscrypt-proxy 2.0.45 Oct 07 12:37:23.903579 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Network connectivity detected Oct 07 12:37:23.903817 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Dropping privileges Oct 07 12:37:23.905707 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Network connectivity detected Oct 07 12:37:23.905806 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 07 12:37:23.905840 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 07 12:37:23.905888 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Firefox workaround initialized Oct 07 12:37:23.905920 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:23] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpym9mu4tk] Oct 07 12:37:24.062141 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:24] [NOTICE] [DUT0] OK (DoH) - rtt: 118ms Oct 07 12:37:24.062141 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:24] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 118ms) Oct 07 12:37:24.062141 osdx dnscrypt-proxy[182975]: [2024-10-07 12:37:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 07 12:37:24.063106 osdx OSDxCLI[117440]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13