Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 30 12:20:21.305361 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.1M, max 15.3M, 13.2M free. Oct 30 12:20:21.305800 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:20:21.305829 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:20:21.314771 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:20:21.649165 osdx osdx-coredump[206392]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:20:21.656676 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:20:22.186687 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:22.290674 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:20:22.346890 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:20:22.456018 osdx ERROR[206400]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:22.456866 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:22.541394 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:20:22.647071 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:22.680927 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:22.705159 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:22.851538 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:20:22.970699 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:23.030576 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:20:23.129369 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:20:23.198487 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:20:23.290024 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:20:23.351015 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:20:23.452452 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 12:20:23.554781 osdx ERROR[206510]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:23.559734 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:23.656976 osdx ca-certificates[206537]: Updating certificates in /etc/ssl/certs... Oct 30 12:20:24.179075 osdx ca-certificates[207540]: 1 added, 0 removed; done. Oct 30 12:20:24.182079 osdx ca-certificates[207547]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:20:24.184692 osdx ca-certificates[207549]: done. Oct 30 12:20:24.301737 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:20:24.302942 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:24.306457 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:24.326150 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:24.326683 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 12:20:24.326815 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Network connectivity detected Oct 30 12:20:24.326934 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Dropping privileges Oct 30 12:20:24.329259 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Network connectivity detected Oct 30 12:20:24.329289 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 12:20:24.329289 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 12:20:24.329315 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Firefox workaround initialized Oct 30 12:20:24.329331 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpx_6lnrjf] Oct 30 12:20:24.494792 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] [RD] OK (DoH) - rtt: 139ms Oct 30 12:20:24.494792 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] Server with the lowest initial latency: RD (rtt: 139ms) Oct 30 12:20:24.494792 osdx dnscrypt-proxy[207606]: [2024-10-30 12:20:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 30 12:20:24.502086 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBowlZ4FnrrHG08Wi7uJM2ksOA90-ax7Rhy2-1UQ3QyngpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBowlZ4FnrrHG08Wi7uJM2ksOA90-ax7Rhy2-1UQ3QyngpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 30 12:20:30.301917 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:20:30.302921 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:20:30.302971 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:20:30.312403 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:20:30.631760 osdx osdx-coredump[209254]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:20:30.639471 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:20:31.117980 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:31.191852 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:20:31.277659 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:20:31.352900 osdx ERROR[209262]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:31.356746 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:31.462923 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:20:31.565615 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:31.592866 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:31.608017 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:31.748528 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:20:31.877840 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:20:32.023713 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:32.084284 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:20:32.174496 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:20:32.269705 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBowlZ4FnrrHG08Wi7uJM2ksOA90-ax7Rhy2-1UQ3QyngpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. Oct 30 12:20:32.388464 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 12:20:32.514645 osdx ERROR[209373]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:32.519392 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:32.625829 osdx ca-certificates[209400]: Updating certificates in /etc/ssl/certs... Oct 30 12:20:33.114646 osdx ca-certificates[210403]: 1 added, 0 removed; done. Oct 30 12:20:33.117568 osdx ca-certificates[210410]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:20:33.120382 osdx ca-certificates[210412]: done. Oct 30 12:20:33.227168 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:20:33.228268 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:33.231603 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:33.248872 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:33.250174 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 12:20:33.250320 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Network connectivity detected Oct 30 12:20:33.250475 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Dropping privileges Oct 30 12:20:33.253190 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Network connectivity detected Oct 30 12:20:33.253226 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 12:20:33.253226 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 12:20:33.253257 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Firefox workaround initialized Oct 30 12:20:33.253257 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4cednk5x] Oct 30 12:20:33.399912 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] [RD] OK (DoH) - rtt: 120ms Oct 30 12:20:33.399912 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 120ms) Oct 30 12:20:33.399912 osdx dnscrypt-proxy[210469]: [2024-10-30 12:20:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 30 12:20:33.405051 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 30 12:20:38.294882 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.2M free. Oct 30 12:20:38.296530 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:20:38.296589 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:20:38.304395 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:20:38.629551 osdx osdx-coredump[212116]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:20:38.636613 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:20:39.109302 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:39.184367 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:20:39.274776 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:20:39.343510 osdx ERROR[212124]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:39.347626 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:39.460532 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:20:39.577913 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:39.603244 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:39.629321 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:39.770047 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:20:39.915762 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 30 12:20:40.061644 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:40.124266 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:20:40.224751 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:20:40.284878 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 30 12:20:40.383204 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 30 12:20:40.442131 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 30 12:20:40.540850 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a'. Oct 30 12:20:40.591352 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 12:20:40.706577 osdx ERROR[212237]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:40.708190 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:40.800796 osdx ca-certificates[212264]: Updating certificates in /etc/ssl/certs... Oct 30 12:20:41.298470 osdx ca-certificates[213268]: 1 added, 0 removed; done. Oct 30 12:20:41.302234 osdx ca-certificates[213274]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:20:41.305081 osdx ca-certificates[213276]: done. Oct 30 12:20:41.420874 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:20:41.421954 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:41.423929 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:41.441018 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:41.444412 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 12:20:41.444581 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Network connectivity detected Oct 30 12:20:41.444652 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Dropping privileges Oct 30 12:20:41.446608 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Network connectivity detected Oct 30 12:20:41.446631 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 12:20:41.446631 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 12:20:41.446660 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Firefox workaround initialized Oct 30 12:20:41.446660 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7twer2wx] Oct 30 12:20:41.451721 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] [RD] OK (DNSCrypt) - rtt: 4ms Oct 30 12:20:41.451721 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 4ms) Oct 30 12:20:41.451721 osdx dnscrypt-proxy[213333]: [2024-10-30 12:20:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIMNXeB71cp8kD9iNMZEjGFvkim_GigaYVOAITalhQKlaGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIMNXeB71cp8kD9iNMZEjGFvkim_GigaYVOAITalhQKlaGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 30 12:20:46.304002 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.2M free. Oct 30 12:20:46.307083 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:20:46.307131 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:20:46.313431 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:20:46.634735 osdx osdx-coredump[214976]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:20:46.641953 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:20:47.084825 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:47.158501 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:20:47.245045 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:20:47.311582 osdx ERROR[214984]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:47.314674 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:47.435087 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:20:47.541555 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:47.568370 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:47.584218 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:47.725501 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:20:47.825695 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 30 12:20:47.937143 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key c3:57:78:1e:f5:72:9f:24:0f:d8:8d:31:91:23:18:5b:e4:8a:6f:c6:8a:06:98:54:e0:08:4d:a9:61:40:a9:5a ip 10.215.168.1 port 8443'. Oct 30 12:20:48.084169 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:20:48.144157 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:20:48.242462 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:20:48.306641 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIMNXeB71cp8kD9iNMZEjGFvkim_GigaYVOAITalhQKlaGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. Oct 30 12:20:48.414541 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 30 12:20:48.486680 osdx ERROR[215097]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:20:48.487787 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:20:48.599415 osdx ca-certificates[215124]: Updating certificates in /etc/ssl/certs... Oct 30 12:20:49.098308 osdx ca-certificates[216127]: 1 added, 0 removed; done. Oct 30 12:20:49.101079 osdx ca-certificates[216134]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:20:49.103924 osdx ca-certificates[216136]: done. Oct 30 12:20:49.207359 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:20:49.208423 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:20:49.213365 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:20:49.230867 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:20:49.232696 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] dnscrypt-proxy 2.0.45 Oct 30 12:20:49.232827 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Network connectivity detected Oct 30 12:20:49.232926 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Dropping privileges Oct 30 12:20:49.235034 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Network connectivity detected Oct 30 12:20:49.235062 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 30 12:20:49.235062 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 30 12:20:49.235094 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Firefox workaround initialized Oct 30 12:20:49.235094 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpa6lb_ndm] Oct 30 12:20:49.235565 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 30 12:20:49.235589 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 30 12:20:49.235589 osdx dnscrypt-proxy[216193]: [2024-10-30 12:20:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16