Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:21:19.434956 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.2M, max 15.3M, 13.0M free. Dec 03 13:21:19.437649 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:21:19.437730 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:21:19.448534 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:21:19.876405 osdx osdx-coredump[153792]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:21:19.884681 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:21:20.434276 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:20.505944 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:21:20.595750 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:21:20.674182 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:20.821645 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:21:20.922176 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:20.947783 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:20.966005 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:21.122507 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:21:21.260655 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:21.334074 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:21:21.473512 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:21:21.542604 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 03 13:21:21.660184 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 03 13:21:21.725549 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 03 13:21:21.883830 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:21:22.016398 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:22.125028 osdx ca-certificates[153937]: Updating certificates in /etc/ssl/certs... Dec 03 13:21:22.693798 osdx ca-certificates[154941]: 1 added, 0 removed; done. Dec 03 13:21:22.697017 osdx ca-certificates[154947]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:21:22.699976 osdx ca-certificates[154949]: done. Dec 03 13:21:22.830170 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:21:22.831712 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:22.835356 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:22.857399 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:21:22.857399 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Network connectivity detected Dec 03 13:21:22.857399 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Dropping privileges Dec 03 13:21:22.859994 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:22.860176 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Network connectivity detected Dec 03 13:21:22.860176 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:21:22.860176 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:21:22.860243 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Firefox workaround initialized Dec 03 13:21:22.860243 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpn924b__n] Dec 03 13:21:23.031976 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:21:23.124648 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:23] [NOTICE] [RD] OK (DoH) - rtt: 127ms Dec 03 13:21:23.124648 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:23] [NOTICE] Server with the lowest initial latency: RD (rtt: 127ms) Dec 03 13:21:23.124648 osdx dnscrypt-proxy[155006]: [2024-12-03 13:21:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:21:29.363592 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free. Dec 03 13:21:29.367468 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:21:29.367558 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:21:29.376232 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:21:29.781477 osdx osdx-coredump[156655]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:21:29.790005 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:21:30.337629 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:30.460806 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:21:30.584247 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:21:30.710454 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:30.843472 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:21:30.981659 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:31.016454 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:31.037481 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:31.244301 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:21:31.410124 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 03 13:21:31.573117 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:31.633925 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:21:31.750372 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:21:31.833039 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Dec 03 13:21:31.896147 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:21:32.046853 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:32.168861 osdx ca-certificates[156802]: Updating certificates in /etc/ssl/certs... Dec 03 13:21:32.894279 osdx ca-certificates[157806]: 1 added, 0 removed; done. Dec 03 13:21:32.897705 osdx ca-certificates[157813]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:21:32.901787 osdx ca-certificates[157815]: done. Dec 03 13:21:33.019922 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:21:33.021580 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:33.024733 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:33.048557 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:21:33.048856 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Network connectivity detected Dec 03 13:21:33.048963 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Dropping privileges Dec 03 13:21:33.052318 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Network connectivity detected Dec 03 13:21:33.052447 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:21:33.052481 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:21:33.052538 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Firefox workaround initialized Dec 03 13:21:33.052579 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpttm8ky6y] Dec 03 13:21:33.057265 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:33.209337 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] [RD] OK (DoH) - rtt: 121ms Dec 03 13:21:33.209337 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 121ms) Dec 03 13:21:33.209337 osdx dnscrypt-proxy[157872]: [2024-12-03 13:21:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 03 13:21:33.229227 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 03 13:21:39.411637 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 13:21:39.412993 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:21:39.413053 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:21:39.423845 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:21:39.869847 osdx osdx-coredump[159519]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:21:39.877510 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:21:40.422433 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:40.542697 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:21:40.605612 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:21:40.712829 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:40.809004 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:21:40.940616 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:40.977339 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:41.009739 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:41.188610 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:21:41.345667 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 03 13:21:41.499143 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:41.569903 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:21:41.695356 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:21:41.823157 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 03 13:21:41.929392 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 03 13:21:42.027713 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 03 13:21:42.201879 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Dec 03 13:21:42.303694 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:21:42.447518 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:42.572933 osdx ca-certificates[159665]: Updating certificates in /etc/ssl/certs... Dec 03 13:21:43.288574 osdx ca-certificates[160670]: 1 added, 0 removed; done. Dec 03 13:21:43.291978 osdx ca-certificates[160677]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:21:43.295054 osdx ca-certificates[160679]: done. Dec 03 13:21:43.409332 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:21:43.410738 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:43.413583 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:43.440931 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:43.442235 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:21:43.442414 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Network connectivity detected Dec 03 13:21:43.442548 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Dropping privileges Dec 03 13:21:43.445416 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Network connectivity detected Dec 03 13:21:43.445459 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:21:43.445459 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:21:43.445507 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Firefox workaround initialized Dec 03 13:21:43.445507 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6ozg13w3] Dec 03 13:21:43.509384 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] [RD] OK (DNSCrypt) - rtt: 63ms Dec 03 13:21:43.509384 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] Server with the lowest initial latency: RD (rtt: 63ms) Dec 03 13:21:43.509384 osdx dnscrypt-proxy[160736]: [2024-12-03 13:21:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 03 13:21:49.370934 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 13:21:49.371460 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:21:49.371492 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:21:49.381977 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:21:49.813496 osdx osdx-coredump[162380]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:21:49.822303 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:21:50.362516 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:50.458865 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:21:50.539622 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:21:50.645565 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:50.783133 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:21:50.902666 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:50.937889 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:50.961660 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:21:51.098087 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:21:51.208468 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 03 13:21:51.339032 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Dec 03 13:21:51.482884 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:21:51.559133 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:21:51.672233 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:21:51.752861 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Dec 03 13:21:51.866065 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:21:51.959298 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:21:52.104367 osdx ca-certificates[162528]: Updating certificates in /etc/ssl/certs... Dec 03 13:21:52.743992 osdx ca-certificates[163531]: 1 added, 0 removed; done. Dec 03 13:21:52.747961 osdx ca-certificates[163538]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:21:52.752344 osdx ca-certificates[163540]: done. Dec 03 13:21:52.883636 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:21:52.885743 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:21:52.888795 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:21:52.917701 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:21:52.917984 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Network connectivity detected Dec 03 13:21:52.918071 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Dropping privileges Dec 03 13:21:52.921301 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Network connectivity detected Dec 03 13:21:52.921401 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:21:52.921401 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:21:52.921401 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Firefox workaround initialized Dec 03 13:21:52.921401 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7en3mflf] Dec 03 13:21:52.922442 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 03 13:21:52.922442 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 03 13:21:52.922442 osdx dnscrypt-proxy[163597]: [2024-12-03 13:21:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Dec 03 13:21:52.928107 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16