Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:08.342653 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free. Dec 03 13:22:08.343342 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:22:08.343380 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:22:08.355207 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:08.746608 osdx osdx-coredump[165531]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:08.756487 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:09.404193 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:09.522135 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:22:09.586570 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:09.716740 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:09.835359 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:09.969500 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:10.010173 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:10.034908 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:10.207560 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:22:11.526545 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:11.629691 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:22:11.773143 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:22:11.930767 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 03 13:22:12.035508 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 03 13:22:12.136651 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 03 13:22:12.199751 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 03 13:22:12.353472 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 03 13:22:12.478687 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:22:12.597472 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 03 13:22:12.754357 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:12.869015 osdx ca-certificates[165678]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:13.569026 osdx ca-certificates[166683]: 1 added, 0 removed; done. Dec 03 13:22:13.572892 osdx ca-certificates[166689]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:13.577471 osdx ca-certificates[166691]: done. Dec 03 13:22:13.743876 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:13.747988 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:13.752291 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:13.774660 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:13.774915 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Network connectivity detected Dec 03 13:22:13.775063 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Dropping privileges Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Network connectivity detected Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Firefox workaround initialized Dec 03 13:22:13.780454 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptakv5myg] Dec 03 13:22:13.795023 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:13.947231 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:13.997833 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] [RD] OK (DoH) - rtt: 160ms Dec 03 13:22:13.997833 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 160ms) Dec 03 13:22:13.997833 osdx dnscrypt-proxy[166751]: [2024-12-03 13:22:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:08.307592 osdx systemd-journald[1705]: Runtime Journal (/run/log/journal/7b9b4b4f707a49f795f87bcc6955a259) is 1.2M, max 9.7M, 8.4M free. Dec 03 13:22:08.311048 osdx systemd-journald[1705]: Received client request to rotate journal, rotating. Dec 03 13:22:08.311122 osdx systemd-journald[1705]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7b9b4b4f707a49f795f87bcc6955a259. Dec 03 13:22:08.320159 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:08.872548 osdx osdx-coredump[47617]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:08.883121 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:10.286530 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:10.425167 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 03 13:22:10.524139 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:10.588223 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service ssh'. Dec 03 13:22:10.730186 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:10.831060 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:11.047476 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 03 13:22:11.067541 osdx sshd[47710]: Server listening on 0.0.0.0 port 22. Dec 03 13:22:11.067792 osdx sshd[47710]: Server listening on :: port 22. Dec 03 13:22:11.067950 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 03 13:22:11.095629 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:11.127310 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:11.143233 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:11.294179 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 03 13:22:14.268013 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:14.348287 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 03 13:22:14.443870 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 03 13:22:14.506916 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 03 13:22:14.611523 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 03 13:22:14.684663 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 03 13:22:14.788299 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 03 13:22:14.866097 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135'. Dec 03 13:22:14.966747 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:15.088399 osdx ca-certificates[47786]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:15.688881 osdx ca-certificates[48789]: 1 added, 0 removed; done. Dec 03 13:22:15.691865 osdx ca-certificates[48796]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:15.694786 osdx ca-certificates[48798]: done. Dec 03 13:22:15.783472 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:15.786404 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:15.789554 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:15.808154 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:15.808154 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Network connectivity detected Dec 03 13:22:15.808154 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Dropping privileges Dec 03 13:22:15.810498 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Network connectivity detected Dec 03 13:22:15.810557 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:15.810557 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:15.810557 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Firefox workaround initialized Dec 03 13:22:15.810557 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk5x_4f2c] Dec 03 13:22:15.820358 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:16.022401 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:16.227147 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:16] [NOTICE] [DUT0] OK (DoH) - rtt: 202ms Dec 03 13:22:16.227147 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 202ms) Dec 03 13:22:16.227147 osdx dnscrypt-proxy[48805]: [2024-12-03 13:22:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:23.325162 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 13:22:23.326202 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:22:23.326276 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:22:23.338668 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:23.733984 osdx osdx-coredump[168397]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:23.743421 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:24.257850 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:24.337601 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:22:24.464993 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:24.562321 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:24.730338 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:24.857625 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:24.891921 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:24.920159 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:25.059642 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:22:26.320332 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Dec 03 13:22:26.506464 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:26.595244 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:22:26.758049 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:22:26.892283 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Dec 03 13:22:26.988080 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 03 13:22:27.115164 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 03 13:22:27.215067 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 03 13:22:27.329598 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:22:27.410253 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 03 13:22:27.538888 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:27.634202 osdx ca-certificates[168547]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:28.234316 osdx ca-certificates[169551]: 1 added, 0 removed; done. Dec 03 13:22:28.237617 osdx ca-certificates[169557]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:28.240879 osdx ca-certificates[169559]: done. Dec 03 13:22:28.362703 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:28.365451 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:28.368752 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:28.395729 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:28.396144 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:28.396144 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Network connectivity detected Dec 03 13:22:28.396346 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Dropping privileges Dec 03 13:22:28.399081 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Network connectivity detected Dec 03 13:22:28.399151 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:28.399151 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:28.399151 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 03 13:22:28.399151 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Firefox workaround initialized Dec 03 13:22:28.399151 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpuav4prk6] Dec 03 13:22:28.604488 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:28.630377 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] [RD] OK (DoH) - rtt: 196ms Dec 03 13:22:28.630377 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 196ms) Dec 03 13:22:28.630377 osdx dnscrypt-proxy[169619]: [2024-12-03 13:22:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:23.297409 osdx systemd-journald[1705]: Runtime Journal (/run/log/journal/7b9b4b4f707a49f795f87bcc6955a259) is 1.3M, max 9.7M, 8.4M free. Dec 03 13:22:23.299824 osdx systemd-journald[1705]: Received client request to rotate journal, rotating. Dec 03 13:22:23.299898 osdx systemd-journald[1705]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7b9b4b4f707a49f795f87bcc6955a259. Dec 03 13:22:23.310723 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:23.840388 osdx osdx-coredump[50424]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:23.848981 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:25.097135 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:25.249480 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 03 13:22:25.323477 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:25.411666 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service ssh'. Dec 03 13:22:25.501221 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:25.615792 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:25.800303 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 03 13:22:25.812587 osdx sshd[50517]: Server listening on 0.0.0.0 port 22. Dec 03 13:22:25.812826 osdx sshd[50517]: Server listening on :: port 22. Dec 03 13:22:25.812955 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 03 13:22:25.839802 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:25.872362 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:25.891978 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:26.053832 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 03 13:22:28.902391 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135'. Dec 03 13:22:29.070625 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:29.205032 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 03 13:22:29.321827 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 03 13:22:29.421643 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 03 13:22:29.499501 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Dec 03 13:22:29.610708 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:29.696608 osdx ca-certificates[50594]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:30.314663 osdx ca-certificates[51597]: 1 added, 0 removed; done. Dec 03 13:22:30.317796 osdx ca-certificates[51604]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:30.320950 osdx ca-certificates[51606]: done. Dec 03 13:22:30.420443 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:30.422934 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:30.426866 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:30.453187 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:30.454690 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:30.454863 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Network connectivity detected Dec 03 13:22:30.455003 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Dropping privileges Dec 03 13:22:30.457786 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Network connectivity detected Dec 03 13:22:30.457857 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:30.457857 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:30.457857 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Firefox workaround initialized Dec 03 13:22:30.457857 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxhuj3l84] Dec 03 13:22:30.631703 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:30.839927 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:30.914709 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] [DUT0] OK (DoH) - rtt: 199ms Dec 03 13:22:30.914709 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 199ms) Dec 03 13:22:30.914709 osdx dnscrypt-proxy[51613]: [2024-12-03 13:22:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 03 13:22:38.315019 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 13:22:38.316326 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:22:38.316387 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:22:38.327399 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:38.702527 osdx osdx-coredump[171265]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:38.713370 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:39.239113 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:39.399224 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:22:39.501675 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:39.589080 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:39.780327 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:39.905010 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:39.938702 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:39.965061 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:40.145472 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:22:41.514323 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 03 13:22:41.662197 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:41.738530 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:22:41.851714 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:22:41.938631 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 03 13:22:42.066451 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 03 13:22:42.147786 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 03 13:22:42.267063 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Dec 03 13:22:42.340410 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:22:42.439949 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 03 13:22:42.510969 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 03 13:22:42.599494 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 03 13:22:42.718043 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:42.826005 osdx ca-certificates[171416]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:43.344881 osdx ca-certificates[172419]: 1 added, 0 removed; done. Dec 03 13:22:43.347855 osdx ca-certificates[172426]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:43.350913 osdx ca-certificates[172428]: done. Dec 03 13:22:43.488628 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:43.489904 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:43.492557 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:43.514611 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:43.520056 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:43.520233 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Network connectivity detected Dec 03 13:22:43.520373 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Dropping privileges Dec 03 13:22:43.522753 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Network connectivity detected Dec 03 13:22:43.522804 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:43.522804 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:43.522804 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 03 13:22:43.522848 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Firefox workaround initialized Dec 03 13:22:43.522848 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf5pi9jmw] Dec 03 13:22:43.523552 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 03 13:22:43.523584 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 03 13:22:43.523584 osdx dnscrypt-proxy[172488]: [2024-12-03 13:22:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:38.294558 osdx systemd-journald[1705]: Runtime Journal (/run/log/journal/7b9b4b4f707a49f795f87bcc6955a259) is 1.3M, max 9.7M, 8.4M free. Dec 03 13:22:38.298489 osdx systemd-journald[1705]: Received client request to rotate journal, rotating. Dec 03 13:22:38.298554 osdx systemd-journald[1705]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7b9b4b4f707a49f795f87bcc6955a259. Dec 03 13:22:38.305601 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:38.795866 osdx osdx-coredump[53237]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:38.804958 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:40.230964 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:40.349417 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 03 13:22:40.466965 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:40.529701 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service ssh'. Dec 03 13:22:40.683148 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:40.794488 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:41.010934 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 03 13:22:41.026621 osdx sshd[53330]: Server listening on 0.0.0.0 port 22. Dec 03 13:22:41.026917 osdx sshd[53330]: Server listening on :: port 22. Dec 03 13:22:41.027077 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 03 13:22:41.055033 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:41.095044 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:41.131589 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:41.305209 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 03 13:22:43.703167 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:43.767231 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 03 13:22:43.866791 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 03 13:22:43.925458 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 03 13:22:44.038612 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 03 13:22:44.098456 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 03 13:22:44.206285 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 03 13:22:44.280590 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135'. Dec 03 13:22:44.419192 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:44.541639 osdx ca-certificates[53406]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:45.084541 osdx ca-certificates[54411]: 1 added, 0 removed; done. Dec 03 13:22:45.088507 osdx ca-certificates[54416]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:45.092280 osdx ca-certificates[54418]: done. Dec 03 13:22:45.210888 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:45.212515 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:45.215252 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:45.238925 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:45.239244 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Network connectivity detected Dec 03 13:22:45.239491 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Dropping privileges Dec 03 13:22:45.241448 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Network connectivity detected Dec 03 13:22:45.241538 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:45.241570 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:45.241612 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Firefox workaround initialized Dec 03 13:22:45.241644 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphhc8bdu0] Dec 03 13:22:45.252849 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:45.424468 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:45.653826 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:22:45.858184 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] [DUT0] OK (DoH) - rtt: 152ms Dec 03 13:22:45.858184 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 152ms) Dec 03 13:22:45.858184 osdx dnscrypt-proxy[54425]: [2024-12-03 13:22:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 03 13:22:53.358426 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 13:22:53.360376 osdx systemd-journald[1835]: Received client request to rotate journal, rotating. Dec 03 13:22:53.360446 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 13:22:53.371480 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:53.761379 osdx osdx-coredump[174130]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:53.771124 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:54.292530 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:54.368708 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 03 13:22:54.463096 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:54.538094 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:54.672383 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:54.812189 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:54.844491 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:54.865070 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:55.047073 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 13:22:56.243223 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 03 13:22:56.363300 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Dec 03 13:22:56.548211 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu. Dec 03 13:22:56.619404 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 03 13:22:56.732916 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 03 13:22:56.806802 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Dec 03 13:22:56.956757 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 03 13:22:57.035500 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 03 13:22:57.129921 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 03 13:22:57.243839 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 03 13:22:57.354724 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:57.509483 osdx ca-certificates[174283]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:58.074853 osdx ca-certificates[175286]: 1 added, 0 removed; done. Dec 03 13:22:58.078097 osdx ca-certificates[175293]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:58.080998 osdx ca-certificates[175295]: done. Dec 03 13:22:58.196710 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:58.198039 osdx cfgd[1634]: [9822]Completed change to active configuration Dec 03 13:22:58.201005 osdx OSDxCLI[9822]: User 'admin' committed the configuration. Dec 03 13:22:58.229805 osdx OSDxCLI[9822]: User 'admin' left the configuration menu. Dec 03 13:22:58.230015 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:58.230149 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Network connectivity detected Dec 03 13:22:58.230291 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Dropping privileges Dec 03 13:22:58.232803 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Network connectivity detected Dec 03 13:22:58.232861 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:58.232861 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:58.232861 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 03 13:22:58.232861 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Firefox workaround initialized Dec 03 13:22:58.232861 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkne2td6h] Dec 03 13:22:58.233739 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 03 13:22:58.233739 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 03 13:22:58.233739 osdx dnscrypt-proxy[175355]: [2024-12-03 13:22:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 03 13:22:53.368455 osdx systemd-journald[1705]: Runtime Journal (/run/log/journal/7b9b4b4f707a49f795f87bcc6955a259) is 1.3M, max 9.7M, 8.4M free. Dec 03 13:22:53.371619 osdx systemd-journald[1705]: Received client request to rotate journal, rotating. Dec 03 13:22:53.371687 osdx systemd-journald[1705]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7b9b4b4f707a49f795f87bcc6955a259. Dec 03 13:22:53.380356 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal clear'. Dec 03 13:22:53.869485 osdx osdx-coredump[56049]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 13:22:53.877993 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 13:22:55.115916 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:55.200743 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 03 13:22:55.296117 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 03 13:22:55.351659 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service ssh'. Dec 03 13:22:55.484908 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:55.579616 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 13:22:55.771968 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 03 13:22:55.786464 osdx sshd[56142]: Server listening on 0.0.0.0 port 22. Dec 03 13:22:55.786723 osdx sshd[56142]: Server listening on :: port 22. Dec 03 13:22:55.786859 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 03 13:22:55.815919 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:55.856261 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:55.882612 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:56.032090 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 03 13:22:58.474613 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 54538f4160821540dff7d302a9a1f45516e13f9c4d2cef598fb09d40c46bb135'. Dec 03 13:22:58.642595 osdx OSDxCLI[1924]: User 'admin' entered the configuration menu. Dec 03 13:22:58.735048 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 03 13:22:58.794832 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 03 13:22:58.925344 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 03 13:22:59.013846 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVFOPQWCCFUDf99MCqaH0VRbhP5xNLO9Zj7CdQMRrsTUNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Dec 03 13:22:59.141754 osdx OSDxCLI[1924]: User 'admin' added a new cfg line: 'show working'. Dec 03 13:22:59.247241 osdx ca-certificates[56218]: Updating certificates in /etc/ssl/certs... Dec 03 13:22:59.811721 osdx ca-certificates[57222]: 1 added, 0 removed; done. Dec 03 13:22:59.815808 osdx ca-certificates[57228]: Running hooks in /etc/ca-certificates/update.d... Dec 03 13:22:59.819829 osdx ca-certificates[57230]: done. Dec 03 13:22:59.908234 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 03 13:22:59.911073 osdx cfgd[1418]: [1924]Completed change to active configuration Dec 03 13:22:59.915063 osdx OSDxCLI[1924]: User 'admin' committed the configuration. Dec 03 13:22:59.935563 osdx OSDxCLI[1924]: User 'admin' left the configuration menu. Dec 03 13:22:59.935893 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] dnscrypt-proxy 2.0.45 Dec 03 13:22:59.936021 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Network connectivity detected Dec 03 13:22:59.936174 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Dropping privileges Dec 03 13:22:59.938415 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Network connectivity detected Dec 03 13:22:59.938473 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 03 13:22:59.938473 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 03 13:22:59.938473 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Firefox workaround initialized Dec 03 13:22:59.938473 osdx dnscrypt-proxy[57237]: [2024-12-03 13:22:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptawa1d3a] Dec 03 13:23:00.086712 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:23:00.299024 osdx OSDxCLI[1924]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 13:23:00.485438 osdx dnscrypt-proxy[57237]: [2024-12-03 13:23:00] [NOTICE] [DUT0] OK (DoH) - rtt: 158ms Dec 03 13:23:00.485438 osdx dnscrypt-proxy[57237]: [2024-12-03 13:23:00] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 158ms) Dec 03 13:23:00.485438 osdx dnscrypt-proxy[57237]: [2024-12-03 13:23:00] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13