Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:56:20.420083 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.2M free. Feb 03 11:56:20.423588 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:56:20.423695 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:56:20.434864 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:56:21.031045 osdx osdx-coredump[113206]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:56:21.048014 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:56:21.943252 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:22.093545 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:56:22.262505 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:56:22.399990 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:22.562657 osdx INFO[113227]: FRR daemons did not change Feb 03 11:56:22.591644 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:56:22.787387 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:22.841504 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:22.870372 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:56:23.111833 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:56:23.349990 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:23.495254 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:56:23.635411 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:56:23.775062 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 03 11:56:23.916119 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 03 11:56:24.073822 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 03 11:56:24.185227 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:56:24.319991 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:24.486455 osdx INFO[113338]: FRR daemons did not change Feb 03 11:56:24.512519 osdx ca-certificates[113354]: Updating certificates in /etc/ssl/certs... Feb 03 11:56:25.534543 osdx ca-certificates[114357]: 1 added, 0 removed; done. Feb 03 11:56:25.540493 osdx ca-certificates[114364]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:56:25.546522 osdx ca-certificates[114366]: done. Feb 03 11:56:25.708139 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:56:25.710331 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:25.732777 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:25.750814 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:56:25.751160 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Network connectivity detected Feb 03 11:56:25.751353 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Dropping privileges Feb 03 11:56:25.754773 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Network connectivity detected Feb 03 11:56:25.754855 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:56:25.754855 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:56:25.754855 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Firefox workaround initialized Feb 03 11:56:25.754855 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9kqigvs7] Feb 03 11:56:25.778467 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:56:25.962407 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] [RD] OK (DoH) - rtt: 167ms Feb 03 11:56:25.962407 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] Server with the lowest initial latency: RD (rtt: 167ms) Feb 03 11:56:25.962547 osdx dnscrypt-proxy[114423]: [2025-02-03 11:56:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:56:34.445286 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.3M free. Feb 03 11:56:34.446050 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:56:34.446106 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:56:34.465321 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:56:35.019672 osdx osdx-coredump[116068]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:56:35.034606 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:56:35.892978 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:36.046959 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:56:36.156210 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:56:36.282789 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:36.401268 osdx INFO[116089]: FRR daemons did not change Feb 03 11:56:36.425780 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:56:36.578117 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:36.617451 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:36.652307 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:56:36.876382 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:56:37.141297 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 03 11:56:37.387201 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:37.505816 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:56:37.650828 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:56:37.772868 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 03 11:56:37.897486 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:56:38.054300 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:38.171527 osdx INFO[116201]: FRR daemons did not change Feb 03 11:56:38.190349 osdx ca-certificates[116216]: Updating certificates in /etc/ssl/certs... Feb 03 11:56:39.079897 osdx ca-certificates[117220]: 1 added, 0 removed; done. Feb 03 11:56:39.084314 osdx ca-certificates[117227]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:56:39.089037 osdx ca-certificates[117229]: done. Feb 03 11:56:39.234774 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:56:39.239283 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:39.244392 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:39.269781 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:56:39.270090 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Network connectivity detected Feb 03 11:56:39.270214 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Dropping privileges Feb 03 11:56:39.272660 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:56:39.276351 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Network connectivity detected Feb 03 11:56:39.276522 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:56:39.276630 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:56:39.276720 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Firefox workaround initialized Feb 03 11:56:39.276800 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnjab6www] Feb 03 11:56:39.431738 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] [RD] OK (DoH) - rtt: 110ms Feb 03 11:56:39.431738 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] Server with the lowest initial latency: RD (rtt: 110ms) Feb 03 11:56:39.431738 osdx dnscrypt-proxy[117286]: [2025-02-03 11:56:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 03 11:56:48.519113 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.2M, max 15.3M, 13.1M free. Feb 03 11:56:48.527588 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:56:48.527685 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:56:48.542764 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:56:49.261465 osdx osdx-coredump[118933]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:56:49.276269 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:56:50.241422 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:50.408169 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:56:50.556788 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:56:50.738434 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:50.888779 osdx INFO[118954]: FRR daemons did not change Feb 03 11:56:50.913835 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:56:51.132402 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:51.195546 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:51.226481 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:56:51.471121 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:56:51.705732 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 03 11:56:51.965051 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:56:52.130694 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:56:52.234486 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:56:52.373022 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 03 11:56:52.500386 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 03 11:56:52.621231 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 03 11:56:52.740660 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 03 11:56:52.844896 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:56:53.046006 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:56:53.190540 osdx INFO[119068]: FRR daemons did not change Feb 03 11:56:53.216726 osdx ca-certificates[119083]: Updating certificates in /etc/ssl/certs... Feb 03 11:56:54.017334 osdx ca-certificates[120087]: 1 added, 0 removed; done. Feb 03 11:56:54.021732 osdx ca-certificates[120094]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:56:54.026373 osdx ca-certificates[120096]: done. Feb 03 11:56:54.214382 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:56:54.218390 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:56:54.224557 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:56:54.261663 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:56:54.262007 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Network connectivity detected Feb 03 11:56:54.262053 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Dropping privileges Feb 03 11:56:54.265205 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Network connectivity detected Feb 03 11:56:54.265316 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:56:54.265316 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:56:54.265316 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Firefox workaround initialized Feb 03 11:56:54.265316 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjnd2yzad] Feb 03 11:56:54.266187 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 03 11:56:54.266187 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 03 11:56:54.266284 osdx dnscrypt-proxy[120153]: [2025-02-03 11:56:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 03 11:56:54.268495 osdx OSDxCLI[64814]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 03 11:57:02.434603 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.3M free. Feb 03 11:57:02.435489 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:57:02.435555 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:57:02.452596 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:57:03.060423 osdx osdx-coredump[121803]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:57:03.071987 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:57:03.908643 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:04.050708 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:57:04.174606 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:57:04.314568 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:04.440605 osdx INFO[121824]: FRR daemons did not change Feb 03 11:57:04.462886 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:57:04.671494 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:04.725245 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:04.753508 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:57:04.980852 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:57:05.312892 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 03 11:57:05.527116 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 03 11:57:05.783433 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:05.969837 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:57:06.120138 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:57:06.252122 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 03 11:57:06.341675 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:57:06.532023 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:06.645325 osdx INFO[121938]: FRR daemons did not change Feb 03 11:57:06.669718 osdx ca-certificates[121953]: Updating certificates in /etc/ssl/certs... Feb 03 11:57:07.650452 osdx ca-certificates[122959]: 1 added, 0 removed; done. Feb 03 11:57:07.655305 osdx ca-certificates[122964]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:57:07.661264 osdx ca-certificates[122966]: done. Feb 03 11:57:07.847430 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:57:07.849526 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:07.855568 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:07.892558 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:57:07.892858 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Network connectivity detected Feb 03 11:57:07.892968 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Dropping privileges Feb 03 11:57:07.896788 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Network connectivity detected Feb 03 11:57:07.897006 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:57:07.897006 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:57:07.897094 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Firefox workaround initialized Feb 03 11:57:07.897094 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpr24artc9] Feb 03 11:57:07.898534 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 03 11:57:07.898534 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 03 11:57:07.898724 osdx dnscrypt-proxy[123023]: [2025-02-03 11:57:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 03 11:57:07.916604 osdx OSDxCLI[64814]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16