Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:57:29.449250 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.2M free. Feb 03 11:57:29.453659 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:57:29.453749 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:57:29.477284 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:57:30.119682 osdx osdx-coredump[124962]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:57:30.136708 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:57:31.009402 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:31.176792 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:57:31.350673 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:57:31.509202 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:31.649547 osdx INFO[124983]: FRR daemons did not change Feb 03 11:57:31.673266 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:57:31.864203 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:31.914327 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:31.947911 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:57:32.147963 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:57:34.105246 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:34.252975 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:57:34.391841 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:57:34.534067 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 03 11:57:34.644951 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 03 11:57:34.778732 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 03 11:57:34.886694 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 03 11:57:35.010314 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 03 11:57:35.162957 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:57:35.305291 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 03 11:57:35.467648 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:35.613523 osdx INFO[125097]: FRR daemons did not change Feb 03 11:57:35.636979 osdx ca-certificates[125112]: Updating certificates in /etc/ssl/certs... Feb 03 11:57:36.558311 osdx ca-certificates[126116]: 1 added, 0 removed; done. Feb 03 11:57:36.563638 osdx ca-certificates[126123]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:57:36.569672 osdx ca-certificates[126125]: done. Feb 03 11:57:36.761826 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:57:36.770290 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:36.774464 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:36.806788 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:57:36.807226 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Network connectivity detected Feb 03 11:57:36.807721 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Dropping privileges Feb 03 11:57:36.810848 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Network connectivity detected Feb 03 11:57:36.810931 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:57:36.810931 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:57:36.810931 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 03 11:57:36.810931 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Firefox workaround initialized Feb 03 11:57:36.810931 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpn11g6gsa] Feb 03 11:57:36.824259 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:57:37.041995 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:57:37.120779 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:37] [NOTICE] [RD] OK (DoH) - rtt: 151ms Feb 03 11:57:37.120779 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:37] [NOTICE] Server with the lowest initial latency: RD (rtt: 151ms) Feb 03 11:57:37.120779 osdx dnscrypt-proxy[126185]: [2025-02-03 11:57:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:57:29.469141 osdx systemd-journald[1718]: Runtime Journal (/run/log/journal/c2388425c8a74bb4bfb70a762bcfe315) is 1.2M, max 9.7M, 8.4M free. Feb 03 11:57:29.469851 osdx systemd-journald[1718]: Received client request to rotate journal, rotating. Feb 03 11:57:29.470625 osdx systemd-journald[1718]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c2388425c8a74bb4bfb70a762bcfe315. Feb 03 11:57:29.487398 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:57:30.354448 osdx osdx-coredump[53759]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:57:30.370135 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:57:32.307772 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:57:32.449431 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 03 11:57:32.569039 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:57:32.673475 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service ssh'. Feb 03 11:57:32.816365 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:32.962446 osdx INFO[53787]: FRR daemons did not change Feb 03 11:57:32.989703 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:57:33.282174 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 03 11:57:33.305343 osdx sshd[53854]: Server listening on 0.0.0.0 port 22. Feb 03 11:57:33.305776 osdx sshd[53854]: Server listening on :: port 22. Feb 03 11:57:33.306004 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 03 11:57:33.361824 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:57:33.416540 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:57:33.466750 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:57:33.712000 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 03 11:57:37.538342 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:57:37.666462 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 03 11:57:37.811238 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 03 11:57:37.955740 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 03 11:57:38.155892 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 03 11:57:38.309176 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 03 11:57:38.475373 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 03 11:57:38.633713 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b'. Feb 03 11:57:38.805150 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:38.973960 osdx INFO[53915]: FRR daemons did not change Feb 03 11:57:39.000794 osdx ca-certificates[53930]: Updating certificates in /etc/ssl/certs... Feb 03 11:57:39.906909 osdx ca-certificates[54934]: 1 added, 0 removed; done. Feb 03 11:57:39.913628 osdx ca-certificates[54941]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:57:39.920383 osdx ca-certificates[54943]: done. Feb 03 11:57:40.058688 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:57:40.062870 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:57:40.068356 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:57:40.106972 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:57:40.107273 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Network connectivity detected Feb 03 11:57:40.107433 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Dropping privileges Feb 03 11:57:40.111204 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Network connectivity detected Feb 03 11:57:40.111429 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:57:40.111538 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:57:40.111669 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Firefox workaround initialized Feb 03 11:57:40.111775 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2jeu6cfo] Feb 03 11:57:40.118093 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:57:40.303305 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:57:40.652538 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:57:40.658881 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] [DUT0] OK (DoH) - rtt: 180ms Feb 03 11:57:40.658881 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 180ms) Feb 03 11:57:40.658881 osdx dnscrypt-proxy[54950]: [2025-02-03 11:57:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:57:50.583921 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.3M free. Feb 03 11:57:50.588818 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:57:50.588941 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:57:50.605602 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:57:51.215543 osdx osdx-coredump[127835]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:57:51.228828 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:57:52.062849 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:52.217324 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:57:52.327642 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:57:52.467170 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:52.593530 osdx INFO[127856]: FRR daemons did not change Feb 03 11:57:52.618609 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:57:52.784714 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:52.837032 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:52.868722 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:57:53.062472 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:57:54.892786 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 03 11:57:55.124848 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:57:55.272589 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:57:55.407150 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:57:55.529836 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 03 11:57:55.664216 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 03 11:57:55.816119 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 03 11:57:55.958984 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 03 11:57:56.104957 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:57:56.237323 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 03 11:57:56.447673 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:56.590115 osdx INFO[127972]: FRR daemons did not change Feb 03 11:57:56.622053 osdx ca-certificates[127988]: Updating certificates in /etc/ssl/certs... Feb 03 11:57:57.615353 osdx ca-certificates[128991]: 1 added, 0 removed; done. Feb 03 11:57:57.622390 osdx ca-certificates[128998]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:57:57.628896 osdx ca-certificates[129000]: done. Feb 03 11:57:57.852095 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:57:57.855807 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:57:57.867963 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:57:57.902788 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:57:57.903149 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Network connectivity detected Feb 03 11:57:57.905909 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Dropping privileges Feb 03 11:57:57.909469 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Network connectivity detected Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Firefox workaround initialized Feb 03 11:57:57.913315 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpl1dqyhpd] Feb 03 11:57:58.101259 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:58] [NOTICE] [RD] OK (DoH) - rtt: 148ms Feb 03 11:57:58.101259 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:58] [NOTICE] Server with the lowest initial latency: RD (rtt: 148ms) Feb 03 11:57:58.101259 osdx dnscrypt-proxy[129060]: [2025-02-03 11:57:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:57:51.503798 osdx systemd-journald[1718]: Runtime Journal (/run/log/journal/c2388425c8a74bb4bfb70a762bcfe315) is 1.3M, max 9.7M, 8.4M free. Feb 03 11:57:51.506751 osdx systemd-journald[1718]: Received client request to rotate journal, rotating. Feb 03 11:57:51.506859 osdx systemd-journald[1718]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c2388425c8a74bb4bfb70a762bcfe315. Feb 03 11:57:51.519810 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:57:52.277022 osdx osdx-coredump[56578]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:57:52.287819 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:57:54.207857 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:57:54.336271 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 03 11:57:54.486092 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:57:54.615796 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service ssh'. Feb 03 11:57:54.747688 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:57:54.888490 osdx INFO[56606]: FRR daemons did not change Feb 03 11:57:54.910737 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:57:55.175232 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 03 11:57:55.196175 osdx sshd[56673]: Server listening on 0.0.0.0 port 22. Feb 03 11:57:55.196459 osdx sshd[56673]: Server listening on :: port 22. Feb 03 11:57:55.196651 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 03 11:57:55.232493 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:57:55.270668 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:57:55.299320 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:57:55.487698 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 03 11:57:59.245293 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b'. Feb 03 11:57:59.468367 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:57:59.592302 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 03 11:57:59.731486 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 03 11:57:59.906189 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 03 11:58:00.060444 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 03 11:58:00.216359 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:00.331166 osdx INFO[56736]: FRR daemons did not change Feb 03 11:58:00.349985 osdx ca-certificates[56752]: Updating certificates in /etc/ssl/certs... Feb 03 11:58:01.195799 osdx ca-certificates[57755]: 1 added, 0 removed; done. Feb 03 11:58:01.200972 osdx ca-certificates[57762]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:58:01.205818 osdx ca-certificates[57764]: done. Feb 03 11:58:01.319185 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:58:01.323118 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:58:01.327121 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:58:01.357626 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:58:01.359139 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:58:01.359401 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Network connectivity detected Feb 03 11:58:01.359592 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Dropping privileges Feb 03 11:58:01.363639 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Network connectivity detected Feb 03 11:58:01.363739 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:58:01.363739 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:58:01.363739 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Firefox workaround initialized Feb 03 11:58:01.363739 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpklw2uyj0] Feb 03 11:58:01.581024 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:01.971107 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:02.271197 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:02.666574 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:02.993030 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:03.278865 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:03.611115 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:03.915062 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:03] [NOTICE] [DUT0] OK (DoH) - rtt: 175ms Feb 03 11:58:03.915062 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:03] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 175ms) Feb 03 11:58:03.915062 osdx dnscrypt-proxy[57771]: [2025-02-03 11:58:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 03 11:58:13.444143 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.2M free. Feb 03 11:58:13.447856 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:58:13.447951 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:58:13.462859 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:58:14.128435 osdx osdx-coredump[130707]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:58:14.140373 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:58:14.929766 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:58:15.099008 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:58:15.195211 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:58:15.324937 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:15.432475 osdx INFO[130728]: FRR daemons did not change Feb 03 11:58:15.455857 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:58:15.635274 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:58:15.680879 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:58:15.708285 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:58:15.905653 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:58:17.976291 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 03 11:58:18.228002 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:58:18.393084 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:58:18.595923 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:58:18.788692 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 03 11:58:18.964365 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 03 11:58:19.128779 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 03 11:58:19.329801 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 03 11:58:19.489664 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:58:19.616314 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 03 11:58:19.759642 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 03 11:58:19.918681 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 03 11:58:20.077776 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:20.215051 osdx INFO[130845]: FRR daemons did not change Feb 03 11:58:20.251278 osdx ca-certificates[130861]: Updating certificates in /etc/ssl/certs... Feb 03 11:58:21.245879 osdx ca-certificates[131864]: 1 added, 0 removed; done. Feb 03 11:58:21.252399 osdx ca-certificates[131871]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:58:21.270676 osdx ca-certificates[131873]: done. Feb 03 11:58:21.564728 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:58:21.567504 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:58:21.583042 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:58:21.611291 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:58:21.611291 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Network connectivity detected Feb 03 11:58:21.611291 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Dropping privileges Feb 03 11:58:21.616069 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Network connectivity detected Feb 03 11:58:21.616182 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:58:21.616182 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:58:21.616182 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 03 11:58:21.616280 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Firefox workaround initialized Feb 03 11:58:21.616280 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgh37y8xc] Feb 03 11:58:21.617701 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 03 11:58:21.617701 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 03 11:58:21.617852 osdx dnscrypt-proxy[131933]: [2025-02-03 11:58:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 03 11:58:21.667488 osdx OSDxCLI[64814]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:58:13.442236 osdx systemd-journald[1718]: Runtime Journal (/run/log/journal/c2388425c8a74bb4bfb70a762bcfe315) is 1.3M, max 9.7M, 8.4M free. Feb 03 11:58:13.444970 osdx systemd-journald[1718]: Received client request to rotate journal, rotating. Feb 03 11:58:13.445061 osdx systemd-journald[1718]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c2388425c8a74bb4bfb70a762bcfe315. Feb 03 11:58:13.466249 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:58:14.263881 osdx osdx-coredump[59427]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:58:14.276166 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:58:16.050644 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:58:16.189919 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 03 11:58:16.376577 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:58:16.501970 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service ssh'. Feb 03 11:58:16.719693 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:16.919816 osdx INFO[59455]: FRR daemons did not change Feb 03 11:58:16.948646 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:58:17.217008 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 03 11:58:17.234264 osdx sshd[59522]: Server listening on 0.0.0.0 port 22. Feb 03 11:58:17.234554 osdx sshd[59522]: Server listening on :: port 22. Feb 03 11:58:17.234737 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 03 11:58:17.271280 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:58:17.322995 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:58:17.371737 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:58:17.640041 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 03 11:58:22.177456 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:58:22.359165 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 03 11:58:22.533231 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 03 11:58:22.658399 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 03 11:58:22.807243 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 03 11:58:22.990294 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 03 11:58:23.168447 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 03 11:58:23.347255 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b'. Feb 03 11:58:23.498192 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:23.610475 osdx INFO[59583]: FRR daemons did not change Feb 03 11:58:23.637452 osdx ca-certificates[59597]: Updating certificates in /etc/ssl/certs... Feb 03 11:58:24.561401 osdx ca-certificates[60604]: 1 added, 0 removed; done. Feb 03 11:58:24.566373 osdx ca-certificates[60609]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:58:24.571224 osdx ca-certificates[60611]: done. Feb 03 11:58:24.705363 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:58:24.708204 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:58:24.715767 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:58:24.752901 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:58:24.753444 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Network connectivity detected Feb 03 11:58:24.754038 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Dropping privileges Feb 03 11:58:24.759354 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:58:24.760840 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Network connectivity detected Feb 03 11:58:24.761081 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:58:24.761208 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:58:24.761342 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Firefox workaround initialized Feb 03 11:58:24.761464 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3h49pxav] Feb 03 11:58:24.978131 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:25.175555 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:25] [NOTICE] [DUT0] OK (DoH) - rtt: 198ms Feb 03 11:58:25.175555 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:25] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 198ms) Feb 03 11:58:25.175555 osdx dnscrypt-proxy[60618]: [2025-02-03 11:58:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 03 11:58:34.416107 osdx systemd-journald[1936]: Runtime Journal (/run/log/journal/0b455e05fd8849079cae205af04c9e16) is 2.0M, max 15.3M, 13.2M free. Feb 03 11:58:34.418580 osdx systemd-journald[1936]: Received client request to rotate journal, rotating. Feb 03 11:58:34.418660 osdx systemd-journald[1936]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0b455e05fd8849079cae205af04c9e16. Feb 03 11:58:34.433852 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:58:34.981140 osdx osdx-coredump[133580]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:58:34.994928 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:58:35.814030 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:58:36.016278 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 03 11:58:36.129287 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:58:36.288118 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:36.424387 osdx INFO[133601]: FRR daemons did not change Feb 03 11:58:36.460572 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:58:36.678399 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:58:36.740476 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:58:36.782500 osdx OSDxCLI[64814]: User 'admin' left the configuration menu. Feb 03 11:58:37.054895 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 03 11:58:39.066755 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 03 11:58:39.297454 osdx OSDxCLI[64814]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 03 11:58:39.556230 osdx OSDxCLI[64814]: User 'admin' entered the configuration menu. Feb 03 11:58:39.708215 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 03 11:58:39.865599 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 03 11:58:39.982983 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 03 11:58:40.084258 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 03 11:58:40.209604 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 03 11:58:40.339976 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 03 11:58:40.462520 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 03 11:58:40.598619 osdx OSDxCLI[64814]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:40.719185 osdx INFO[133718]: FRR daemons did not change Feb 03 11:58:40.738717 osdx ca-certificates[133734]: Updating certificates in /etc/ssl/certs... Feb 03 11:58:41.604484 osdx ca-certificates[134737]: 1 added, 0 removed; done. Feb 03 11:58:41.610251 osdx ca-certificates[134744]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:58:41.615393 osdx ca-certificates[134746]: done. Feb 03 11:58:41.827174 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:58:41.831523 osdx cfgd[1636]: [64814]Completed change to active configuration Feb 03 11:58:41.836771 osdx OSDxCLI[64814]: User 'admin' committed the configuration. Feb 03 11:58:41.868896 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:58:41.869199 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Network connectivity detected Feb 03 11:58:41.869509 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Dropping privileges Feb 03 11:58:41.874219 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Network connectivity detected Feb 03 11:58:41.874314 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:58:41.874314 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:58:41.874314 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 03 11:58:41.874314 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Firefox workaround initialized Feb 03 11:58:41.874314 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmps8dofxm2] Feb 03 11:58:41.876841 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] [RD] OK (DNSCrypt) - rtt: 1ms Feb 03 11:58:41.876841 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] Server with the lowest initial latency: RD (rtt: 1ms) Feb 03 11:58:41.876943 osdx dnscrypt-proxy[134806]: [2025-02-03 11:58:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 03 11:58:41.900533 osdx OSDxCLI[64814]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 03 11:58:34.399670 osdx systemd-journald[1718]: Runtime Journal (/run/log/journal/c2388425c8a74bb4bfb70a762bcfe315) is 1.3M, max 9.7M, 8.4M free. Feb 03 11:58:34.401257 osdx systemd-journald[1718]: Received client request to rotate journal, rotating. Feb 03 11:58:34.401324 osdx systemd-journald[1718]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c2388425c8a74bb4bfb70a762bcfe315. Feb 03 11:58:34.414977 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal clear'. Feb 03 11:58:35.199564 osdx osdx-coredump[62240]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 03 11:58:35.210665 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system coredump delete all'. Feb 03 11:58:37.305396 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:58:37.445584 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 03 11:58:37.591891 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 03 11:58:37.729948 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service ssh'. Feb 03 11:58:37.887910 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:38.034172 osdx INFO[62268]: FRR daemons did not change Feb 03 11:58:38.057261 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 03 11:58:38.349854 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 03 11:58:38.375170 osdx sshd[62335]: Server listening on 0.0.0.0 port 22. Feb 03 11:58:38.375586 osdx sshd[62335]: Server listening on :: port 22. Feb 03 11:58:38.375835 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 03 11:58:38.414703 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:58:38.469193 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:58:38.530885 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:58:38.740350 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 03 11:58:42.244127 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 9a6ee05554484890360b1518d3660a9e3fc62eac124b94ff0fd0fa2ed65f4b0b'. Feb 03 11:58:42.478474 osdx OSDxCLI[1937]: User 'admin' entered the configuration menu. Feb 03 11:58:42.608920 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 03 11:58:42.709679 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 03 11:58:42.852819 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 03 11:58:42.966231 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgmm7gVVRISJA2CxUY02YKnj_GLqwSS5T_D9D6LtZfSwsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 03 11:58:43.091505 osdx OSDxCLI[1937]: User 'admin' added a new cfg line: 'show working'. Feb 03 11:58:43.229701 osdx INFO[62396]: FRR daemons did not change Feb 03 11:58:43.254852 osdx ca-certificates[62412]: Updating certificates in /etc/ssl/certs... Feb 03 11:58:44.092999 osdx ca-certificates[63415]: 1 added, 0 removed; done. Feb 03 11:58:44.097606 osdx ca-certificates[63422]: Running hooks in /etc/ca-certificates/update.d... Feb 03 11:58:44.102161 osdx ca-certificates[63424]: done. Feb 03 11:58:44.201834 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 03 11:58:44.204800 osdx cfgd[1427]: [1937]Completed change to active configuration Feb 03 11:58:44.213719 osdx OSDxCLI[1937]: User 'admin' committed the configuration. Feb 03 11:58:44.237981 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] dnscrypt-proxy 2.0.45 Feb 03 11:58:44.237981 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Network connectivity detected Feb 03 11:58:44.237981 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Dropping privileges Feb 03 11:58:44.241298 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Network connectivity detected Feb 03 11:58:44.241496 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 03 11:58:44.241591 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 03 11:58:44.241727 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Firefox workaround initialized Feb 03 11:58:44.241808 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:44] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4phuc5zv] Feb 03 11:58:44.261997 osdx OSDxCLI[1937]: User 'admin' left the configuration menu. Feb 03 11:58:44.476451 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:44.794172 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:45.157959 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:45.477519 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:45.819020 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:46.205373 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:46.544169 osdx OSDxCLI[1937]: User 'admin' executed a new command: 'system journal show | cat'. Feb 03 11:58:46.648860 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:46] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Feb 03 11:58:46.648860 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:46] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Feb 03 11:58:46.648860 osdx dnscrypt-proxy[63431]: [2025-02-03 11:58:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13