Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:58:01.299557 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.2M free. Jan 10 12:58:01.300225 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:58:01.300261 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:58:01.309025 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:58:01.619763 osdx osdx-coredump[159575]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:58:01.627051 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:58:02.089894 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:02.161982 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:58:02.245088 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:58:02.312483 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:02.406639 osdx INFO[159599]: FRR daemons did not change Jan 10 12:58:02.424233 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:58:02.516499 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:02.541361 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:02.556642 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:02.697449 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:58:02.851473 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:02.908889 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:58:03.004129 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:58:03.065535 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 10 12:58:03.158023 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 10 12:58:03.214586 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Jan 10 12:58:03.303533 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:58:03.379218 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:03.504613 osdx INFO[159713]: FRR daemons did not change Jan 10 12:58:03.516004 osdx ca-certificates[159729]: Updating certificates in /etc/ssl/certs... Jan 10 12:58:03.993605 osdx ca-certificates[160733]: 1 added, 0 removed; done. Jan 10 12:58:03.996507 osdx ca-certificates[160739]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:58:03.999304 osdx ca-certificates[160741]: done. Jan 10 12:58:04.104570 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:58:04.105805 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:04.110565 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:04.138120 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:58:04.138283 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Network connectivity detected Jan 10 12:58:04.138416 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Dropping privileges Jan 10 12:58:04.141020 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Network connectivity detected Jan 10 12:58:04.141065 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:58:04.141065 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:58:04.141106 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Firefox workaround initialized Jan 10 12:58:04.141106 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpr4x3exu5] Jan 10 12:58:04.148284 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:04.282130 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] [RD] OK (DoH) - rtt: 118ms Jan 10 12:58:04.282130 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) Jan 10 12:58:04.282130 osdx dnscrypt-proxy[160798]: [2025-01-10 12:58:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 10 12:58:04.298664 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:58:09.297726 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.3M free. Jan 10 12:58:09.300885 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:58:09.300925 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:58:09.306942 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:58:09.612031 osdx osdx-coredump[162448]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:58:09.619172 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:58:10.075711 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:10.149087 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:58:10.234442 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:58:10.300694 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:10.397179 osdx INFO[162472]: FRR daemons did not change Jan 10 12:58:10.416896 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:58:10.509105 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:10.533981 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:10.551913 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:10.713669 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:58:10.833865 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Jan 10 12:58:10.993123 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:11.061425 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:58:11.173766 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:58:11.234658 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jan 10 12:58:11.330090 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:58:11.410996 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:11.500512 osdx INFO[162587]: FRR daemons did not change Jan 10 12:58:11.520017 osdx ca-certificates[162603]: Updating certificates in /etc/ssl/certs... Jan 10 12:58:11.976287 osdx ca-certificates[163606]: 1 added, 0 removed; done. Jan 10 12:58:11.979017 osdx ca-certificates[163613]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:58:11.981849 osdx ca-certificates[163615]: done. Jan 10 12:58:12.073285 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:58:12.074543 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:12.077069 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:12.096273 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:58:12.096501 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Network connectivity detected Jan 10 12:58:12.096591 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Dropping privileges Jan 10 12:58:12.099893 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Network connectivity detected Jan 10 12:58:12.099893 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:58:12.099893 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:58:12.099893 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Firefox workaround initialized Jan 10 12:58:12.099893 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphi7jejnq] Jan 10 12:58:12.100360 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:12.231131 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] [RD] OK (DoH) - rtt: 105ms Jan 10 12:58:12.231131 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 105ms) Jan 10 12:58:12.231131 osdx dnscrypt-proxy[163672]: [2025-01-10 12:58:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 10 12:58:12.245512 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jan 10 12:58:17.320152 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.3M free. Jan 10 12:58:17.322563 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:58:17.322607 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:58:17.329032 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:58:17.660337 osdx osdx-coredump[165324]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:58:17.667747 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:58:18.134980 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:18.209780 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:58:18.294119 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:58:18.362701 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:18.459064 osdx INFO[165348]: FRR daemons did not change Jan 10 12:58:18.478571 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:58:18.570740 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:18.601063 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:18.617569 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:18.753809 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:58:18.859110 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 10 12:58:19.010447 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:19.069715 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:58:19.169052 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:58:19.228509 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jan 10 12:58:19.329878 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jan 10 12:58:19.385686 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jan 10 12:58:19.490287 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Jan 10 12:58:19.539614 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:58:19.657322 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:19.759369 osdx INFO[165465]: FRR daemons did not change Jan 10 12:58:19.771009 osdx ca-certificates[165481]: Updating certificates in /etc/ssl/certs... Jan 10 12:58:20.215364 osdx ca-certificates[166485]: 1 added, 0 removed; done. Jan 10 12:58:20.218047 osdx ca-certificates[166491]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:58:20.220785 osdx ca-certificates[166493]: done. Jan 10 12:58:20.330894 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:58:20.331999 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:20.335239 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:20.354915 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:20.356537 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:58:20.356672 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Network connectivity detected Jan 10 12:58:20.356761 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Dropping privileges Jan 10 12:58:20.358653 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Network connectivity detected Jan 10 12:58:20.358676 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:58:20.358676 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:58:20.358706 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Firefox workaround initialized Jan 10 12:58:20.358706 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpcw6xuxhv] Jan 10 12:58:20.359249 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 10 12:58:20.359249 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 10 12:58:20.359249 osdx dnscrypt-proxy[166550]: [2025-01-10 12:58:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jan 10 12:58:25.281715 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.3M free. Jan 10 12:58:25.285039 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:58:25.285087 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:58:25.290650 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:58:25.611852 osdx osdx-coredump[168196]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:58:25.619551 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:58:26.045605 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:26.118957 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:58:26.202752 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:58:26.269813 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:26.366872 osdx INFO[168220]: FRR daemons did not change Jan 10 12:58:26.385041 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:58:26.476497 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:26.502132 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:26.517956 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:26.682979 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:58:26.791144 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 10 12:58:26.878148 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Jan 10 12:58:27.038248 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:58:27.097907 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:58:27.198457 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:58:27.262548 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jan 10 12:58:27.353489 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:58:27.428039 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:58:27.524832 osdx INFO[168337]: FRR daemons did not change Jan 10 12:58:27.538203 osdx ca-certificates[168353]: Updating certificates in /etc/ssl/certs... Jan 10 12:58:28.006457 osdx ca-certificates[169357]: 1 added, 0 removed; done. Jan 10 12:58:28.009306 osdx ca-certificates[169363]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:58:28.012072 osdx ca-certificates[169365]: done. Jan 10 12:58:28.129324 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:58:28.130650 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:58:28.133133 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:58:28.150028 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:58:28.151394 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:58:28.151548 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Network connectivity detected Jan 10 12:58:28.151619 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Dropping privileges Jan 10 12:58:28.153559 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Network connectivity detected Jan 10 12:58:28.153582 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:58:28.153582 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:58:28.153609 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Firefox workaround initialized Jan 10 12:58:28.153609 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpw91bucwq] Jan 10 12:58:28.154053 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 10 12:58:28.154085 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 10 12:58:28.154085 osdx dnscrypt-proxy[169422]: [2025-01-10 12:58:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16