Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:09.294431 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.2M free. Jan 10 12:57:09.294836 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:57:09.294868 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:57:09.303643 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:09.626815 osdx osdx-coredump[147796]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:09.633790 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:10.075354 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:10.148460 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:57:10.233640 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:10.305950 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:10.401155 osdx INFO[147820]: FRR daemons did not change Jan 10 12:57:10.418696 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:10.520186 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:10.545018 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:10.562570 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:10.707493 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:57:11.705326 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:11.762831 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:57:11.870586 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:57:11.933982 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 10 12:57:12.027256 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 10 12:57:12.086162 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Jan 10 12:57:12.180286 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jan 10 12:57:12.235689 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jan 10 12:57:12.329637 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:57:12.386631 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 10 12:57:12.509178 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:12.575720 osdx INFO[147937]: FRR daemons did not change Jan 10 12:57:12.587646 osdx ca-certificates[147953]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:13.034421 osdx ca-certificates[148957]: 1 added, 0 removed; done. Jan 10 12:57:13.037978 osdx ca-certificates[148963]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:13.040725 osdx ca-certificates[148965]: done. Jan 10 12:57:13.154941 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:13.155950 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:13.158930 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:13.186903 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:13.187078 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Network connectivity detected Jan 10 12:57:13.187207 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Dropping privileges Jan 10 12:57:13.188674 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:13.190522 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Network connectivity detected Jan 10 12:57:13.190522 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:13.190522 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:13.190629 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 10 12:57:13.190629 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Firefox workaround initialized Jan 10 12:57:13.190629 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphyb8d64w] Jan 10 12:57:13.331233 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] [RD] OK (DoH) - rtt: 119ms Jan 10 12:57:13.331233 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Jan 10 12:57:13.331233 osdx dnscrypt-proxy[149025]: [2025-01-10 12:57:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 10 12:57:13.349750 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:09.263609 osdx systemd-journald[1523]: Runtime Journal (/run/log/journal/7179cccd71d140d8bcd6364001e8f483) is 992.0K, max 7.2M, 6.2M free. Jan 10 12:57:09.267193 osdx systemd-journald[1523]: Received client request to rotate journal, rotating. Jan 10 12:57:09.267245 osdx systemd-journald[1523]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7179cccd71d140d8bcd6364001e8f483. Jan 10 12:57:09.272706 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:09.693733 osdx osdx-coredump[56028]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:09.701301 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:10.721496 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:10.792424 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 10 12:57:10.874935 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:10.928307 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Jan 10 12:57:11.036944 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:11.105743 osdx INFO[56059]: FRR daemons did not change Jan 10 12:57:11.123198 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:11.283903 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jan 10 12:57:11.311593 osdx sshd[56129]: Server listening on 0.0.0.0 port 22. Jan 10 12:57:11.312106 osdx sshd[56129]: Server listening on :: port 22. Jan 10 12:57:11.312414 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jan 10 12:57:11.336249 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:11.360839 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:11.376261 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:11.506363 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 10 12:57:13.598975 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:13.657803 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 10 12:57:13.752564 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 10 12:57:13.808186 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 10 12:57:13.913864 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jan 10 12:57:13.972642 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jan 10 12:57:14.064462 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jan 10 12:57:14.123368 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504'. Jan 10 12:57:14.240203 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:14.338116 osdx INFO[56190]: FRR daemons did not change Jan 10 12:57:14.352460 osdx ca-certificates[56206]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:14.812418 osdx ca-certificates[57211]: 1 added, 0 removed; done. Jan 10 12:57:14.815034 osdx ca-certificates[57216]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:14.817609 osdx ca-certificates[57218]: done. Jan 10 12:57:14.895512 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:14.897897 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:14.903937 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:14.923960 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:14.928787 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:14.928991 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Network connectivity detected Jan 10 12:57:14.929090 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Dropping privileges Jan 10 12:57:14.931182 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Network connectivity detected Jan 10 12:57:14.931182 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:14.931182 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:14.931182 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Firefox workaround initialized Jan 10 12:57:14.931182 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:14] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptzlvy1py] Jan 10 12:57:15.073504 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Jan 10 12:57:15.083819 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:15] [NOTICE] [DUT0] OK (DoH) - rtt: 110ms Jan 10 12:57:15.083819 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:15] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 110ms) Jan 10 12:57:15.083819 osdx dnscrypt-proxy[57225]: [2025-01-10 12:57:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:20.327089 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.6M, max 15.3M, 12.7M free. Jan 10 12:57:20.328610 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:57:20.328674 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:57:20.336179 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:20.641067 osdx osdx-coredump[150675]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:20.648394 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:21.125113 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:21.212028 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:57:21.304783 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:21.372997 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:21.472875 osdx INFO[150699]: FRR daemons did not change Jan 10 12:57:21.492611 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:21.587309 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:21.612267 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:21.627401 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:21.770194 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:57:22.800580 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'. Jan 10 12:57:22.953253 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:23.018435 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:57:23.119699 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:57:23.178828 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAgy7M5-UO3Vk3_8z8NLvPTTeHhQhMMxt8273gvK9hRlApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jan 10 12:57:23.272316 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jan 10 12:57:23.326669 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jan 10 12:57:23.425071 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 10 12:57:23.477976 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:57:23.581995 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 10 12:57:23.695810 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:23.765612 osdx INFO[150818]: FRR daemons did not change Jan 10 12:57:23.779217 osdx ca-certificates[150834]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:24.254437 osdx ca-certificates[151838]: 1 added, 0 removed; done. Jan 10 12:57:24.257323 osdx ca-certificates[151844]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:24.259907 osdx ca-certificates[151846]: done. Jan 10 12:57:24.372925 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:24.374304 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:24.377691 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:24.395373 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:24.401046 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:24.401172 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Network connectivity detected Jan 10 12:57:24.401377 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Dropping privileges Jan 10 12:57:24.403625 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Network connectivity detected Jan 10 12:57:24.403654 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:24.403654 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:24.403684 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 10 12:57:24.403697 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Firefox workaround initialized Jan 10 12:57:24.403710 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnww7gsyh] Jan 10 12:57:24.536474 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] [RD] OK (DoH) - rtt: 111ms Jan 10 12:57:24.536474 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] Server with the lowest initial latency: RD (rtt: 111ms) Jan 10 12:57:24.536474 osdx dnscrypt-proxy[151906]: [2025-01-10 12:57:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jan 10 12:57:24.552339 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:21.284752 osdx systemd-journald[1523]: Runtime Journal (/run/log/journal/7179cccd71d140d8bcd6364001e8f483) is 1016.0K, max 7.2M, 6.2M free. Jan 10 12:57:21.286790 osdx systemd-journald[1523]: Received client request to rotate journal, rotating. Jan 10 12:57:21.286840 osdx systemd-journald[1523]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7179cccd71d140d8bcd6364001e8f483. Jan 10 12:57:21.294124 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:21.708016 osdx osdx-coredump[58847]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:21.716105 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:22.780074 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:22.862124 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 10 12:57:22.947607 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:23.002940 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Jan 10 12:57:23.106636 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:23.178705 osdx INFO[58878]: FRR daemons did not change Jan 10 12:57:23.198798 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:23.355083 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jan 10 12:57:23.369027 osdx sshd[58948]: Server listening on 0.0.0.0 port 22. Jan 10 12:57:23.369262 osdx sshd[58948]: Server listening on :: port 22. Jan 10 12:57:23.369372 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jan 10 12:57:23.391743 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:23.427561 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:23.443096 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:23.592039 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 10 12:57:25.771505 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504'. Jan 10 12:57:25.911797 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:25.972078 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 10 12:57:26.075443 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 10 12:57:26.162192 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 10 12:57:26.245008 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jan 10 12:57:26.318731 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:26.416100 osdx INFO[59009]: FRR daemons did not change Jan 10 12:57:26.429223 osdx ca-certificates[59024]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:26.896102 osdx ca-certificates[60030]: 1 added, 0 removed; done. Jan 10 12:57:26.899034 osdx ca-certificates[60035]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:26.901759 osdx ca-certificates[60037]: done. Jan 10 12:57:26.979151 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:26.981554 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:26.984783 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:27.001262 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:27.019571 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:27.019737 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Network connectivity detected Jan 10 12:57:27.019790 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Dropping privileges Jan 10 12:57:27.021484 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Network connectivity detected Jan 10 12:57:27.021519 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:27.021519 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:27.021552 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Firefox workaround initialized Jan 10 12:57:27.021552 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqlv9dmis] Jan 10 12:57:27.150351 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Jan 10 12:57:27.196706 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] [DUT0] OK (DoH) - rtt: 122ms Jan 10 12:57:27.196706 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 122ms) Jan 10 12:57:27.196706 osdx dnscrypt-proxy[60044]: [2025-01-10 12:57:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jan 10 12:57:32.294743 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.2M free. Jan 10 12:57:32.296478 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:57:32.296530 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:57:32.303670 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:32.616962 osdx osdx-coredump[153556]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:32.625931 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:33.091416 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:33.221513 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:57:33.286767 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:33.403532 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:33.488269 osdx INFO[153580]: FRR daemons did not change Jan 10 12:57:33.508483 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:33.614261 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:33.638737 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:33.655083 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:33.799237 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:57:34.887410 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 10 12:57:35.026218 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:35.085045 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:57:35.175629 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:57:35.234609 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jan 10 12:57:35.327120 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jan 10 12:57:35.383183 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jan 10 12:57:35.482650 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1'. Jan 10 12:57:35.531804 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:57:35.634402 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jan 10 12:57:35.697348 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jan 10 12:57:35.800161 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 10 12:57:35.879875 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:35.991606 osdx INFO[153700]: FRR daemons did not change Jan 10 12:57:36.003745 osdx ca-certificates[153716]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:36.480930 osdx ca-certificates[154720]: 1 added, 0 removed; done. Jan 10 12:57:36.483726 osdx ca-certificates[154726]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:36.486510 osdx ca-certificates[154728]: done. Jan 10 12:57:36.604805 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:36.606443 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:36.609132 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:36.628973 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:36.634691 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:36.634878 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Network connectivity detected Jan 10 12:57:36.635040 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Dropping privileges Jan 10 12:57:36.637461 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Network connectivity detected Jan 10 12:57:36.637496 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:36.637496 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:36.637496 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 10 12:57:36.637550 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Firefox workaround initialized Jan 10 12:57:36.637550 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjmmvj15h] Jan 10 12:57:36.638157 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 10 12:57:36.638157 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 10 12:57:36.638231 osdx dnscrypt-proxy[154788]: [2025-01-10 12:57:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:32.258983 osdx systemd-journald[1523]: Runtime Journal (/run/log/journal/7179cccd71d140d8bcd6364001e8f483) is 1.0M, max 7.2M, 6.2M free. Jan 10 12:57:32.259457 osdx systemd-journald[1523]: Received client request to rotate journal, rotating. Jan 10 12:57:32.259492 osdx systemd-journald[1523]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7179cccd71d140d8bcd6364001e8f483. Jan 10 12:57:32.268077 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:32.692884 osdx osdx-coredump[61666]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:32.700386 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:33.810640 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:33.894989 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 10 12:57:33.969477 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:34.068832 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Jan 10 12:57:34.150308 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:34.256527 osdx INFO[61697]: FRR daemons did not change Jan 10 12:57:34.275456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:34.451696 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jan 10 12:57:34.463151 osdx sshd[61767]: Server listening on 0.0.0.0 port 22. Jan 10 12:57:34.463353 osdx sshd[61767]: Server listening on :: port 22. Jan 10 12:57:34.463465 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jan 10 12:57:34.482080 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:34.507765 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:34.523527 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:34.667007 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 10 12:57:36.780855 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:36.837858 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 10 12:57:36.934469 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 10 12:57:37.024363 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 10 12:57:37.090172 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jan 10 12:57:37.174023 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jan 10 12:57:37.232217 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jan 10 12:57:37.329806 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504'. Jan 10 12:57:37.401389 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:37.496689 osdx INFO[61828]: FRR daemons did not change Jan 10 12:57:37.510744 osdx ca-certificates[61844]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:37.987271 osdx ca-certificates[62849]: 1 added, 0 removed; done. Jan 10 12:57:37.989986 osdx ca-certificates[62854]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:37.992584 osdx ca-certificates[62856]: done. Jan 10 12:57:38.063802 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:38.065025 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:38.067914 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:38.084141 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:38.085866 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:38.086008 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Network connectivity detected Jan 10 12:57:38.086081 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Dropping privileges Jan 10 12:57:38.087974 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Network connectivity detected Jan 10 12:57:38.087998 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:38.087998 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:38.088023 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Firefox workaround initialized Jan 10 12:57:38.088023 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpx64f56a5] Jan 10 12:57:38.233473 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Jan 10 12:57:38.263995 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] [DUT0] OK (DoH) - rtt: 127ms Jan 10 12:57:38.263995 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 127ms) Jan 10 12:57:38.263995 osdx dnscrypt-proxy[62863]: [2025-01-10 12:57:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jan 10 12:57:44.344797 osdx systemd-journald[1741]: Runtime Journal (/run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71) is 2.0M, max 15.3M, 13.2M free. Jan 10 12:57:44.348090 osdx systemd-journald[1741]: Received client request to rotate journal, rotating. Jan 10 12:57:44.348159 osdx systemd-journald[1741]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fda2548b09bd4d8ba0d8cad09b8eab71. Jan 10 12:57:44.354003 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:44.689553 osdx osdx-coredump[156435]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:44.697263 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:45.161943 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:45.243577 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 10 12:57:45.328873 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:45.395486 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:45.495813 osdx INFO[156459]: FRR daemons did not change Jan 10 12:57:45.512080 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:45.610235 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:45.639380 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:45.654961 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:45.821726 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 10 12:57:46.835038 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jan 10 12:57:46.924553 osdx OSDxCLI[66002]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key fd:72:9c:cf:6f:8a:e0:92:f1:ff:88:24:b6:9e:61:13:e5:31:09:0d:3a:ca:b2:eb:63:df:a1:e2:6a:0d:58:a1 ip 10.215.168.1 port 8443'. Jan 10 12:57:47.078910 osdx OSDxCLI[66002]: User 'admin' entered the configuration menu. Jan 10 12:57:47.138370 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 10 12:57:47.235319 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 10 12:57:47.296426 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIP1ynM9viuCS8f-IJLaeYRPlMQkNOsqy62PfoeJqDVihGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jan 10 12:57:47.385762 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jan 10 12:57:47.443351 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jan 10 12:57:47.541001 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jan 10 12:57:47.596903 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jan 10 12:57:47.709411 osdx OSDxCLI[66002]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:47.785515 osdx INFO[156579]: FRR daemons did not change Jan 10 12:57:47.799070 osdx ca-certificates[156595]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:48.287949 osdx ca-certificates[157599]: 1 added, 0 removed; done. Jan 10 12:57:48.290671 osdx ca-certificates[157605]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:48.293341 osdx ca-certificates[157607]: done. Jan 10 12:57:48.404386 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:48.405561 osdx cfgd[1445]: [66002]Completed change to active configuration Jan 10 12:57:48.408226 osdx OSDxCLI[66002]: User 'admin' committed the configuration. Jan 10 12:57:48.425461 osdx OSDxCLI[66002]: User 'admin' left the configuration menu. Jan 10 12:57:48.427556 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:48.427681 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Network connectivity detected Jan 10 12:57:48.427818 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Dropping privileges Jan 10 12:57:48.429764 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Network connectivity detected Jan 10 12:57:48.429787 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:48.429787 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:48.429812 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jan 10 12:57:48.429812 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Firefox workaround initialized Jan 10 12:57:48.429835 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkkj5aqkp] Jan 10 12:57:48.430399 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jan 10 12:57:48.430399 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jan 10 12:57:48.430399 osdx dnscrypt-proxy[157667]: [2025-01-10 12:57:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jan 10 12:57:44.299658 osdx systemd-journald[1523]: Runtime Journal (/run/log/journal/7179cccd71d140d8bcd6364001e8f483) is 1.0M, max 7.2M, 6.2M free. Jan 10 12:57:44.301256 osdx systemd-journald[1523]: Received client request to rotate journal, rotating. Jan 10 12:57:44.301304 osdx systemd-journald[1523]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7179cccd71d140d8bcd6364001e8f483. Jan 10 12:57:44.308732 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal clear'. Jan 10 12:57:44.753415 osdx osdx-coredump[64485]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jan 10 12:57:44.760985 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system coredump delete all'. Jan 10 12:57:45.835567 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:45.910358 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jan 10 12:57:45.990605 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 10 12:57:46.042957 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service ssh'. Jan 10 12:57:46.155421 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:46.226976 osdx INFO[64516]: FRR daemons did not change Jan 10 12:57:46.245274 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 10 12:57:46.405466 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jan 10 12:57:46.416719 osdx sshd[64586]: Server listening on 0.0.0.0 port 22. Jan 10 12:57:46.416914 osdx sshd[64586]: Server listening on :: port 22. Jan 10 12:57:46.417009 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jan 10 12:57:46.437109 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:46.462108 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:46.478091 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:46.626697 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jan 10 12:57:48.580795 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash de8e0a3f6068ea4067675036b9bf1b9ecf1ab76d8919c95ae09a2503d2e30504'. Jan 10 12:57:48.719876 osdx OSDxCLI[1768]: User 'admin' entered the configuration menu. Jan 10 12:57:48.782993 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jan 10 12:57:48.876228 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jan 10 12:57:48.932469 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jan 10 12:57:49.036047 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg3o4KP2Bo6kBnZ1A2ub8bns8at22JGcla4JolA9LjBQQNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jan 10 12:57:49.106080 osdx OSDxCLI[1768]: User 'admin' added a new cfg line: 'show working'. Jan 10 12:57:49.204939 osdx INFO[64647]: FRR daemons did not change Jan 10 12:57:49.218528 osdx ca-certificates[64663]: Updating certificates in /etc/ssl/certs... Jan 10 12:57:49.671457 osdx ca-certificates[65668]: 1 added, 0 removed; done. Jan 10 12:57:49.674177 osdx ca-certificates[65673]: Running hooks in /etc/ca-certificates/update.d... Jan 10 12:57:49.676730 osdx ca-certificates[65675]: done. Jan 10 12:57:49.754346 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 10 12:57:49.758412 osdx cfgd[1231]: [1768]Completed change to active configuration Jan 10 12:57:49.770107 osdx OSDxCLI[1768]: User 'admin' committed the configuration. Jan 10 12:57:49.784811 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] dnscrypt-proxy 2.0.45 Jan 10 12:57:49.784811 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Network connectivity detected Jan 10 12:57:49.784811 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Dropping privileges Jan 10 12:57:49.786513 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Network connectivity detected Jan 10 12:57:49.786539 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jan 10 12:57:49.786539 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jan 10 12:57:49.786567 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Firefox workaround initialized Jan 10 12:57:49.786567 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpr3bl6gze] Jan 10 12:57:49.793613 osdx OSDxCLI[1768]: User 'admin' left the configuration menu. Jan 10 12:57:49.951811 osdx OSDxCLI[1768]: User 'admin' executed a new command: 'system journal show | cat'. Jan 10 12:57:49.964966 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] [DUT0] OK (DoH) - rtt: 128ms Jan 10 12:57:49.964966 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 128ms) Jan 10 12:57:49.964966 osdx dnscrypt-proxy[65682]: [2025-01-10 12:57:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13