Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:36:22.583145 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.1M, max 15.3M, 13.2M free. Feb 19 19:36:22.586219 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:36:22.586316 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:36:22.601899 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:36:23.213821 osdx osdx-coredump[207502]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:36:23.231299 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:36:24.315863 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:36:24.502297 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:36:24.652818 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:36:24.845528 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:36:25.032831 osdx INFO[207526]: FRR daemons did not change Feb 19 19:36:25.074207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:36:25.291842 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:36:25.351072 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:36:25.412709 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:36:25.700246 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:36:26.041527 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:36:26.224160 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:36:26.412009 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:36:26.613321 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:36:26.802533 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:36:27.017318 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:36:27.167078 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:36:27.432843 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:36:27.600958 osdx INFO[207640]: FRR daemons did not change Feb 19 19:36:27.624605 osdx ca-certificates[207656]: Updating certificates in /etc/ssl/certs... Feb 19 19:36:28.951853 osdx ca-certificates[208659]: 1 added, 0 removed; done. Feb 19 19:36:28.957199 osdx ca-certificates[208666]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:36:28.963678 osdx ca-certificates[208668]: done. Feb 19 19:36:29.174971 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:36:29.177474 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:36:29.181687 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:36:29.220819 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:36:29.221539 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Network connectivity detected Feb 19 19:36:29.221539 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Dropping privileges Feb 19 19:36:29.231298 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Network connectivity detected Feb 19 19:36:29.231522 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:36:29.231602 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:36:29.231720 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Firefox workaround initialized Feb 19 19:36:29.231792 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppkbncwjn] Feb 19 19:36:29.272277 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:36:29.345680 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] [RD] OK (DoH) - rtt: 54ms Feb 19 19:36:29.346383 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] Server with the lowest initial latency: RD (rtt: 54ms) Feb 19 19:36:29.346383 osdx dnscrypt-proxy[208725]: [2025-02-19 19:36:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:36:40.463309 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:36:40.465820 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:36:40.465986 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:36:40.486356 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:36:41.164729 osdx osdx-coredump[210372]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:36:41.187807 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:36:42.151349 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:36:42.336849 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:36:42.459646 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:36:42.664454 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:36:42.917801 osdx INFO[210396]: FRR daemons did not change Feb 19 19:36:43.021665 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:36:43.329925 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:36:43.406163 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:36:43.469567 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:36:43.775944 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:36:44.153835 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:36:44.429282 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:36:44.581022 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:36:44.750382 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:36:44.955693 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 19 19:36:45.119072 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:36:45.323503 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:36:45.470333 osdx INFO[210511]: FRR daemons did not change Feb 19 19:36:45.512398 osdx ca-certificates[210525]: Updating certificates in /etc/ssl/certs... Feb 19 19:36:47.183391 osdx ca-certificates[211530]: 1 added, 0 removed; done. Feb 19 19:36:47.188086 osdx ca-certificates[211537]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:36:47.198694 osdx ca-certificates[211539]: done. Feb 19 19:36:47.381285 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:36:47.390492 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:36:47.394439 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:36:47.426957 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:36:47.427311 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Network connectivity detected Feb 19 19:36:47.427526 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Dropping privileges Feb 19 19:36:47.432096 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Network connectivity detected Feb 19 19:36:47.432096 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:36:47.432096 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:36:47.432096 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Firefox workaround initialized Feb 19 19:36:47.432096 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxz0wr_dl] Feb 19 19:36:47.454927 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:36:47.580602 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] [RD] OK (DoH) - rtt: 53ms Feb 19 19:36:47.580602 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] Server with the lowest initial latency: RD (rtt: 53ms) Feb 19 19:36:47.580602 osdx dnscrypt-proxy[211596]: [2025-02-19 19:36:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 19:36:58.605744 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:36:58.609497 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:36:58.609652 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:36:58.633605 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:36:59.492503 osdx osdx-coredump[213244]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:36:59.510452 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:37:00.549793 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:37:00.775443 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:37:00.909652 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:37:01.166119 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:37:01.410904 osdx INFO[213268]: FRR daemons did not change Feb 19 19:37:01.598484 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:37:02.102477 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:37:02.186616 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:37:02.350216 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:37:02.688413 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:37:03.025815 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 19:37:03.355367 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:37:03.551777 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:37:03.708485 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:37:03.890167 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 19 19:37:04.032210 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 19 19:37:04.193861 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 19 19:37:04.373345 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 19 19:37:04.509482 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:37:04.757290 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:37:04.950468 osdx INFO[213388]: FRR daemons did not change Feb 19 19:37:04.976360 osdx ca-certificates[213403]: Updating certificates in /etc/ssl/certs... Feb 19 19:37:06.264232 osdx ca-certificates[214407]: 1 added, 0 removed; done. Feb 19 19:37:06.269950 osdx ca-certificates[214414]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:37:06.286393 osdx ca-certificates[214416]: done. Feb 19 19:37:06.496184 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:37:06.503176 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:37:06.522793 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:37:06.561159 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:37:06.561528 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Network connectivity detected Feb 19 19:37:06.561688 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Dropping privileges Feb 19 19:37:06.578156 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Network connectivity detected Feb 19 19:37:06.578156 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:37:06.578156 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:37:06.578156 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Firefox workaround initialized Feb 19 19:37:06.578156 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnesjqy52] Feb 19 19:37:06.579287 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 19:37:06.579360 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 19:37:06.579360 osdx dnscrypt-proxy[214473]: [2025-02-19 19:37:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 19 19:37:06.598875 osdx OSDxCLI[2457]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 19:37:17.511846 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:37:17.512563 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:37:17.512614 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:37:17.565866 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:37:18.290118 osdx osdx-coredump[216119]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:37:18.306883 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:37:19.321076 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:37:19.501070 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:37:19.666152 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:37:19.836103 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:37:20.011135 osdx INFO[216143]: FRR daemons did not change Feb 19 19:37:20.076390 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:37:20.364238 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:37:20.427934 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:37:20.496729 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:37:20.796915 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:37:21.027662 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 19:37:21.275549 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 19 19:37:21.553317 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:37:21.680886 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:37:21.852230 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:37:22.011199 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 19 19:37:22.133763 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:37:22.312465 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:37:22.473588 osdx INFO[216260]: FRR daemons did not change Feb 19 19:37:22.499717 osdx ca-certificates[216276]: Updating certificates in /etc/ssl/certs... Feb 19 19:37:23.927159 osdx ca-certificates[217278]: 1 added, 0 removed; done. Feb 19 19:37:23.936217 osdx ca-certificates[217286]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:37:23.941856 osdx ca-certificates[217288]: done. Feb 19 19:37:24.180401 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:37:24.183467 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:37:24.190289 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:37:24.250308 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:37:24.268550 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:37:24.268550 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Network connectivity detected Feb 19 19:37:24.270741 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Dropping privileges Feb 19 19:37:24.274698 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Network connectivity detected Feb 19 19:37:24.274796 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:37:24.274796 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:37:24.274796 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Firefox workaround initialized Feb 19 19:37:24.274796 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp47zx447b] Feb 19 19:37:24.276507 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 19:37:24.276507 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 19:37:24.276507 osdx dnscrypt-proxy[217345]: [2025-02-19 19:37:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16