Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:34:16.616362 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 4.1M, max 15.3M, 11.2M free. Feb 19 19:34:16.617170 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:34:16.617263 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:34:16.668968 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:34:17.739258 osdx osdx-coredump[195714]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:34:17.761118 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:34:18.941084 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:34:19.107099 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:34:19.229735 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:34:19.400862 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:19.576666 osdx INFO[195738]: FRR daemons did not change Feb 19 19:34:19.632578 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:34:19.879859 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:34:19.927975 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:34:19.974223 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:34:20.211668 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:34:22.512329 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:34:22.652029 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:34:22.844143 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:34:23.045064 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:34:23.200005 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:34:23.390249 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:34:23.555664 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 19:34:23.707248 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 19:34:23.875464 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:34:24.075903 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 19:34:24.304592 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:24.599513 osdx INFO[195855]: FRR daemons did not change Feb 19 19:34:24.636968 osdx ca-certificates[195870]: Updating certificates in /etc/ssl/certs... Feb 19 19:34:26.198705 osdx ca-certificates[196875]: 1 added, 0 removed; done. Feb 19 19:34:26.205363 osdx ca-certificates[196881]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:34:26.211937 osdx ca-certificates[196883]: done. Feb 19 19:34:26.417342 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:34:26.422375 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:34:26.427173 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:34:26.477618 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:34:26.477920 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Network connectivity detected Feb 19 19:34:26.478319 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Dropping privileges Feb 19 19:34:26.483953 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Network connectivity detected Feb 19 19:34:26.484082 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:34:26.484082 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:34:26.484082 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 19:34:26.484250 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Firefox workaround initialized Feb 19 19:34:26.484250 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_7u6kq1v] Feb 19 19:34:26.498943 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:34:26.616439 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] [RD] OK (DoH) - rtt: 53ms Feb 19 19:34:26.616439 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 53ms) Feb 19 19:34:26.616666 osdx dnscrypt-proxy[196943]: [2025-02-19 19:34:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:34:16.679958 osdx systemd-journald[1550]: Runtime Journal (/run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b) is 1.0M, max 7.2M, 6.1M free. Feb 19 19:34:16.681373 osdx systemd-journald[1550]: Received client request to rotate journal, rotating. Feb 19 19:34:16.681470 osdx systemd-journald[1550]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b. Feb 19 19:34:16.702403 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:34:18.033532 osdx osdx-coredump[200963]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:34:18.061387 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:34:20.303608 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:34:20.505538 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 19:34:20.626442 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:34:20.754623 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 19:34:20.954413 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:21.161537 osdx INFO[200994]: FRR daemons did not change Feb 19 19:34:21.233101 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:34:21.658875 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 19:34:21.685578 osdx sshd[201064]: Server listening on 0.0.0.0 port 22. Feb 19 19:34:21.685982 osdx sshd[201064]: Server listening on :: port 22. Feb 19 19:34:21.686208 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 19:34:21.742122 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:34:21.803683 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:34:21.847697 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:34:22.072476 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 19:34:26.827470 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:34:26.997151 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 19:34:27.142022 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 19:34:27.321318 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 19:34:27.465390 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 19 19:34:27.675201 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 19 19:34:27.870995 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 19 19:34:28.029465 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff'. Feb 19 19:34:28.250616 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:28.410666 osdx INFO[201125]: FRR daemons did not change Feb 19 19:34:28.436349 osdx ca-certificates[201140]: Updating certificates in /etc/ssl/certs... Feb 19 19:34:29.720586 osdx ca-certificates[202149]: 1 added, 0 removed; done. Feb 19 19:34:29.726144 osdx ca-certificates[202151]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:34:29.733153 osdx ca-certificates[202153]: done. Feb 19 19:34:29.891063 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:34:29.897676 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:34:29.905028 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:34:29.977268 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:34:29.977268 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Network connectivity detected Feb 19 19:34:29.977142 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:34:29.977971 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Dropping privileges Feb 19 19:34:29.980620 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Network connectivity detected Feb 19 19:34:29.980800 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:34:29.980911 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:34:29.981008 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Firefox workaround initialized Feb 19 19:34:29.981081 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpugc9rleb] Feb 19 19:34:30.178640 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:30] [NOTICE] [DUT0] OK (DoH) - rtt: 75ms Feb 19 19:34:30.178640 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:30] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 75ms) Feb 19 19:34:30.178640 osdx dnscrypt-proxy[202160]: [2025-02-19 19:34:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:34:42.501510 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.1M, max 15.3M, 13.1M free. Feb 19 19:34:42.502637 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:34:42.502708 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:34:42.529478 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:34:43.186244 osdx osdx-coredump[198587]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:34:43.199515 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:34:44.080498 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:34:44.250549 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:34:44.352780 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:34:44.537570 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:44.680351 osdx INFO[198611]: FRR daemons did not change Feb 19 19:34:44.714687 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:34:44.903004 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:34:44.953810 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:34:44.993837 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:34:45.201621 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:34:47.291456 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:34:47.482244 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:34:47.631120 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:34:47.826644 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:34:47.943997 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 19 19:34:48.078308 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 19:34:48.273250 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 19:34:48.399688 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 19:34:48.533864 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:34:48.668309 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 19:34:48.844575 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:49.044711 osdx INFO[198730]: FRR daemons did not change Feb 19 19:34:49.073458 osdx ca-certificates[198746]: Updating certificates in /etc/ssl/certs... Feb 19 19:34:50.480223 osdx ca-certificates[199749]: 1 added, 0 removed; done. Feb 19 19:34:50.484816 osdx ca-certificates[199756]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:34:50.489411 osdx ca-certificates[199758]: done. Feb 19 19:34:50.679257 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:34:50.682538 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:34:50.686050 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:34:50.718239 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:34:50.718761 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Network connectivity detected Feb 19 19:34:50.719222 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Dropping privileges Feb 19 19:34:50.737193 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:34:50.741044 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Network connectivity detected Feb 19 19:34:50.741142 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:34:50.741142 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:34:50.741142 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 19:34:50.741142 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Firefox workaround initialized Feb 19 19:34:50.741340 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpg1q4m35c] Feb 19 19:34:50.968727 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:34:51.306176 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:34:51.693451 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:34:51.814894 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:51] [CRITICAL] [RD] may be a lying resolver Feb 19 19:34:51.814894 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:51] [NOTICE] [RD] OK (DoH) - rtt: 1009ms Feb 19 19:34:51.814894 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:51] [NOTICE] Server with the lowest initial latency: RD (rtt: 1009ms) Feb 19 19:34:51.814894 osdx dnscrypt-proxy[199818]: [2025-02-19 19:34:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:34:42.486127 osdx systemd-journald[1550]: Runtime Journal (/run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b) is 1.0M, max 7.2M, 6.2M free. Feb 19 19:34:42.489035 osdx systemd-journald[1550]: Received client request to rotate journal, rotating. Feb 19 19:34:42.489123 osdx systemd-journald[1550]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b. Feb 19 19:34:42.505772 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:34:43.367842 osdx osdx-coredump[203776]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:34:43.381511 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:34:45.366412 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:34:45.535280 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 19:34:45.665065 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:34:45.760370 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 19:34:45.935538 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:46.085947 osdx INFO[203807]: FRR daemons did not change Feb 19 19:34:46.125041 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:34:46.421685 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 19:34:46.456580 osdx sshd[203877]: Server listening on 0.0.0.0 port 22. Feb 19 19:34:46.456637 osdx sshd[203877]: Server listening on :: port 22. Feb 19 19:34:46.456821 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 19:34:46.502168 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:34:46.556042 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:34:46.618188 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:34:46.844702 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 19:34:52.251229 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff'. Feb 19 19:34:52.529377 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:34:52.714214 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 19:34:52.877473 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 19:34:53.069440 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 19:34:53.245119 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 19 19:34:53.468237 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:34:53.663174 osdx INFO[203938]: FRR daemons did not change Feb 19 19:34:53.713249 osdx ca-certificates[203956]: Updating certificates in /etc/ssl/certs... Feb 19 19:34:54.940874 osdx ca-certificates[204957]: 1 added, 0 removed; done. Feb 19 19:34:54.947066 osdx ca-certificates[204964]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:34:54.953408 osdx ca-certificates[204966]: done. Feb 19 19:34:55.113080 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:34:55.118991 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:34:55.123618 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:34:55.159079 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:34:55.159554 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Network connectivity detected Feb 19 19:34:55.159934 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Dropping privileges Feb 19 19:34:55.163925 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Network connectivity detected Feb 19 19:34:55.164130 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:34:55.164212 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:34:55.164317 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Firefox workaround initialized Feb 19 19:34:55.164389 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfrfc1m89] Feb 19 19:34:55.178099 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:34:55.394510 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] [DUT0] OK (DoH) - rtt: 79ms Feb 19 19:34:55.394510 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 79ms) Feb 19 19:34:55.394510 osdx dnscrypt-proxy[204973]: [2025-02-19 19:34:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 19:35:09.622799 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:35:09.630056 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:35:09.630196 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:35:09.694658 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:35:10.413763 osdx osdx-coredump[201483]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:35:10.440622 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:35:11.381870 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:35:11.552291 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:35:11.661966 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:35:11.822605 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:11.995505 osdx INFO[201507]: FRR daemons did not change Feb 19 19:35:12.034620 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:35:12.226285 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:35:12.274613 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:35:12.317105 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:35:12.549425 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:35:14.878817 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 19:35:15.128105 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:35:15.262311 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:35:15.400266 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:35:15.538622 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 19 19:35:15.700831 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 19 19:35:15.845120 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 19 19:35:15.967554 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 19 19:35:16.097791 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:35:16.284758 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 19:35:16.457370 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 19:35:16.591198 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 19:35:16.773996 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:16.941288 osdx INFO[201627]: FRR daemons did not change Feb 19 19:35:16.984733 osdx ca-certificates[201648]: Updating certificates in /etc/ssl/certs... Feb 19 19:35:18.546577 osdx ca-certificates[202646]: 1 added, 0 removed; done. Feb 19 19:35:18.555018 osdx ca-certificates[202651]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:35:18.561796 osdx ca-certificates[202655]: done. Feb 19 19:35:18.815426 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:35:18.819287 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:35:18.829681 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:35:18.867457 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:35:18.867859 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Network connectivity detected Feb 19 19:35:18.868009 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Dropping privileges Feb 19 19:35:18.875805 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Network connectivity detected Feb 19 19:35:18.876078 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:35:18.876078 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:35:18.876218 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 19:35:18.876218 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Firefox workaround initialized Feb 19 19:35:18.876218 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp91jyk78h] Feb 19 19:35:18.877415 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 19:35:18.877415 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 19:35:18.877415 osdx dnscrypt-proxy[202715]: [2025-02-19 19:35:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 19 19:35:18.885445 osdx OSDxCLI[2457]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:35:09.677525 osdx systemd-journald[1550]: Runtime Journal (/run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b) is 1.0M, max 7.2M, 6.2M free. Feb 19 19:35:09.678554 osdx systemd-journald[1550]: Received client request to rotate journal, rotating. Feb 19 19:35:09.678729 osdx systemd-journald[1550]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b. Feb 19 19:35:09.710139 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:35:10.652357 osdx osdx-coredump[206595]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:35:10.670067 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:35:12.784552 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:35:13.086679 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 19:35:13.244076 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:35:13.402671 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 19:35:13.582683 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:13.731522 osdx INFO[206626]: FRR daemons did not change Feb 19 19:35:13.773869 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:35:14.122414 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 19:35:14.143400 osdx sshd[206696]: Server listening on 0.0.0.0 port 22. Feb 19 19:35:14.143785 osdx sshd[206696]: Server listening on :: port 22. Feb 19 19:35:14.143983 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 19:35:14.196183 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:35:14.251033 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:35:14.297530 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:35:14.539909 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 19:35:19.305448 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:35:19.456194 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 19:35:19.605756 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 19:35:19.750307 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 19:35:19.951754 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 19 19:35:20.090575 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 19 19:35:20.300287 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 19 19:35:20.441671 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff'. Feb 19 19:35:20.597190 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:20.803515 osdx INFO[206757]: FRR daemons did not change Feb 19 19:35:20.844973 osdx ca-certificates[206773]: Updating certificates in /etc/ssl/certs... Feb 19 19:35:21.935095 osdx ca-certificates[207776]: 1 added, 0 removed; done. Feb 19 19:35:21.940688 osdx ca-certificates[207783]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:35:21.946574 osdx ca-certificates[207785]: done. Feb 19 19:35:22.098798 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:35:22.103944 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:35:22.118016 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:35:22.180138 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:35:22.183676 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:35:22.184106 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Network connectivity detected Feb 19 19:35:22.184531 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Dropping privileges Feb 19 19:35:22.189965 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Network connectivity detected Feb 19 19:35:22.189965 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:35:22.189965 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:35:22.189965 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Firefox workaround initialized Feb 19 19:35:22.189965 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptmz6fn8u] Feb 19 19:35:22.335922 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] [DUT0] OK (DoH) - rtt: 54ms Feb 19 19:35:22.335922 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 54ms) Feb 19 19:35:22.335922 osdx dnscrypt-proxy[207792]: [2025-02-19 19:35:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 19:35:39.625251 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 3.8M, max 15.3M, 11.5M free. Feb 19 19:35:39.630533 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:35:39.630939 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:35:39.670461 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:35:40.555712 osdx osdx-coredump[204360]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:35:40.572770 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:35:41.642871 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:35:41.901054 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:35:42.041967 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:35:42.237521 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:42.523686 osdx INFO[204384]: FRR daemons did not change Feb 19 19:35:42.656391 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:35:43.225342 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:35:43.359764 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:35:43.436648 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:35:43.705891 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:35:46.600667 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 19:35:46.872296 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 19 19:35:47.136166 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:35:47.294085 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:35:47.465660 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:35:47.692550 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 19 19:35:47.852346 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 19:35:48.046183 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 19:35:48.259321 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 19:35:48.431703 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 19:35:48.653424 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:48.891916 osdx INFO[204504]: FRR daemons did not change Feb 19 19:35:48.938162 osdx ca-certificates[204520]: Updating certificates in /etc/ssl/certs... Feb 19 19:35:50.334550 osdx ca-certificates[205522]: 1 added, 0 removed; done. Feb 19 19:35:50.346976 osdx ca-certificates[205530]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:35:50.357364 osdx ca-certificates[205532]: done. Feb 19 19:35:50.676921 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:35:50.691207 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:35:50.699899 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:35:50.759789 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:35:50.760956 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Network connectivity detected Feb 19 19:35:50.760956 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Dropping privileges Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Network connectivity detected Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Firefox workaround initialized Feb 19 19:35:50.771144 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkkirzyti] Feb 19 19:35:50.770872 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:35:50.774705 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] [RD] OK (DNSCrypt) - rtt: 1ms Feb 19 19:35:50.774705 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 1ms) Feb 19 19:35:50.774705 osdx dnscrypt-proxy[205592]: [2025-02-19 19:35:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 19:35:39.545335 osdx systemd-journald[1550]: Runtime Journal (/run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b) is 1.8M, max 7.2M, 5.4M free. Feb 19 19:35:39.552795 osdx systemd-journald[1550]: Received client request to rotate journal, rotating. Feb 19 19:35:39.552875 osdx systemd-journald[1550]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ee06d3e1f21747438cc5b4c977b7f07b. Feb 19 19:35:39.577971 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:35:40.672936 osdx osdx-coredump[209407]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:35:40.687788 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:35:43.751055 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:35:44.031195 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 19:35:44.215423 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:35:44.327518 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 19:35:44.596304 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:44.851940 osdx INFO[209438]: FRR daemons did not change Feb 19 19:35:44.884075 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:35:45.333239 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 19:35:45.383129 osdx sshd[209508]: Server listening on 0.0.0.0 port 22. Feb 19 19:35:45.383170 osdx sshd[209508]: Server listening on :: port 22. Feb 19 19:35:45.383797 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 19:35:45.479335 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:35:45.567194 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:35:45.673779 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:35:46.094288 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 19:35:51.171638 osdx OSDxCLI[135601]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 04896120712d04111cf0b6962fec103e640fd745fc42624cfb9981b42b3bf6ff'. Feb 19 19:35:51.391705 osdx OSDxCLI[135601]: User 'admin' entered the configuration menu. Feb 19 19:35:51.624476 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 19:35:51.757210 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 19:35:51.917185 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 19:35:52.080475 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBIlhIHEtBBEc8LaWL-wQPmQP10X8QmJM-5mBtCs79v8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 19 19:35:52.407764 osdx OSDxCLI[135601]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:35:52.557883 osdx INFO[209569]: FRR daemons did not change Feb 19 19:35:52.585727 osdx ca-certificates[209585]: Updating certificates in /etc/ssl/certs... Feb 19 19:35:53.790968 osdx ca-certificates[210589]: 1 added, 0 removed; done. Feb 19 19:35:53.798409 osdx ca-certificates[210595]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:35:53.806641 osdx ca-certificates[210597]: done. Feb 19 19:35:53.924375 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:35:53.926537 osdx cfgd[1251]: [135601]Completed change to active configuration Feb 19 19:35:53.932167 osdx OSDxCLI[135601]: User 'admin' committed the configuration. Feb 19 19:35:54.002682 osdx OSDxCLI[135601]: User 'admin' left the configuration menu. Feb 19 19:35:54.007375 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 19:35:54.007375 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Network connectivity detected Feb 19 19:35:54.008473 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Dropping privileges Feb 19 19:35:54.020276 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Network connectivity detected Feb 19 19:35:54.020276 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 19:35:54.020276 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 19:35:54.020276 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Firefox workaround initialized Feb 19 19:35:54.020276 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp218qskzf] Feb 19 19:35:54.200248 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] [DUT0] OK (DoH) - rtt: 63ms Feb 19 19:35:54.200710 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 63ms) Feb 19 19:35:54.200800 osdx dnscrypt-proxy[210604]: [2025-02-19 19:35:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13