Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 18 12:41:36.359981 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.2M free. Mar 18 12:41:36.361763 osdx systemd-journald[1668]: Received client request to rotate journal, rotating. Mar 18 12:41:36.361815 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe. Mar 18 12:41:36.373575 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'. Mar 18 12:41:36.797741 osdx osdx-coredump[98170]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 12:41:36.807513 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 12:41:37.445227 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:41:37.592636 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 18 12:41:37.670454 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 18 12:41:37.783300 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:41:37.876790 osdx INFO[98194]: FRR daemons did not change Mar 18 12:41:37.901635 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 12:41:38.037720 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:41:38.079653 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:41:38.111392 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:41:38.286294 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 12:41:38.463189 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:41:38.557666 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 18 12:41:38.648192 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 18 12:41:38.745900 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 18 12:41:38.859916 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 18 12:41:38.954445 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 18 12:41:39.033680 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 18 12:41:39.176963 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:41:39.299323 osdx INFO[98308]: FRR daemons did not change Mar 18 12:41:39.316071 osdx ca-certificates[98324]: Updating certificates in /etc/ssl/certs... Mar 18 12:41:40.025931 osdx ca-certificates[99328]: 1 added, 0 removed; done. Mar 18 12:41:40.030058 osdx ca-certificates[99334]: Running hooks in /etc/ca-certificates/update.d... Mar 18 12:41:40.034426 osdx ca-certificates[99336]: done. Mar 18 12:41:40.170045 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 18 12:41:40.171549 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:41:40.174897 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:41:40.200465 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] dnscrypt-proxy 2.0.45 Mar 18 12:41:40.200699 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Network connectivity detected Mar 18 12:41:40.200844 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Dropping privileges Mar 18 12:41:40.201043 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:41:40.203891 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Network connectivity detected Mar 18 12:41:40.203891 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 18 12:41:40.203891 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 18 12:41:40.203990 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Firefox workaround initialized Mar 18 12:41:40.203990 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpmcwqdlk3] Mar 18 12:41:40.292061 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] [RD] OK (DoH) - rtt: 54ms Mar 18 12:41:40.292061 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] Server with the lowest initial latency: RD (rtt: 54ms) Mar 18 12:41:40.292061 osdx dnscrypt-proxy[99393]: [2025-03-18 12:41:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 18 12:41:46.383928 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free. Mar 18 12:41:46.386560 osdx systemd-journald[1668]: Received client request to rotate journal, rotating. Mar 18 12:41:46.386649 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe. Mar 18 12:41:46.398064 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'. Mar 18 12:41:46.829905 osdx osdx-coredump[101039]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 12:41:46.840372 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 12:41:47.456325 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:41:47.604542 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 18 12:41:47.683818 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 18 12:41:47.818398 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:41:47.915829 osdx INFO[101063]: FRR daemons did not change Mar 18 12:41:47.942591 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 12:41:48.078311 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:41:48.113154 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:41:48.139861 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:41:48.317647 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 12:41:48.491428 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 18 12:41:48.686273 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:41:48.779423 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 18 12:41:48.895420 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 18 12:41:48.992349 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 18 12:41:49.074015 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 18 12:41:49.190284 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:41:49.283261 osdx INFO[101178]: FRR daemons did not change Mar 18 12:41:49.300647 osdx ca-certificates[101194]: Updating certificates in /etc/ssl/certs... Mar 18 12:41:49.996146 osdx ca-certificates[102197]: 1 added, 0 removed; done. Mar 18 12:41:50.000107 osdx ca-certificates[102204]: Running hooks in /etc/ca-certificates/update.d... Mar 18 12:41:50.004000 osdx ca-certificates[102206]: done. Mar 18 12:41:50.123004 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 18 12:41:50.124532 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:41:50.128695 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:41:50.154674 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:41:50.155893 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] dnscrypt-proxy 2.0.45 Mar 18 12:41:50.156087 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Network connectivity detected Mar 18 12:41:50.156290 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Dropping privileges Mar 18 12:41:50.158968 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Network connectivity detected Mar 18 12:41:50.159029 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 18 12:41:50.159029 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 18 12:41:50.159029 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Firefox workaround initialized Mar 18 12:41:50.159029 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp88y_jw_w] Mar 18 12:41:50.361778 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] [RD] OK (DoH) - rtt: 139ms Mar 18 12:41:50.361778 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 139ms) Mar 18 12:41:50.361778 osdx dnscrypt-proxy[102263]: [2025-03-18 12:41:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 18 12:41:50.366065 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 18 12:41:59.379185 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free. Mar 18 12:41:59.380379 osdx systemd-journald[1668]: Received client request to rotate journal, rotating. Mar 18 12:41:59.380444 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe. Mar 18 12:41:59.393212 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'. Mar 18 12:41:59.828074 osdx osdx-coredump[103915]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 12:41:59.838354 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 12:42:00.450782 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:42:00.591245 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 18 12:42:00.666005 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 18 12:42:00.780195 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:42:00.872503 osdx INFO[103939]: FRR daemons did not change Mar 18 12:42:00.900400 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 12:42:01.033389 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:42:01.068030 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:42:01.093171 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:42:01.274796 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 12:42:01.481514 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 18 12:42:01.649897 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:42:01.743577 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 18 12:42:01.861476 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 18 12:42:01.952322 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 18 12:42:02.041065 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 18 12:42:02.132416 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 18 12:42:02.254733 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71'. Mar 18 12:42:02.332287 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 18 12:42:02.446058 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:42:02.545059 osdx INFO[104059]: FRR daemons did not change Mar 18 12:42:02.562520 osdx ca-certificates[104075]: Updating certificates in /etc/ssl/certs... Mar 18 12:42:03.267678 osdx ca-certificates[105078]: 1 added, 0 removed; done. Mar 18 12:42:03.271780 osdx ca-certificates[105085]: Running hooks in /etc/ca-certificates/update.d... Mar 18 12:42:03.275727 osdx ca-certificates[105087]: done. Mar 18 12:42:03.396911 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 18 12:42:03.398756 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:42:03.401952 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:42:03.426633 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] dnscrypt-proxy 2.0.45 Mar 18 12:42:03.426873 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Network connectivity detected Mar 18 12:42:03.426963 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Dropping privileges Mar 18 12:42:03.429540 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Network connectivity detected Mar 18 12:42:03.429608 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 18 12:42:03.429608 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 18 12:42:03.429686 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Firefox workaround initialized Mar 18 12:42:03.429686 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgw0vqu72] Mar 18 12:42:03.430564 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 18 12:42:03.430631 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 18 12:42:03.430631 osdx dnscrypt-proxy[105144]: [2025-03-18 12:42:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 18 12:42:03.440057 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 18 12:42:10.374632 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free. Mar 18 12:42:10.377519 osdx systemd-journald[1668]: Received client request to rotate journal, rotating. Mar 18 12:42:10.377600 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe. Mar 18 12:42:10.388995 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'. Mar 18 12:42:10.817368 osdx osdx-coredump[106790]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 12:42:10.827775 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 12:42:11.454657 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:42:11.614563 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 18 12:42:11.688657 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 18 12:42:11.796305 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:42:11.886943 osdx INFO[106814]: FRR daemons did not change Mar 18 12:42:11.913512 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 12:42:12.043468 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:42:12.077872 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:42:12.105704 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:42:12.281790 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 12:42:12.426903 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 18 12:42:12.555023 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443'. Mar 18 12:42:12.727168 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu. Mar 18 12:42:12.823889 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 18 12:42:12.917458 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 18 12:42:13.041896 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 18 12:42:13.125074 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 18 12:42:13.270991 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'. Mar 18 12:42:13.383456 osdx INFO[106931]: FRR daemons did not change Mar 18 12:42:13.402449 osdx ca-certificates[106947]: Updating certificates in /etc/ssl/certs... Mar 18 12:42:14.109397 osdx ca-certificates[107951]: 1 added, 0 removed; done. Mar 18 12:42:14.113541 osdx ca-certificates[107957]: Running hooks in /etc/ca-certificates/update.d... Mar 18 12:42:14.117409 osdx ca-certificates[107959]: done. Mar 18 12:42:14.238030 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 18 12:42:14.239903 osdx cfgd[1456]: [56339]Completed change to active configuration Mar 18 12:42:14.243015 osdx OSDxCLI[56339]: User 'admin' committed the configuration. Mar 18 12:42:14.268952 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] dnscrypt-proxy 2.0.45 Mar 18 12:42:14.269218 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Network connectivity detected Mar 18 12:42:14.269356 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Dropping privileges Mar 18 12:42:14.272349 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Network connectivity detected Mar 18 12:42:14.272349 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 18 12:42:14.272349 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 18 12:42:14.272349 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Firefox workaround initialized Mar 18 12:42:14.272349 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjyhvzrhs] Mar 18 12:42:14.272266 osdx OSDxCLI[56339]: User 'admin' left the configuration menu. Mar 18 12:42:14.273030 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 18 12:42:14.273030 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 18 12:42:14.273103 osdx dnscrypt-proxy[108016]: [2025-03-18 12:42:14] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16