Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:30:29.412234 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 17:30:29.414630 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:30:29.414805 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:30:29.430476 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:30:30.240865 osdx osdx-coredump[269776]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:30:30.258287 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:30:31.241634 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:30:31.438951 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:30:31.569013 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:30:31.777876 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:30:31.927684 osdx INFO[269800]: FRR daemons did not change Feb 19 17:30:31.962621 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:30:32.141225 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:30:32.184708 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:30:32.215611 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:30:32.452125 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:30:32.671545 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:30:32.796394 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:30:32.928782 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:30:33.043581 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 17:30:33.145354 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 17:30:33.265253 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 17:30:33.376596 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:30:33.527832 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:30:33.654411 osdx INFO[269914]: FRR daemons did not change Feb 19 17:30:33.675165 osdx ca-certificates[269930]: Updating certificates in /etc/ssl/certs... Feb 19 17:30:34.788606 osdx ca-certificates[270934]: 1 added, 0 removed; done. Feb 19 17:30:34.795823 osdx ca-certificates[270940]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:30:34.800912 osdx ca-certificates[270942]: done. Feb 19 17:30:34.999550 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:30:35.003324 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:30:35.007497 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:30:35.060706 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:30:35.060706 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Network connectivity detected Feb 19 17:30:35.060706 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Dropping privileges Feb 19 17:30:35.061776 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:30:35.065756 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Network connectivity detected Feb 19 17:30:35.065756 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:30:35.065756 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:30:35.065756 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Firefox workaround initialized Feb 19 17:30:35.065756 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphntri9hp] Feb 19 17:30:35.260716 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] [RD] OK (DoH) - rtt: 123ms Feb 19 17:30:35.260880 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 123ms) Feb 19 17:30:35.260964 osdx dnscrypt-proxy[270999]: [2025-02-19 17:30:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:30:43.500489 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 17:30:43.504148 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:30:43.504237 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:30:43.517201 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:30:44.346656 osdx osdx-coredump[272647]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:30:44.370560 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:30:45.376641 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:30:45.537749 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:30:45.633071 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:30:45.825873 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:30:45.966463 osdx INFO[272671]: FRR daemons did not change Feb 19 17:30:46.012165 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:30:46.198205 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:30:46.256663 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:30:46.303432 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:30:46.563625 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:30:46.830596 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 17:30:47.101374 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:30:47.262722 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:30:47.422842 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:30:47.560752 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 19 17:30:47.691691 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:30:47.869638 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:30:48.005840 osdx INFO[272786]: FRR daemons did not change Feb 19 17:30:48.032459 osdx ca-certificates[272802]: Updating certificates in /etc/ssl/certs... Feb 19 17:30:49.538435 osdx ca-certificates[273807]: 1 added, 0 removed; done. Feb 19 17:30:49.544978 osdx ca-certificates[273812]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:30:49.555196 osdx ca-certificates[273814]: done. Feb 19 17:30:49.740754 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:30:49.748433 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:30:49.758611 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:30:49.801539 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:30:49.801539 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Network connectivity detected Feb 19 17:30:49.801539 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Dropping privileges Feb 19 17:30:49.812978 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Network connectivity detected Feb 19 17:30:49.813069 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:30:49.813069 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:30:49.813069 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Firefox workaround initialized Feb 19 17:30:49.813069 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpoon3a812] Feb 19 17:30:49.817390 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:30:49.955229 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] [RD] OK (DoH) - rtt: 82ms Feb 19 17:30:49.955229 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] Server with the lowest initial latency: RD (rtt: 82ms) Feb 19 17:30:49.955229 osdx dnscrypt-proxy[273871]: [2025-02-19 17:30:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 17:31:00.507763 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 17:31:00.508488 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:31:00.508534 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:31:00.529216 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:31:01.135661 osdx osdx-coredump[275516]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:31:01.148005 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:31:02.130627 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:02.356335 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:31:02.456620 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:31:02.614285 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:02.765926 osdx INFO[275543]: FRR daemons did not change Feb 19 17:31:02.796176 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:31:02.973667 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:03.031725 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:03.090100 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:31:03.398536 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:31:03.715647 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 17:31:03.927613 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:04.086683 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:31:04.241207 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:31:04.442385 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 19 17:31:04.617177 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 19 17:31:04.805930 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 19 17:31:04.956662 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 19 17:31:05.128587 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:31:05.277858 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:05.426798 osdx INFO[275660]: FRR daemons did not change Feb 19 17:31:05.450280 osdx ca-certificates[275676]: Updating certificates in /etc/ssl/certs... Feb 19 17:31:06.379826 osdx ca-certificates[276679]: 1 added, 0 removed; done. Feb 19 17:31:06.386191 osdx ca-certificates[276686]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:31:06.391510 osdx ca-certificates[276688]: done. Feb 19 17:31:06.564652 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:31:06.569369 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:06.574788 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:06.601101 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:31:06.601369 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Network connectivity detected Feb 19 17:31:06.601653 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Dropping privileges Feb 19 17:31:06.608242 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Network connectivity detected Feb 19 17:31:06.608242 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:31:06.608242 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:31:06.608242 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Firefox workaround initialized Feb 19 17:31:06.608242 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpienbjnx5] Feb 19 17:31:06.622662 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] [RD] OK (DNSCrypt) - rtt: 15ms Feb 19 17:31:06.622662 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] Server with the lowest initial latency: RD (rtt: 15ms) Feb 19 17:31:06.622662 osdx dnscrypt-proxy[276745]: [2025-02-19 17:31:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 19 17:31:06.629478 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 17:31:15.446865 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 17:31:15.448660 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:31:15.448739 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:31:15.466455 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:31:16.049743 osdx osdx-coredump[278393]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:31:16.062747 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:31:16.971616 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:17.152996 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:31:17.268119 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:31:17.438522 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:17.596195 osdx INFO[278417]: FRR daemons did not change Feb 19 17:31:17.627935 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:31:17.827379 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:17.877494 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:17.923375 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:31:18.174764 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:31:18.378969 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 17:31:18.594305 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 19 17:31:18.838317 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:19.001274 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:31:19.163855 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:31:19.287207 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 19 17:31:19.422225 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:31:19.629523 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:19.866355 osdx INFO[278534]: FRR daemons did not change Feb 19 17:31:19.893611 osdx ca-certificates[278550]: Updating certificates in /etc/ssl/certs... Feb 19 17:31:20.967196 osdx ca-certificates[279553]: 1 added, 0 removed; done. Feb 19 17:31:20.973647 osdx ca-certificates[279560]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:31:20.980275 osdx ca-certificates[279562]: done. Feb 19 17:31:21.140529 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:31:21.149596 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:21.154540 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:21.193974 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:31:21.194372 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Network connectivity detected Feb 19 17:31:21.194541 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Dropping privileges Feb 19 17:31:21.198566 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Network connectivity detected Feb 19 17:31:21.198566 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:31:21.198566 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:31:21.198566 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Firefox workaround initialized Feb 19 17:31:21.198566 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpoheivl_x] Feb 19 17:31:21.200219 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 17:31:21.200219 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 17:31:21.200219 osdx dnscrypt-proxy[279619]: [2025-02-19 17:31:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 19 17:31:21.210354 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16