Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:31:43.535088 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 17:31:43.537279 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:31:43.537362 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:31:43.553211 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:31:44.232006 osdx osdx-coredump[281562]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:31:44.246868 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:31:45.232713 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:45.396780 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:31:45.532532 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:31:45.719714 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:45.865660 osdx INFO[281586]: FRR daemons did not change Feb 19 17:31:45.897134 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:31:46.094047 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:46.144786 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:46.210627 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:31:46.532935 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:31:48.806940 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:31:48.990476 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:31:49.178346 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:31:49.381615 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 17:31:49.553813 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 17:31:49.756788 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 17:31:49.893447 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 17:31:50.018436 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 17:31:50.153881 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:31:50.273198 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 17:31:50.457884 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:50.691424 osdx INFO[281703]: FRR daemons did not change Feb 19 17:31:50.729056 osdx ca-certificates[281719]: Updating certificates in /etc/ssl/certs... Feb 19 17:31:51.825599 osdx ca-certificates[282724]: 1 added, 0 removed; done. Feb 19 17:31:51.831652 osdx ca-certificates[282729]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:31:51.836850 osdx ca-certificates[282731]: done. Feb 19 17:31:52.021867 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:31:52.025309 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:31:52.029367 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:31:52.063425 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:31:52.063904 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Network connectivity detected Feb 19 17:31:52.064367 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Dropping privileges Feb 19 17:31:52.068208 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Network connectivity detected Feb 19 17:31:52.068398 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:31:52.068487 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:31:52.068581 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 17:31:52.068686 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Firefox workaround initialized Feb 19 17:31:52.068769 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2h_1xqpk] Feb 19 17:31:52.079328 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:31:52.190523 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] [RD] OK (DoH) - rtt: 79ms Feb 19 17:31:52.190523 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 79ms) Feb 19 17:31:52.190523 osdx dnscrypt-proxy[282791]: [2025-02-19 17:31:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:31:43.485773 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/4ae5be8e493042ac8988aa43cad7f38b) is 992.0K, max 7.2M, 6.2M free. Feb 19 17:31:43.486981 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Feb 19 17:31:43.487093 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4ae5be8e493042ac8988aa43cad7f38b. Feb 19 17:31:43.508652 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:31:44.421113 osdx osdx-coredump[124731]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:31:44.438112 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:31:46.596854 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:31:46.828579 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 17:31:46.932450 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:31:47.059140 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 17:31:47.210093 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:47.389923 osdx INFO[124764]: FRR daemons did not change Feb 19 17:31:47.427022 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:31:47.827643 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 17:31:47.871158 osdx sshd[124834]: Server listening on 0.0.0.0 port 22. Feb 19 17:31:47.871197 osdx sshd[124834]: Server listening on :: port 22. Feb 19 17:31:47.871971 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 17:31:47.944207 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:31:48.001846 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:31:48.051664 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:31:48.335708 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 17:31:52.556172 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:31:52.690522 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 17:31:52.803488 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 17:31:52.929462 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 17:31:53.098364 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 19 17:31:53.231011 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 19 17:31:53.366050 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 19 17:31:53.536414 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c'. Feb 19 17:31:53.740837 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:31:53.888574 osdx INFO[124895]: FRR daemons did not change Feb 19 17:31:53.912515 osdx ca-certificates[124910]: Updating certificates in /etc/ssl/certs... Feb 19 17:31:54.919841 osdx ca-certificates[125914]: 1 added, 0 removed; done. Feb 19 17:31:54.925272 osdx ca-certificates[125921]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:31:54.930499 osdx ca-certificates[125923]: done. Feb 19 17:31:55.087986 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:31:55.091948 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:31:55.096927 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:31:55.134476 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:31:55.134983 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Network connectivity detected Feb 19 17:31:55.135641 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Dropping privileges Feb 19 17:31:55.138992 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Network connectivity detected Feb 19 17:31:55.139153 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:31:55.139243 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:31:55.139358 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Firefox workaround initialized Feb 19 17:31:55.139435 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpauto415r] Feb 19 17:31:55.165944 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:31:55.320189 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] [DUT0] OK (DoH) - rtt: 79ms Feb 19 17:31:55.320189 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 79ms) Feb 19 17:31:55.320189 osdx dnscrypt-proxy[125930]: [2025-02-19 17:31:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:32:06.482940 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 17:32:06.483721 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:32:06.483786 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:32:06.499269 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:07.084402 osdx osdx-coredump[284444]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:07.096644 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:07.927707 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:08.090032 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:32:08.188823 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:08.325898 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:08.452169 osdx INFO[284468]: FRR daemons did not change Feb 19 17:32:08.483728 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:08.680813 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:08.721499 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:08.777309 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:32:09.010544 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:32:10.941209 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 17:32:11.195206 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:11.415405 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:32:11.559327 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:32:11.697903 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA8FekL0CKhYZFh0YsjWEH7uVH9klHL8Wuq-SRLrtOoQApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Feb 19 17:32:11.875603 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 17:32:12.042092 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 17:32:12.177969 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 17:32:12.322806 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:32:12.483950 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 17:32:12.680698 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:12.843639 osdx INFO[284587]: FRR daemons did not change Feb 19 17:32:12.875139 osdx ca-certificates[284603]: Updating certificates in /etc/ssl/certs... Feb 19 17:32:13.755678 osdx ca-certificates[285606]: 1 added, 0 removed; done. Feb 19 17:32:13.761650 osdx ca-certificates[285613]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:32:13.766826 osdx ca-certificates[285615]: done. Feb 19 17:32:13.928150 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:32:13.929944 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:13.934543 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:13.962680 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:32:13.963164 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Network connectivity detected Feb 19 17:32:13.963624 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Dropping privileges Feb 19 17:32:13.967680 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Network connectivity detected Feb 19 17:32:13.967790 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:32:13.967790 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:32:13.967790 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 17:32:13.967790 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Firefox workaround initialized Feb 19 17:32:13.967790 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpl5or1uf0] Feb 19 17:32:13.974113 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:32:14.062663 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:14] [NOTICE] [RD] OK (DoH) - rtt: 54ms Feb 19 17:32:14.062663 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:14] [NOTICE] Server with the lowest initial latency: RD (rtt: 54ms) Feb 19 17:32:14.062663 osdx dnscrypt-proxy[285675]: [2025-02-19 17:32:14] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:32:06.435096 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/4ae5be8e493042ac8988aa43cad7f38b) is 1016.0K, max 7.2M, 6.2M free. Feb 19 17:32:06.436535 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Feb 19 17:32:06.436618 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4ae5be8e493042ac8988aa43cad7f38b. Feb 19 17:32:06.456470 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:07.240336 osdx osdx-coredump[127552]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:07.254398 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:09.197636 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:32:09.355615 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 17:32:09.441393 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:09.539832 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 17:32:09.686124 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:09.799998 osdx INFO[127583]: FRR daemons did not change Feb 19 17:32:09.832538 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:10.133232 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 17:32:10.160083 osdx sshd[127653]: Server listening on 0.0.0.0 port 22. Feb 19 17:32:10.160128 osdx sshd[127653]: Server listening on :: port 22. Feb 19 17:32:10.160589 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 17:32:10.199579 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:32:10.262724 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:32:10.308497 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:32:10.557319 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 17:32:14.282594 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c'. Feb 19 17:32:14.480894 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:32:14.609172 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 17:32:14.712996 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 17:32:14.823387 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 17:32:14.941910 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 19 17:32:15.114598 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:15.239125 osdx INFO[127714]: FRR daemons did not change Feb 19 17:32:15.263316 osdx ca-certificates[127730]: Updating certificates in /etc/ssl/certs... Feb 19 17:32:16.458114 osdx ca-certificates[128733]: 1 added, 0 removed; done. Feb 19 17:32:16.463911 osdx ca-certificates[128740]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:32:16.469690 osdx ca-certificates[128742]: done. Feb 19 17:32:16.594734 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:32:16.597526 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:32:16.604132 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:32:16.640740 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:32:16.641223 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Network connectivity detected Feb 19 17:32:16.641598 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Dropping privileges Feb 19 17:32:16.645881 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Network connectivity detected Feb 19 17:32:16.646134 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:32:16.646244 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:32:16.646368 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Firefox workaround initialized Feb 19 17:32:16.646457 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqkzsr50w] Feb 19 17:32:16.667582 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:32:16.772489 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] [DUT0] OK (DoH) - rtt: 58ms Feb 19 17:32:16.772825 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 58ms) Feb 19 17:32:16.772924 osdx dnscrypt-proxy[128749]: [2025-02-19 17:32:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 17:32:28.549678 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 17:32:28.550804 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:32:28.550877 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:32:28.581986 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:29.248424 osdx osdx-coredump[287320]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:29.262390 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:30.279515 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:30.530796 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:32:30.660725 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:30.845195 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:30.997637 osdx INFO[287344]: FRR daemons did not change Feb 19 17:32:31.046798 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:31.256339 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:31.307993 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:31.343337 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:32:31.588759 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:32:33.624210 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 17:32:33.828702 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:33.960476 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:32:34.073544 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:32:34.226761 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Feb 19 17:32:34.387443 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Feb 19 17:32:34.543841 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Feb 19 17:32:34.731624 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b'. Feb 19 17:32:34.920856 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:32:35.101342 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 17:32:35.266003 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 17:32:35.523088 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 17:32:35.687197 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:35.870988 osdx INFO[287464]: FRR daemons did not change Feb 19 17:32:35.906646 osdx ca-certificates[287479]: Updating certificates in /etc/ssl/certs... Feb 19 17:32:36.928908 osdx ca-certificates[288483]: 1 added, 0 removed; done. Feb 19 17:32:36.934614 osdx ca-certificates[288490]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:32:36.939534 osdx ca-certificates[288492]: done. Feb 19 17:32:37.150610 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:32:37.153240 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:37.156564 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:37.206772 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:32:37.206772 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Network connectivity detected Feb 19 17:32:37.206772 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Dropping privileges Feb 19 17:32:37.209105 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:32:37.211169 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Network connectivity detected Feb 19 17:32:37.211248 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:32:37.211248 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:32:37.211248 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 17:32:37.211325 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Firefox workaround initialized Feb 19 17:32:37.211325 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpi6gk428p] Feb 19 17:32:37.212450 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 17:32:37.212450 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 17:32:37.212450 osdx dnscrypt-proxy[288552]: [2025-02-19 17:32:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:32:28.512334 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/4ae5be8e493042ac8988aa43cad7f38b) is 1.0M, max 7.2M, 6.2M free. Feb 19 17:32:28.513224 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Feb 19 17:32:28.513296 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4ae5be8e493042ac8988aa43cad7f38b. Feb 19 17:32:28.532340 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:29.413496 osdx osdx-coredump[130366]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:29.427712 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:31.667469 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:32:31.827877 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 17:32:31.960486 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:32.113064 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 17:32:32.295467 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:32.471319 osdx INFO[130396]: FRR daemons did not change Feb 19 17:32:32.517030 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:32.877589 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 17:32:32.896899 osdx sshd[130467]: Server listening on 0.0.0.0 port 22. Feb 19 17:32:32.897299 osdx sshd[130467]: Server listening on :: port 22. Feb 19 17:32:32.897527 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 17:32:32.932248 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:32:32.978149 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:32:33.030879 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:32:33.264028 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 17:32:37.488188 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:32:37.640937 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 17:32:37.754937 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 17:32:37.866871 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 17:32:38.036111 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Feb 19 17:32:38.155043 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Feb 19 17:32:38.300749 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Feb 19 17:32:38.433873 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c'. Feb 19 17:32:38.591108 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:38.752815 osdx INFO[130528]: FRR daemons did not change Feb 19 17:32:38.777402 osdx ca-certificates[130544]: Updating certificates in /etc/ssl/certs... Feb 19 17:32:39.782439 osdx ca-certificates[131547]: 1 added, 0 removed; done. Feb 19 17:32:39.787102 osdx ca-certificates[131554]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:32:39.792840 osdx ca-certificates[131556]: done. Feb 19 17:32:39.913839 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:32:39.917269 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:32:39.921861 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:32:39.946880 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:32:39.947249 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Network connectivity detected Feb 19 17:32:39.947500 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Dropping privileges Feb 19 17:32:39.950788 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Network connectivity detected Feb 19 17:32:39.950863 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:32:39.950863 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:32:39.950863 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Firefox workaround initialized Feb 19 17:32:39.950948 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0pzg6a70] Feb 19 17:32:39.962790 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:32:40.099441 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:40] [NOTICE] [DUT0] OK (DoH) - rtt: 77ms Feb 19 17:32:40.099441 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:40] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 77ms) Feb 19 17:32:40.099441 osdx dnscrypt-proxy[131563]: [2025-02-19 17:32:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Feb 19 17:32:51.460926 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.2M, max 15.3M, 13.0M free. Feb 19 17:32:51.462358 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 17:32:51.462446 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 17:32:51.476952 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:52.038620 osdx osdx-coredump[290197]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:52.050562 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:52.865539 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:53.059649 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 17:32:53.157080 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:53.365043 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:53.522135 osdx INFO[290221]: FRR daemons did not change Feb 19 17:32:53.567804 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:53.809738 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:53.867826 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:53.902405 osdx OSDxCLI[95458]: User 'admin' left the configuration menu. Feb 19 17:32:54.117544 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 17:32:56.219589 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Feb 19 17:32:56.393802 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key e3:8c:4e:85:1c:43:d1:38:0b:38:bd:d9:27:f6:8c:8e:34:e2:80:d4:88:03:fa:7b:46:fc:bd:8b:76:cd:81:9b ip 10.215.168.1 port 8443'. Feb 19 17:32:56.597703 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu. Feb 19 17:32:56.741553 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 17:32:56.916173 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 17:32:57.143302 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIOOMToUcQ9E4Czi92Sf2jI404oDUiAP6e0b8vYt2zYGbGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Feb 19 17:32:57.279966 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns resolver local'. Feb 19 17:32:57.455940 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Feb 19 17:32:57.612581 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Feb 19 17:32:57.782741 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Feb 19 17:32:57.976625 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:58.163321 osdx INFO[290341]: FRR daemons did not change Feb 19 17:32:58.189267 osdx ca-certificates[290357]: Updating certificates in /etc/ssl/certs... Feb 19 17:32:59.229563 osdx ca-certificates[291360]: 1 added, 0 removed; done. Feb 19 17:32:59.243965 osdx ca-certificates[291367]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:32:59.249137 osdx ca-certificates[291369]: done. Feb 19 17:32:59.459208 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:32:59.462720 osdx cfgd[1448]: [95458]Completed change to active configuration Feb 19 17:32:59.469188 osdx OSDxCLI[95458]: User 'admin' committed the configuration. Feb 19 17:32:59.499883 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:32:59.499883 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Network connectivity detected Feb 19 17:32:59.500498 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Dropping privileges Feb 19 17:32:59.505029 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Network connectivity detected Feb 19 17:32:59.505029 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:32:59.505029 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:32:59.505387 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Feb 19 17:32:59.505387 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Firefox workaround initialized Feb 19 17:32:59.505387 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4t7jge29] Feb 19 17:32:59.506720 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Feb 19 17:32:59.506720 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Feb 19 17:32:59.506720 osdx dnscrypt-proxy[291429]: [2025-02-19 17:32:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Feb 19 17:32:59.537905 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Feb 19 17:32:51.411247 osdx systemd-journald[1553]: Runtime Journal (/run/log/journal/4ae5be8e493042ac8988aa43cad7f38b) is 1.0M, max 7.2M, 6.2M free. Feb 19 17:32:51.412584 osdx systemd-journald[1553]: Received client request to rotate journal, rotating. Feb 19 17:32:51.412682 osdx systemd-journald[1553]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4ae5be8e493042ac8988aa43cad7f38b. Feb 19 17:32:51.430295 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system journal clear'. Feb 19 17:32:52.189975 osdx osdx-coredump[133179]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 17:32:52.202404 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 17:32:54.291712 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:32:54.478536 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Feb 19 17:32:54.611033 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 17:32:54.716120 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 17:32:54.879986 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:32:55.063376 osdx INFO[133210]: FRR daemons did not change Feb 19 17:32:55.100538 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 17:32:55.448562 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 17:32:55.472854 osdx sshd[133280]: Server listening on 0.0.0.0 port 22. Feb 19 17:32:55.473226 osdx sshd[133280]: Server listening on :: port 22. Feb 19 17:32:55.473468 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 17:32:55.511149 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:32:55.568711 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:32:55.614183 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:32:55.851446 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Feb 19 17:32:59.891602 osdx OSDxCLI[1795]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 167f1f450d072679f800c9c47a3d9dd192a9e6d09299b5787a85f75eae95bc7c'. Feb 19 17:33:00.104971 osdx OSDxCLI[1795]: User 'admin' entered the configuration menu. Feb 19 17:33:00.268298 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Feb 19 17:33:00.382504 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Feb 19 17:33:00.525320 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Feb 19 17:33:00.762718 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgFn8fRQ0HJnn4AMnEej2d0ZKp5tCSmbV4eoX3Xq6VvHwNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Feb 19 17:33:00.921464 osdx OSDxCLI[1795]: User 'admin' added a new cfg line: 'show working'. Feb 19 17:33:01.068714 osdx INFO[133341]: FRR daemons did not change Feb 19 17:33:01.100088 osdx ca-certificates[133357]: Updating certificates in /etc/ssl/certs... Feb 19 17:33:02.106100 osdx ca-certificates[134360]: 1 added, 0 removed; done. Feb 19 17:33:02.115593 osdx ca-certificates[134367]: Running hooks in /etc/ca-certificates/update.d... Feb 19 17:33:02.125564 osdx ca-certificates[134369]: done. Feb 19 17:33:02.425311 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 17:33:02.428401 osdx cfgd[96903]: [1795]Completed change to active configuration Feb 19 17:33:02.442970 osdx OSDxCLI[1795]: User 'admin' committed the configuration. Feb 19 17:33:02.472768 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] dnscrypt-proxy 2.0.45 Feb 19 17:33:02.473254 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Network connectivity detected Feb 19 17:33:02.473669 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Dropping privileges Feb 19 17:33:02.485957 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Network connectivity detected Feb 19 17:33:02.486398 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Feb 19 17:33:02.486522 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Feb 19 17:33:02.486744 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Firefox workaround initialized Feb 19 17:33:02.486874 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyvf42j49] Feb 19 17:33:02.512297 osdx OSDxCLI[1795]: User 'admin' left the configuration menu. Feb 19 17:33:02.697564 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] [DUT0] OK (DoH) - rtt: 79ms Feb 19 17:33:02.697564 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 79ms) Feb 19 17:33:02.697564 osdx dnscrypt-proxy[134379]: [2025-02-19 17:33:02] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13