Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:51:44.316660 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.2M free. Mar 10 12:51:44.318917 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:51:44.318970 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:51:44.328059 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:44.667106 osdx osdx-coredump[266820]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:44.675033 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:45.206672 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:45.325279 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:51:45.378649 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:45.505817 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:45.573959 osdx INFO[266844]: FRR daemons did not change Mar 10 12:51:45.594920 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:45.694883 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:45.722438 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:45.739667 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:45.888699 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:51:46.161518 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:46.242299 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:51:46.352396 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:51:46.432831 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 10 12:51:46.547257 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 10 12:51:46.656745 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Mar 10 12:51:46.707685 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:51:46.848943 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:46.964831 osdx INFO[266958]: FRR daemons did not change Mar 10 12:51:46.978819 osdx ca-certificates[266974]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:47.494881 osdx ca-certificates[267978]: 1 added, 0 removed; done. Mar 10 12:51:47.498221 osdx ca-certificates[267984]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:47.501006 osdx ca-certificates[267986]: done. Mar 10 12:51:47.607380 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:47.608645 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:47.611465 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:47.631033 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:47.631302 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Network connectivity detected Mar 10 12:51:47.631479 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Dropping privileges Mar 10 12:51:47.632038 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:47.633773 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Network connectivity detected Mar 10 12:51:47.633812 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:47.633812 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:47.633860 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Firefox workaround initialized Mar 10 12:51:47.633860 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_i34w80j] Mar 10 12:51:47.745804 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] [RD] OK (DoH) - rtt: 80ms Mar 10 12:51:47.745804 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] Server with the lowest initial latency: RD (rtt: 80ms) Mar 10 12:51:47.745804 osdx dnscrypt-proxy[268043]: [2025-03-10 12:51:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:51:53.299270 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.3M free. Mar 10 12:51:53.300054 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:51:53.300098 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:51:53.309406 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:53.628400 osdx osdx-coredump[269688]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:53.636322 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:54.099734 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:54.226342 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:51:54.291420 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:54.406765 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:54.475497 osdx INFO[269712]: FRR daemons did not change Mar 10 12:51:54.496063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:54.619618 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:54.653447 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:54.669973 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:54.819888 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:51:54.969492 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Mar 10 12:51:55.127126 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:55.195586 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:51:55.310002 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:51:55.379946 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 10 12:51:55.469386 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:51:55.556844 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:55.632021 osdx INFO[269827]: FRR daemons did not change Mar 10 12:51:55.646638 osdx ca-certificates[269842]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:56.167781 osdx ca-certificates[270847]: 1 added, 0 removed; done. Mar 10 12:51:56.171136 osdx ca-certificates[270853]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:56.173973 osdx ca-certificates[270855]: done. Mar 10 12:51:56.276443 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:56.277635 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:56.280788 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:56.301675 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:56.311646 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:56.311880 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Network connectivity detected Mar 10 12:51:56.312103 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Dropping privileges Mar 10 12:51:56.314093 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Network connectivity detected Mar 10 12:51:56.314129 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:56.314129 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:56.314156 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Firefox workaround initialized Mar 10 12:51:56.314156 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpeguwct96] Mar 10 12:51:56.418234 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] [RD] OK (DoH) - rtt: 81ms Mar 10 12:51:56.418234 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] Server with the lowest initial latency: RD (rtt: 81ms) Mar 10 12:51:56.418234 osdx dnscrypt-proxy[270912]: [2025-03-10 12:51:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 10 12:52:01.386700 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.3M free. Mar 10 12:52:01.389712 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:52:01.389794 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:52:01.397856 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:52:01.742764 osdx osdx-coredump[272557]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:52:01.751418 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:52:02.283443 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:52:02.406654 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:52:02.491228 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:52:02.562513 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:52:02.663147 osdx INFO[272584]: FRR daemons did not change Mar 10 12:52:02.685705 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:52:02.802061 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:52:02.831134 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:52:02.849423 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:52:02.997184 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:52:03.104846 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 10 12:52:03.259604 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:52:03.328346 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:52:03.426731 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:52:03.483917 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 10 12:52:03.581852 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 10 12:52:03.643559 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 10 12:52:03.749834 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c'. Mar 10 12:52:03.801679 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:52:03.919554 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:52:04.037383 osdx INFO[272701]: FRR daemons did not change Mar 10 12:52:04.051511 osdx ca-certificates[272717]: Updating certificates in /etc/ssl/certs... Mar 10 12:52:04.566110 osdx ca-certificates[273721]: 1 added, 0 removed; done. Mar 10 12:52:04.570210 osdx ca-certificates[273727]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:52:04.573429 osdx ca-certificates[273729]: done. Mar 10 12:52:04.670062 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:52:04.671538 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:52:04.674479 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:52:04.692485 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:52:04.692753 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Network connectivity detected Mar 10 12:52:04.692831 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Dropping privileges Mar 10 12:52:04.694980 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:52:04.696205 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Network connectivity detected Mar 10 12:52:04.696255 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:52:04.696255 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:52:04.696255 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Firefox workaround initialized Mar 10 12:52:04.696328 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpct563na5] Mar 10 12:52:04.696957 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 10 12:52:04.696957 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 10 12:52:04.697020 osdx dnscrypt-proxy[273786]: [2025-03-10 12:52:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 10 12:52:09.296716 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.3M free. Mar 10 12:52:09.299159 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:52:09.299209 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:52:09.308799 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:52:09.657401 osdx osdx-coredump[275432]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:52:09.665863 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:52:10.216328 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:52:10.329434 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:52:10.463262 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:52:10.560427 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:52:10.628192 osdx INFO[275456]: FRR daemons did not change Mar 10 12:52:10.659160 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:52:10.757915 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:52:10.788402 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:52:10.804910 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:52:10.949204 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:52:11.103176 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 10 12:52:11.206613 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443'. Mar 10 12:52:11.377783 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:52:11.459899 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:52:11.572221 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:52:11.645909 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 10 12:52:11.752780 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:52:11.842794 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:52:11.954296 osdx INFO[275573]: FRR daemons did not change Mar 10 12:52:11.966690 osdx ca-certificates[275589]: Updating certificates in /etc/ssl/certs... Mar 10 12:52:12.469389 osdx ca-certificates[276593]: 1 added, 0 removed; done. Mar 10 12:52:12.473309 osdx ca-certificates[276599]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:52:12.476043 osdx ca-certificates[276601]: done. Mar 10 12:52:12.563422 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:52:12.564469 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:52:12.566739 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:52:12.586674 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:52:12.594188 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:52:12.594355 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Network connectivity detected Mar 10 12:52:12.594499 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Dropping privileges Mar 10 12:52:12.597185 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Network connectivity detected Mar 10 12:52:12.597212 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:52:12.597212 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:52:12.597240 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Firefox workaround initialized Mar 10 12:52:12.597240 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpycm3fhz6] Mar 10 12:52:12.597811 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 10 12:52:12.597811 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 10 12:52:12.597811 osdx dnscrypt-proxy[276658]: [2025-03-10 12:52:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16