Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:50:34.300330 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.2M free. Mar 10 12:50:34.302115 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:50:34.302156 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:50:34.309930 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:50:34.623361 osdx osdx-coredump[255049]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:50:34.631433 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:50:35.102388 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:50:35.180781 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:50:35.262879 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:50:35.332265 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:35.428923 osdx INFO[255073]: FRR daemons did not change Mar 10 12:50:35.446123 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:50:35.547215 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:50:35.578181 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:50:35.596726 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:50:35.752984 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:50:36.967908 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:50:37.027466 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:50:37.125627 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:50:37.190946 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 10 12:50:37.283565 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 10 12:50:37.346463 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Mar 10 12:50:37.441362 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 10 12:50:37.499855 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 10 12:50:37.596447 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:50:37.658080 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 10 12:50:37.784118 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:37.879947 osdx INFO[255190]: FRR daemons did not change Mar 10 12:50:37.892134 osdx ca-certificates[255206]: Updating certificates in /etc/ssl/certs... Mar 10 12:50:38.391947 osdx ca-certificates[256209]: 1 added, 0 removed; done. Mar 10 12:50:38.394847 osdx ca-certificates[256216]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:50:38.398532 osdx ca-certificates[256218]: done. Mar 10 12:50:38.522481 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:50:38.524259 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:50:38.532861 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:50:38.575113 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:50:38.586033 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:50:38.586266 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Network connectivity detected Mar 10 12:50:38.586468 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Dropping privileges Mar 10 12:50:38.589139 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Network connectivity detected Mar 10 12:50:38.589171 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:50:38.589171 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:50:38.589171 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 10 12:50:38.589213 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Firefox workaround initialized Mar 10 12:50:38.589213 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpke2rox4n] Mar 10 12:50:38.689777 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] [RD] OK (DoH) - rtt: 77ms Mar 10 12:50:38.689918 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] Server with the lowest initial latency: RD (rtt: 77ms) Mar 10 12:50:38.689969 osdx dnscrypt-proxy[256278]: [2025-03-10 12:50:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:50:34.273524 osdx systemd-journald[1541]: Runtime Journal (/run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d) is 992.0K, max 7.2M, 6.2M free. Mar 10 12:50:34.274577 osdx systemd-journald[1541]: Received client request to rotate journal, rotating. Mar 10 12:50:34.274629 osdx systemd-journald[1541]: Vacuuming done, freed 0B of archived journals from /run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d. Mar 10 12:50:34.283450 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:50:34.717689 osdx osdx-coredump[219317]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:50:34.727545 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:50:35.779209 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:50:35.877577 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 10 12:50:35.972226 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:50:36.080046 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service ssh'. Mar 10 12:50:36.167646 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:36.259753 osdx INFO[219348]: FRR daemons did not change Mar 10 12:50:36.278459 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:50:36.438701 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 10 12:50:36.450155 osdx sshd[219418]: Server listening on 0.0.0.0 port 22. Mar 10 12:50:36.450368 osdx sshd[219418]: Server listening on :: port 22. Mar 10 12:50:36.450478 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 10 12:50:36.474715 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:50:36.500603 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:50:36.530934 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:50:36.725964 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 10 12:50:38.740160 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:50:38.802311 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 10 12:50:38.897676 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 10 12:50:38.952062 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 10 12:50:39.080760 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 10 12:50:39.146548 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 10 12:50:39.244354 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 10 12:50:39.303736 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd'. Mar 10 12:50:39.422415 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:39.490736 osdx INFO[219479]: FRR daemons did not change Mar 10 12:50:39.503313 osdx ca-certificates[219495]: Updating certificates in /etc/ssl/certs... Mar 10 12:50:39.980661 osdx ca-certificates[220500]: 1 added, 0 removed; done. Mar 10 12:50:39.983746 osdx ca-certificates[220505]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:50:39.986595 osdx ca-certificates[220507]: done. Mar 10 12:50:40.082826 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:50:40.084764 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:50:40.089762 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:50:40.112422 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:50:40.113066 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Network connectivity detected Mar 10 12:50:40.113066 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Dropping privileges Mar 10 12:50:40.115557 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Network connectivity detected Mar 10 12:50:40.115557 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:50:40.115557 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:50:40.115557 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Firefox workaround initialized Mar 10 12:50:40.115557 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwnvwqtp5] Mar 10 12:50:40.120331 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:50:40.283598 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] [DUT0] OK (DoH) - rtt: 90ms Mar 10 12:50:40.283598 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 90ms) Mar 10 12:50:40.283598 osdx dnscrypt-proxy[220514]: [2025-03-10 12:50:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 10 12:50:40.291641 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal show | cat'.
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:50:48.291740 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.3M free. Mar 10 12:50:48.294740 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:50:48.294795 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:50:48.303389 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:50:48.640177 osdx osdx-coredump[257922]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:50:48.649181 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:50:49.162979 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:50:49.260488 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:50:49.353271 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:50:49.432945 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:49.525375 osdx INFO[257946]: FRR daemons did not change Mar 10 12:50:49.550741 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:50:49.656145 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:50:49.682137 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:50:49.699372 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:50:49.845580 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:50:51.068664 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Mar 10 12:50:51.222594 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:50:51.282487 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:50:51.381880 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:50:51.445690 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 10 12:50:51.544177 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 10 12:50:51.609075 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 10 12:50:51.722866 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 10 12:50:51.797413 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:50:51.863345 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 10 12:50:51.985426 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:52.061602 osdx INFO[258065]: FRR daemons did not change Mar 10 12:50:52.074880 osdx ca-certificates[258080]: Updating certificates in /etc/ssl/certs... Mar 10 12:50:52.594445 osdx ca-certificates[259084]: 1 added, 0 removed; done. Mar 10 12:50:52.598207 osdx ca-certificates[259091]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:50:52.601119 osdx ca-certificates[259093]: done. Mar 10 12:50:52.723006 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:50:52.724292 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:50:52.726844 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:50:52.745244 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:50:52.747500 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:50:52.747687 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Network connectivity detected Mar 10 12:50:52.747867 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Dropping privileges Mar 10 12:50:52.750581 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Network connectivity detected Mar 10 12:50:52.750634 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:50:52.750634 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:50:52.750634 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 10 12:50:52.750634 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Firefox workaround initialized Mar 10 12:50:52.750634 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnhaba8ow] Mar 10 12:50:52.885668 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] [RD] OK (DoH) - rtt: 111ms Mar 10 12:50:52.885668 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 111ms) Mar 10 12:50:52.885668 osdx dnscrypt-proxy[259153]: [2025-03-10 12:50:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 10 12:50:52.907437 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:50:48.265716 osdx systemd-journald[1541]: Runtime Journal (/run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d) is 1016.0K, max 7.2M, 6.2M free. Mar 10 12:50:48.269501 osdx systemd-journald[1541]: Received client request to rotate journal, rotating. Mar 10 12:50:48.269560 osdx systemd-journald[1541]: Vacuuming done, freed 0B of archived journals from /run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d. Mar 10 12:50:48.278906 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:50:48.744060 osdx osdx-coredump[222137]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:50:48.752316 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:50:49.937056 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:50:50.052664 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 10 12:50:50.119962 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:50:50.231145 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service ssh'. Mar 10 12:50:50.306219 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:50.426106 osdx INFO[222168]: FRR daemons did not change Mar 10 12:50:50.445513 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:50:50.637834 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 10 12:50:50.652795 osdx sshd[222238]: Server listening on 0.0.0.0 port 22. Mar 10 12:50:50.653068 osdx sshd[222238]: Server listening on :: port 22. Mar 10 12:50:50.653210 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 10 12:50:50.679289 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:50:50.706639 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:50:50.731722 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:50:50.865094 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 10 12:50:55.059668 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd'. Mar 10 12:50:55.206652 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:50:55.268105 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 10 12:50:55.364182 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 10 12:50:55.423889 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 10 12:50:55.527783 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 10 12:50:55.608375 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:50:55.704332 osdx INFO[222299]: FRR daemons did not change Mar 10 12:50:55.719377 osdx ca-certificates[222314]: Updating certificates in /etc/ssl/certs... Mar 10 12:50:56.179738 osdx ca-certificates[223320]: 1 added, 0 removed; done. Mar 10 12:50:56.183609 osdx ca-certificates[223325]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:50:56.187282 osdx ca-certificates[223327]: done. Mar 10 12:50:56.273890 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:50:56.275288 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:50:56.278490 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:50:56.308029 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:50:56.311920 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:50:56.312127 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Network connectivity detected Mar 10 12:50:56.312228 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Dropping privileges Mar 10 12:50:56.314775 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Network connectivity detected Mar 10 12:50:56.314884 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:50:56.314938 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:50:56.315007 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Firefox workaround initialized Mar 10 12:50:56.315046 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppnm2pcn0] Mar 10 12:50:56.463777 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal show | cat'. Mar 10 12:50:56.542800 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] [DUT0] OK (DoH) - rtt: 106ms Mar 10 12:50:56.542800 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 106ms) Mar 10 12:50:56.542800 osdx dnscrypt-proxy[223334]: [2025-03-10 12:50:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 10 12:51:04.304602 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.2M free. Mar 10 12:51:04.308312 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:51:04.308372 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:51:04.314154 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:04.630115 osdx osdx-coredump[260807]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:04.637871 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:05.113885 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:05.192015 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:51:05.280815 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:05.349758 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:05.449416 osdx INFO[260831]: FRR daemons did not change Mar 10 12:51:05.472317 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:05.573149 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:05.606406 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:05.623325 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:05.759165 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:51:06.821145 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 10 12:51:06.950992 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:07.010987 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:51:07.110239 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:51:07.171963 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 10 12:51:07.266477 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 10 12:51:07.329734 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 10 12:51:07.455329 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c'. Mar 10 12:51:07.507144 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:51:07.618199 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 10 12:51:07.724844 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 10 12:51:07.803867 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 10 12:51:07.927898 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:08.013152 osdx INFO[260951]: FRR daemons did not change Mar 10 12:51:08.025745 osdx ca-certificates[260967]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:08.495690 osdx ca-certificates[261971]: 1 added, 0 removed; done. Mar 10 12:51:08.498404 osdx ca-certificates[261977]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:08.501135 osdx ca-certificates[261979]: done. Mar 10 12:51:08.620577 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:08.621935 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:08.625907 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:08.652269 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:08.654069 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:08.654236 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Network connectivity detected Mar 10 12:51:08.654351 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Dropping privileges Mar 10 12:51:08.656318 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Network connectivity detected Mar 10 12:51:08.656344 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:08.656344 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:08.656370 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 10 12:51:08.656370 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Firefox workaround initialized Mar 10 12:51:08.656370 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpmz0awswl] Mar 10 12:51:08.736705 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] [RD] OK (DNSCrypt) - rtt: 79ms Mar 10 12:51:08.736705 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] Server with the lowest initial latency: RD (rtt: 79ms) Mar 10 12:51:08.736705 osdx dnscrypt-proxy[262039]: [2025-03-10 12:51:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:51:04.277932 osdx systemd-journald[1541]: Runtime Journal (/run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d) is 1.0M, max 7.2M, 6.2M free. Mar 10 12:51:04.278865 osdx systemd-journald[1541]: Received client request to rotate journal, rotating. Mar 10 12:51:04.278916 osdx systemd-journald[1541]: Vacuuming done, freed 0B of archived journals from /run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d. Mar 10 12:51:04.287555 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:04.723745 osdx osdx-coredump[224959]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:04.731501 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:05.810175 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:51:05.924619 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 10 12:51:05.982645 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:06.079320 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service ssh'. Mar 10 12:51:06.165431 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:06.259601 osdx INFO[224990]: FRR daemons did not change Mar 10 12:51:06.278866 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:06.431275 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 10 12:51:06.443138 osdx sshd[225060]: Server listening on 0.0.0.0 port 22. Mar 10 12:51:06.443338 osdx sshd[225060]: Server listening on :: port 22. Mar 10 12:51:06.443439 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 10 12:51:06.468373 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:51:06.495046 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:51:06.510886 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:51:06.641862 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 10 12:51:08.870866 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:51:08.940348 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 10 12:51:09.028619 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 10 12:51:09.094478 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 10 12:51:09.199026 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 10 12:51:09.256077 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 10 12:51:09.353630 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 10 12:51:09.414672 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd'. Mar 10 12:51:09.526324 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:09.627667 osdx INFO[225121]: FRR daemons did not change Mar 10 12:51:09.640945 osdx ca-certificates[225137]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:10.095066 osdx ca-certificates[226140]: 1 added, 0 removed; done. Mar 10 12:51:10.098064 osdx ca-certificates[226147]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:10.100856 osdx ca-certificates[226149]: done. Mar 10 12:51:10.183151 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:10.185148 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:51:10.189417 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:51:10.207486 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:51:10.207761 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:10.207868 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Network connectivity detected Mar 10 12:51:10.208142 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Dropping privileges Mar 10 12:51:10.210676 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Network connectivity detected Mar 10 12:51:10.210676 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:10.210676 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:10.210676 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Firefox workaround initialized Mar 10 12:51:10.210676 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjbrkaz7v] Mar 10 12:51:10.400455 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal show | cat'. Mar 10 12:51:12.507002 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal show | cat'. Mar 10 12:51:13.350214 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:13] [CRITICAL] [DUT0] may be a lying resolver Mar 10 12:51:13.350214 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:13] [NOTICE] [DUT0] OK (DoH) - rtt: 1010ms Mar 10 12:51:13.350214 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 1010ms) Mar 10 12:51:13.350504 osdx dnscrypt-proxy[226156]: [2025-03-10 12:51:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 10 12:51:21.325838 osdx systemd-journald[51744]: Runtime Journal (/run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6) is 2.0M, max 15.3M, 13.2M free. Mar 10 12:51:21.328821 osdx systemd-journald[51744]: Received client request to rotate journal, rotating. Mar 10 12:51:21.328870 osdx systemd-journald[51744]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3fdd2a0ddf0a4f0d80cd50f7e198c3e6. Mar 10 12:51:21.336238 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:21.696199 osdx osdx-coredump[263683]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:21.704694 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:22.202901 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:22.278262 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 10 12:51:22.363291 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:22.432013 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:22.535897 osdx INFO[263707]: FRR daemons did not change Mar 10 12:51:22.556825 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:22.667297 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:22.699669 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:22.717420 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:22.868221 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 10 12:51:24.066008 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 10 12:51:24.162314 osdx OSDxCLI[132790]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443'. Mar 10 12:51:24.319903 osdx OSDxCLI[132790]: User 'admin' entered the configuration menu. Mar 10 12:51:24.391413 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 10 12:51:24.513338 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 10 12:51:24.587585 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 10 12:51:24.678371 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 10 12:51:24.736440 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 10 12:51:24.833248 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 10 12:51:24.892372 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 10 12:51:25.009870 osdx OSDxCLI[132790]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:25.081819 osdx INFO[263827]: FRR daemons did not change Mar 10 12:51:25.095229 osdx ca-certificates[263843]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:25.597487 osdx ca-certificates[264847]: 1 added, 0 removed; done. Mar 10 12:51:25.600514 osdx ca-certificates[264853]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:25.603376 osdx ca-certificates[264855]: done. Mar 10 12:51:25.721191 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:25.722646 osdx cfgd[1455]: [132790]Completed change to active configuration Mar 10 12:51:25.725471 osdx OSDxCLI[132790]: User 'admin' committed the configuration. Mar 10 12:51:25.746483 osdx OSDxCLI[132790]: User 'admin' left the configuration menu. Mar 10 12:51:25.752332 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:25.752522 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Network connectivity detected Mar 10 12:51:25.752636 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Dropping privileges Mar 10 12:51:25.754605 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Network connectivity detected Mar 10 12:51:25.754667 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:25.754667 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:25.754667 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 10 12:51:25.754667 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Firefox workaround initialized Mar 10 12:51:25.754743 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9jgqxjuh] Mar 10 12:51:25.755394 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 10 12:51:25.755394 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 10 12:51:25.755473 osdx dnscrypt-proxy[264915]: [2025-03-10 12:51:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 10 12:51:21.293186 osdx systemd-journald[1541]: Runtime Journal (/run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d) is 1.0M, max 7.2M, 6.2M free. Mar 10 12:51:21.293531 osdx systemd-journald[1541]: Received client request to rotate journal, rotating. Mar 10 12:51:21.293563 osdx systemd-journald[1541]: Vacuuming done, freed 0B of archived journals from /run/log/journal/37bd014e8df84dd2aee0f9bf8ac2600d. Mar 10 12:51:21.302711 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal clear'. Mar 10 12:51:21.773169 osdx osdx-coredump[227783]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 10 12:51:21.783790 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system coredump delete all'. Mar 10 12:51:22.979357 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:51:23.059310 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 10 12:51:23.143369 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 10 12:51:23.198236 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service ssh'. Mar 10 12:51:23.323888 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:23.397578 osdx INFO[227814]: FRR daemons did not change Mar 10 12:51:23.417275 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 10 12:51:23.609761 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 10 12:51:23.623254 osdx sshd[227884]: Server listening on 0.0.0.0 port 22. Mar 10 12:51:23.623477 osdx sshd[227884]: Server listening on :: port 22. Mar 10 12:51:23.623618 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 10 12:51:23.648184 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:51:23.681455 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:51:23.716066 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:51:23.875206 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 10 12:51:25.937487 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash a742f0a3da2d9bab6ccd3b83d75467ea2f95832e7710df5ab056c193d0f208dd'. Mar 10 12:51:26.102833 osdx OSDxCLI[145235]: User 'admin' entered the configuration menu. Mar 10 12:51:26.175994 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 10 12:51:26.274270 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 10 12:51:26.357369 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 10 12:51:26.432579 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgp0Lwo9otm6tszTuD11Rn6i-Vgy53EN9asFbBk9DyCN0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 10 12:51:26.553197 osdx OSDxCLI[145235]: User 'admin' added a new cfg line: 'show working'. Mar 10 12:51:26.630366 osdx INFO[227947]: FRR daemons did not change Mar 10 12:51:26.642276 osdx ca-certificates[227963]: Updating certificates in /etc/ssl/certs... Mar 10 12:51:27.106743 osdx ca-certificates[228968]: 1 added, 0 removed; done. Mar 10 12:51:27.110936 osdx ca-certificates[228973]: Running hooks in /etc/ca-certificates/update.d... Mar 10 12:51:27.114906 osdx ca-certificates[228975]: done. Mar 10 12:51:27.193909 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 10 12:51:27.197551 osdx cfgd[1242]: [145235]Completed change to active configuration Mar 10 12:51:27.200312 osdx OSDxCLI[145235]: User 'admin' committed the configuration. Mar 10 12:51:27.217120 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] dnscrypt-proxy 2.0.45 Mar 10 12:51:27.217488 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Network connectivity detected Mar 10 12:51:27.217646 osdx OSDxCLI[145235]: User 'admin' left the configuration menu. Mar 10 12:51:27.218000 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Dropping privileges Mar 10 12:51:27.220754 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Network connectivity detected Mar 10 12:51:27.220754 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 10 12:51:27.220754 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 10 12:51:27.220754 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Firefox workaround initialized Mar 10 12:51:27.220754 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4c12g6iq] Mar 10 12:51:27.377992 osdx OSDxCLI[145235]: User 'admin' executed a new command: 'system journal show | cat'. Mar 10 12:51:27.511552 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] [DUT0] OK (DoH) - rtt: 138ms Mar 10 12:51:27.511552 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 138ms) Mar 10 12:51:27.511552 osdx dnscrypt-proxy[228982]: [2025-03-10 12:51:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13