Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:24:51.462326 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:24:51.465052 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:24:51.465165 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:24:51.483168 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:24:52.116268 osdx osdx-coredump[119346]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:24:52.128648 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:24:53.147201 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:24:53.329891 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:24:53.429827 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:24:53.625373 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:24:53.757434 osdx ubnt-cfgd[119368]: inactive Mar 21 16:24:53.905799 osdx INFO[119380]: FRR daemons did not change Mar 21 16:24:54.233996 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:24:54.261656 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:24:54.320963 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:24:54.535871 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:24:54.871249 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:24:55.016877 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:24:55.128358 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:24:55.258026 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 21 16:24:55.361739 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 21 16:24:55.510100 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 21 16:24:55.657927 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:24:55.821517 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:24:55.970488 osdx ubnt-cfgd[119536]: inactive Mar 21 16:24:56.111509 osdx INFO[119548]: FRR daemons did not change Mar 21 16:24:56.147230 osdx ca-certificates[119564]: Updating certificates in /etc/ssl/certs... Mar 21 16:24:57.099013 osdx ca-certificates[120568]: 1 added, 0 removed; done. Mar 21 16:24:57.105550 osdx ca-certificates[120574]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:24:57.110695 osdx ca-certificates[120576]: done. Mar 21 16:24:57.305667 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:24:57.310658 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:24:57.325655 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:24:57.356050 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:24:57.356390 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Network connectivity detected Mar 21 16:24:57.356533 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Dropping privileges Mar 21 16:24:57.362477 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Network connectivity detected Mar 21 16:24:57.362678 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:24:57.362857 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:24:57.362966 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Firefox workaround initialized Mar 21 16:24:57.363055 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwnfetevz] Mar 21 16:24:57.404294 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:24:57.509439 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] [RD] OK (DoH) - rtt: 81ms Mar 21 16:24:57.509439 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] Server with the lowest initial latency: RD (rtt: 81ms) Mar 21 16:24:57.509439 osdx dnscrypt-proxy[120633]: [2025-03-21 16:24:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:25:07.471878 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 16:25:07.473994 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:25:07.474081 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:25:07.491684 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:25:08.099439 osdx osdx-coredump[122335]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:25:08.112276 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:25:08.942338 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:09.094387 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:25:09.212664 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:25:09.365574 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:09.514949 osdx ubnt-cfgd[122357]: inactive Mar 21 16:25:09.651020 osdx INFO[122369]: FRR daemons did not change Mar 21 16:25:09.861112 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:09.882357 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:09.916069 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:10.135167 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:25:10.417400 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 21 16:25:10.620360 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:10.743894 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:25:10.885782 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:25:11.025869 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 21 16:25:11.214115 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:25:11.374388 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:11.491105 osdx ubnt-cfgd[122526]: inactive Mar 21 16:25:11.617541 osdx INFO[122538]: FRR daemons did not change Mar 21 16:25:11.642830 osdx ca-certificates[122553]: Updating certificates in /etc/ssl/certs... Mar 21 16:25:12.847886 osdx ca-certificates[123559]: 1 added, 0 removed; done. Mar 21 16:25:12.853569 osdx ca-certificates[123561]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:25:12.859978 osdx ca-certificates[123564]: done. Mar 21 16:25:13.046548 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:25:13.049330 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:13.055298 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:13.096125 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:25:13.096125 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Network connectivity detected Mar 21 16:25:13.096125 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Dropping privileges Mar 21 16:25:13.101305 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Network connectivity detected Mar 21 16:25:13.101427 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:25:13.101427 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:25:13.101427 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Firefox workaround initialized Mar 21 16:25:13.101521 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp40j10lkb] Mar 21 16:25:13.126675 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:13.317753 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] [RD] OK (DoH) - rtt: 130ms Mar 21 16:25:13.318014 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 130ms) Mar 21 16:25:13.318086 osdx dnscrypt-proxy[123623]: [2025-03-21 16:25:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 21 16:25:24.524388 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:25:24.526943 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:25:24.527035 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:25:24.555564 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:25:25.369074 osdx osdx-coredump[125323]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:25:25.408148 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:25:26.353055 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:26.546980 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:25:26.686572 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:25:26.884069 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:27.039052 osdx ubnt-cfgd[125345]: inactive Mar 21 16:25:27.186844 osdx INFO[125357]: FRR daemons did not change Mar 21 16:25:27.384864 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:27.405470 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:27.485350 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:27.728397 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:25:28.046230 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 21 16:25:28.281475 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:28.407242 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:25:28.522519 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:25:28.665561 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 21 16:25:28.783602 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 21 16:25:28.984274 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 21 16:25:29.198059 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71'. Mar 21 16:25:29.373372 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:25:29.556920 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:29.694233 osdx ubnt-cfgd[125516]: inactive Mar 21 16:25:29.852345 osdx INFO[125528]: FRR daemons did not change Mar 21 16:25:29.891481 osdx ca-certificates[125543]: Updating certificates in /etc/ssl/certs... Mar 21 16:25:30.900571 osdx ca-certificates[126549]: 1 added, 0 removed; done. Mar 21 16:25:30.905872 osdx ca-certificates[126556]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:25:30.910987 osdx ca-certificates[126558]: done. Mar 21 16:25:31.091729 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:25:31.094974 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:31.100682 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:31.134639 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:25:31.135027 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Network connectivity detected Mar 21 16:25:31.135073 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Dropping privileges Mar 21 16:25:31.148435 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Network connectivity detected Mar 21 16:25:31.148435 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:25:31.148435 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:25:31.148435 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Firefox workaround initialized Mar 21 16:25:31.148435 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpry555ga7] Mar 21 16:25:31.148606 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:31.149901 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] [RD] OK (DNSCrypt) - rtt: 1ms Mar 21 16:25:31.149901 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] Server with the lowest initial latency: RD (rtt: 1ms) Mar 21 16:25:31.149901 osdx dnscrypt-proxy[126615]: [2025-03-21 16:25:31] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 21 16:25:40.456662 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:25:40.459625 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:25:40.459709 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:25:40.475152 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:25:41.130098 osdx osdx-coredump[128315]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:25:41.142663 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:25:42.018564 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:42.213874 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:25:42.388559 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:25:42.555213 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:42.689073 osdx ubnt-cfgd[128337]: inactive Mar 21 16:25:42.816383 osdx INFO[128349]: FRR daemons did not change Mar 21 16:25:42.993509 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:43.010901 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:43.065668 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:43.273127 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:25:43.586131 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 21 16:25:43.772554 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443'. Mar 21 16:25:44.050162 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:25:44.194631 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:25:44.367689 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:25:44.505882 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 21 16:25:44.654306 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:25:44.849030 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:25:44.965414 osdx ubnt-cfgd[128508]: inactive Mar 21 16:25:45.089749 osdx INFO[128520]: FRR daemons did not change Mar 21 16:25:45.130673 osdx ca-certificates[128535]: Updating certificates in /etc/ssl/certs... Mar 21 16:25:46.272192 osdx ca-certificates[129544]: 1 added, 0 removed; done. Mar 21 16:25:46.277232 osdx ca-certificates[129546]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:25:46.282175 osdx ca-certificates[129548]: done. Mar 21 16:25:46.458042 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:25:46.460562 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:25:46.464660 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:25:46.509225 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:25:46.509225 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Network connectivity detected Mar 21 16:25:46.509758 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Dropping privileges Mar 21 16:25:46.512320 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:25:46.515260 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Network connectivity detected Mar 21 16:25:46.515368 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:25:46.515368 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:25:46.515481 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Firefox workaround initialized Mar 21 16:25:46.515481 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpad2xnoam] Mar 21 16:25:46.516366 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 21 16:25:46.516366 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 21 16:25:46.516513 osdx dnscrypt-proxy[129605]: [2025-03-21 16:25:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16