Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:45:17.522546 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 3.8M, max 15.3M, 11.5M free. May 11 23:45:17.529758 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:45:17.529892 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:45:17.545550 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:45:18.190412 osdx osdx-coredump[295212]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:45:18.204770 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:45:19.045740 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:19.254472 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:45:19.380787 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:45:19.573461 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:19.698259 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:45:19.886134 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:19.945539 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:19.995017 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:45:20.229994 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:45:20.503098 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:20.618029 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:45:20.744668 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:45:20.865117 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 11 23:45:20.990641 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 11 23:45:21.149182 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e'. May 11 23:45:21.281533 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:45:21.471054 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:21.630138 osdx ca-certificates[295353]: Updating certificates in /etc/ssl/certs... May 11 23:45:22.717970 osdx ca-certificates[296356]: 1 added, 0 removed; done. May 11 23:45:22.724362 osdx ca-certificates[296362]: Running hooks in /etc/ca-certificates/update.d... May 11 23:45:22.730951 osdx ca-certificates[296365]: done. May 11 23:45:22.902867 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:45:22.906853 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:22.910142 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:22.955672 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:45:22.962404 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:45:22.962878 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Network connectivity detected May 11 23:45:22.963255 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Dropping privileges May 11 23:45:22.966880 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Network connectivity detected May 11 23:45:22.966974 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:45:22.966974 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:45:22.966974 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Firefox workaround initialized May 11 23:45:22.966974 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8iq5ouzc] May 11 23:45:23.166958 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:23] [NOTICE] [RD] OK (DoH) - rtt: 145ms May 11 23:45:23.166958 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:23] [NOTICE] Server with the lowest initial latency: RD (rtt: 145ms) May 11 23:45:23.166958 osdx dnscrypt-proxy[296422]: [2025-05-11 23:45:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 11 23:45:23.168200 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:45:32.511543 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.3M free. May 11 23:45:32.514834 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:45:32.514934 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:45:32.530552 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:45:33.183814 osdx osdx-coredump[298069]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:45:33.200445 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:45:34.073407 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:34.262627 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:45:34.390426 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:45:34.570229 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:34.742878 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:45:34.897442 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:34.933511 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:34.973033 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:45:35.151940 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:45:35.355310 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e'. May 11 23:45:35.583476 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:35.711489 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:45:35.856775 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:45:36.022995 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. May 11 23:45:36.142937 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:45:36.287067 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:36.436224 osdx ca-certificates[298211]: Updating certificates in /etc/ssl/certs... May 11 23:45:37.310031 osdx ca-certificates[299214]: 1 added, 0 removed; done. May 11 23:45:37.316153 osdx ca-certificates[299221]: Running hooks in /etc/ca-certificates/update.d... May 11 23:45:37.322510 osdx ca-certificates[299223]: done. May 11 23:45:37.463304 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:45:37.465105 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:37.468370 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:37.496058 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:45:37.496359 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:45:37.496608 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Network connectivity detected May 11 23:45:37.496724 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Dropping privileges May 11 23:45:37.499356 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Network connectivity detected May 11 23:45:37.499439 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:45:37.499439 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:45:37.499439 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Firefox workaround initialized May 11 23:45:37.499439 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaosnx9nb] May 11 23:45:37.651415 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] [RD] OK (DoH) - rtt: 119ms May 11 23:45:37.651415 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) May 11 23:45:37.651415 osdx dnscrypt-proxy[299280]: [2025-05-11 23:45:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 11 23:45:45.435447 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.3M free. May 11 23:45:45.436235 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:45:45.436300 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:45:45.452068 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:45:45.990304 osdx osdx-coredump[300923]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:45:46.004103 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:45:46.946714 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:47.152041 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:45:47.324187 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:45:47.472102 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:47.687693 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:45:47.885199 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:47.961894 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:48.037077 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:45:48.245178 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:45:48.552969 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 11 23:45:48.828652 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:45:49.015844 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:45:49.184648 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:45:49.371080 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 11 23:45:49.474136 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 11 23:45:49.612407 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 11 23:45:49.751082 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df'. May 11 23:45:49.845980 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:45:50.027973 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:45:50.220560 osdx ca-certificates[301067]: Updating certificates in /etc/ssl/certs... May 11 23:45:51.252071 osdx ca-certificates[302070]: 1 added, 0 removed; done. May 11 23:45:51.258066 osdx ca-certificates[302077]: Running hooks in /etc/ca-certificates/update.d... May 11 23:45:51.263605 osdx ca-certificates[302079]: done. May 11 23:45:51.444269 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:45:51.447785 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:45:51.458690 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:45:51.496901 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:45:51.497237 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Network connectivity detected May 11 23:45:51.497338 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Dropping privileges May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Network connectivity detected May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Firefox workaround initialized May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwo0qxqob] May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 11 23:45:51.511472 osdx dnscrypt-proxy[302136]: [2025-05-11 23:45:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 11 23:45:51.515564 osdx OSDxCLI[242344]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 11 23:45:59.442492 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.2M free. May 11 23:45:59.445512 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:45:59.445615 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:45:59.461122 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:45:59.997025 osdx osdx-coredump[303778]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:46:00.010805 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:46:00.974991 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:01.132612 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:46:01.229315 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:46:01.424573 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:01.585538 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:46:01.752687 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:01.808762 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:01.842247 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:46:02.020361 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:46:02.163305 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 11 23:46:02.321867 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df ip 10.215.168.1 port 8443'. May 11 23:46:02.503843 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:02.616085 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:46:02.767415 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:46:02.907219 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. May 11 23:46:03.017090 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:46:03.187277 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:03.320733 osdx ca-certificates[303927]: Updating certificates in /etc/ssl/certs... May 11 23:46:04.326550 osdx ca-certificates[304931]: 1 added, 0 removed; done. May 11 23:46:04.330876 osdx ca-certificates[304938]: Running hooks in /etc/ca-certificates/update.d... May 11 23:46:04.335436 osdx ca-certificates[304940]: done. May 11 23:46:04.478068 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:46:04.480047 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:04.485001 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:04.510953 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:46:04.511289 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Network connectivity detected May 11 23:46:04.511289 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Dropping privileges May 11 23:46:04.514554 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Network connectivity detected May 11 23:46:04.514630 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:46:04.514630 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:46:04.514630 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Firefox workaround initialized May 11 23:46:04.514630 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprf0jpt9_] May 11 23:46:04.515472 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 11 23:46:04.515605 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 11 23:46:04.515675 osdx dnscrypt-proxy[304997]: [2025-05-11 23:46:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 11 23:46:04.544227 osdx OSDxCLI[242344]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16