Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:46:25.484239 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.2M free. May 11 23:46:25.484892 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:46:25.484941 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:46:25.502068 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:46:25.989306 osdx osdx-coredump[306910]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:46:25.999954 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:46:26.788510 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:26.940098 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:46:27.022836 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:46:27.200526 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:27.368950 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:46:27.533022 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:27.569478 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:27.620576 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:46:27.829974 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:46:29.513817 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:29.652744 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:46:29.829135 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:46:29.970614 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 11 23:46:30.116291 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 11 23:46:30.251677 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e'. May 11 23:46:30.351834 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 11 23:46:30.452201 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 11 23:46:30.566834 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:46:30.669212 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 11 23:46:30.841647 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:31.041779 osdx ca-certificates[307054]: Updating certificates in /etc/ssl/certs... May 11 23:46:32.115437 osdx ca-certificates[308059]: 1 added, 0 removed; done. May 11 23:46:32.121367 osdx ca-certificates[308064]: Running hooks in /etc/ca-certificates/update.d... May 11 23:46:32.125723 osdx ca-certificates[308066]: done. May 11 23:46:32.317203 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:46:32.318879 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:32.321976 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:32.356577 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:46:32.357097 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Network connectivity detected May 11 23:46:32.357637 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Dropping privileges May 11 23:46:32.361639 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Network connectivity detected May 11 23:46:32.361769 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:46:32.361769 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:46:32.361769 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 11 23:46:32.361769 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Firefox workaround initialized May 11 23:46:32.361769 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpin6bx260] May 11 23:46:32.368055 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:46:32.512162 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] [RD] OK (DoH) - rtt: 116ms May 11 23:46:32.512162 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 116ms) May 11 23:46:32.512162 osdx dnscrypt-proxy[308126]: [2025-05-11 23:46:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:46:25.433470 osdx systemd-journald[1386]: Runtime Journal (/run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818) is 1.2M, max 9.7M, 8.4M free. May 11 23:46:25.434605 osdx systemd-journald[1386]: Received client request to rotate journal, rotating. May 11 23:46:25.434681 osdx systemd-journald[1386]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818. May 11 23:46:25.453104 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal clear'. May 11 23:46:26.111893 osdx osdx-coredump[163835]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:46:26.125416 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:46:27.892252 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:46:28.017629 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 11 23:46:28.121147 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:46:28.243485 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service ssh'. May 11 23:46:28.395986 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:28.550606 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:46:28.791219 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 11 23:46:28.818096 osdx sshd[163928]: Server listening on 0.0.0.0 port 22. May 11 23:46:28.818133 osdx sshd[163928]: Server listening on :: port 22. May 11 23:46:28.818264 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 11 23:46:28.854771 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:46:28.893933 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:46:28.935888 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:46:29.157139 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 11 23:46:32.833791 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:46:33.042104 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 11 23:46:33.199070 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 11 23:46:33.389753 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 11 23:46:33.575985 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 11 23:46:33.734274 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 11 23:46:33.894825 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 11 23:46:34.042459 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0'. May 11 23:46:34.266986 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:34.480119 osdx ca-certificates[164000]: Updating certificates in /etc/ssl/certs... May 11 23:46:35.616670 osdx ca-certificates[165004]: 1 added, 0 removed; done. May 11 23:46:35.623047 osdx ca-certificates[165010]: Running hooks in /etc/ca-certificates/update.d... May 11 23:46:35.629211 osdx ca-certificates[165012]: done. May 11 23:46:35.759839 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:46:35.772942 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:46:35.780916 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:46:35.803422 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:46:35.804008 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Network connectivity detected May 11 23:46:35.804465 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Dropping privileges May 11 23:46:35.808580 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Network connectivity detected May 11 23:46:35.808580 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:46:35.808580 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:46:35.808580 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Firefox workaround initialized May 11 23:46:35.808580 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdjxiahel] May 11 23:46:35.826023 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:46:36.036059 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:36] [NOTICE] [DUT0] OK (DoH) - rtt: 110ms May 11 23:46:36.036197 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:36] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 110ms) May 11 23:46:36.036266 osdx dnscrypt-proxy[165019]: [2025-05-11 23:46:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:46:46.440043 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.8M, max 15.3M, 12.5M free. May 11 23:46:46.442128 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:46:46.442232 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:46:46.457386 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:46:47.009067 osdx osdx-coredump[309768]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:46:47.019157 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:46:47.681857 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:47.842380 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:46:47.945773 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:46:48.101654 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:48.250240 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:46:48.428350 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:48.464471 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:48.492781 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:46:48.707366 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:46:50.426746 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 84d1def583e3b4c6c5ca8d144836b5b575700e2b0aa569e2508e1087287ca81e'. May 11 23:46:50.645215 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:46:50.792689 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:46:50.909828 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:46:51.055484 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCE0d71g-O0xsXKjRRINrW1dXAOKwqlaeJQjhCHKHyoHgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk''. May 11 23:46:51.201107 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 11 23:46:51.309441 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 11 23:46:51.420050 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 11 23:46:51.552019 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:46:51.661971 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 11 23:46:51.808013 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:51.999481 osdx ca-certificates[309914]: Updating certificates in /etc/ssl/certs... May 11 23:46:53.027404 osdx ca-certificates[310918]: 1 added, 0 removed; done. May 11 23:46:53.034376 osdx ca-certificates[310922]: Running hooks in /etc/ca-certificates/update.d... May 11 23:46:53.038975 osdx ca-certificates[310926]: done. May 11 23:46:53.242665 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:46:53.245153 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:46:53.250210 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:46:53.282270 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:46:53.286166 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:46:53.286486 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Network connectivity detected May 11 23:46:53.286657 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Dropping privileges May 11 23:46:53.296959 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Network connectivity detected May 11 23:46:53.297065 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:46:53.297065 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:46:53.297065 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 11 23:46:53.297065 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Firefox workaround initialized May 11 23:46:53.297065 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvdgp3ks3] May 11 23:46:53.437181 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] [RD] OK (DoH) - rtt: 102ms May 11 23:46:53.437181 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] Server with the lowest initial latency: RD (rtt: 102ms) May 11 23:46:53.437181 osdx dnscrypt-proxy[310986]: [2025-05-11 23:46:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:46:46.455930 osdx systemd-journald[1386]: Runtime Journal (/run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818) is 1.3M, max 9.7M, 8.4M free. May 11 23:46:46.457209 osdx systemd-journald[1386]: Received client request to rotate journal, rotating. May 11 23:46:46.457284 osdx systemd-journald[1386]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818. May 11 23:46:46.481157 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal clear'. May 11 23:46:47.154226 osdx osdx-coredump[166634]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:46:47.164119 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:46:48.777189 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:46:48.918271 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 11 23:46:49.001817 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:46:49.089720 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service ssh'. May 11 23:46:49.237097 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:49.377212 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:46:49.678018 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 11 23:46:49.712491 osdx sshd[166727]: Server listening on 0.0.0.0 port 22. May 11 23:46:49.712913 osdx sshd[166727]: Server listening on :: port 22. May 11 23:46:49.713139 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 11 23:46:49.751893 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:46:49.796104 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:46:49.854641 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:46:50.076162 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 11 23:46:53.659951 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0'. May 11 23:46:53.950630 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:46:54.069655 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 11 23:46:54.174449 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 11 23:46:54.302433 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 11 23:46:54.441785 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. May 11 23:46:54.654910 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:46:54.835333 osdx ca-certificates[166799]: Updating certificates in /etc/ssl/certs... May 11 23:46:55.861480 osdx ca-certificates[167804]: 1 added, 0 removed; done. May 11 23:46:55.867646 osdx ca-certificates[167809]: Running hooks in /etc/ca-certificates/update.d... May 11 23:46:55.873571 osdx ca-certificates[167811]: done. May 11 23:46:56.001913 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:46:56.004968 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:46:56.013930 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:46:56.049552 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:46:56.049552 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Network connectivity detected May 11 23:46:56.049552 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Dropping privileges May 11 23:46:56.053033 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Network connectivity detected May 11 23:46:56.053033 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:46:56.053033 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:46:56.053033 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Firefox workaround initialized May 11 23:46:56.053033 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8up915h9] May 11 23:46:56.060241 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:46:56.229559 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] [DUT0] OK (DoH) - rtt: 97ms May 11 23:46:56.229695 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 97ms) May 11 23:46:56.229763 osdx dnscrypt-proxy[167818]: [2025-05-11 23:46:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df
Step 2: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 11 23:47:05.467593 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.3M free. May 11 23:47:05.470085 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:47:05.470174 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:47:05.485548 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:47:06.060982 osdx osdx-coredump[312633]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:47:06.075444 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:47:06.858215 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:47:07.005689 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:47:07.092341 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:47:07.220333 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:07.398106 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:47:07.580959 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:47:07.629175 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:47:07.679659 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:47:07.868993 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:47:09.561466 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 11 23:47:09.739977 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:47:09.847568 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:47:09.969045 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:47:10.070729 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 11 23:47:10.189598 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 11 23:47:10.292937 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 11 23:47:10.403141 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df'. May 11 23:47:10.518054 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:47:10.623348 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 11 23:47:10.745684 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 11 23:47:10.845093 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 11 23:47:11.034772 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:11.186611 osdx ca-certificates[312780]: Updating certificates in /etc/ssl/certs... May 11 23:47:12.125798 osdx ca-certificates[313784]: 1 added, 0 removed; done. May 11 23:47:12.130018 osdx ca-certificates[313790]: Running hooks in /etc/ca-certificates/update.d... May 11 23:47:12.134439 osdx ca-certificates[313792]: done. May 11 23:47:12.346659 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:47:12.349674 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:47:12.354143 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:47:12.392466 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:47:12.392466 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Network connectivity detected May 11 23:47:12.392466 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Dropping privileges May 11 23:47:12.397069 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:47:12.400008 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Network connectivity detected May 11 23:47:12.400117 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:47:12.400117 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:47:12.400117 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 11 23:47:12.400221 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Firefox workaround initialized May 11 23:47:12.400221 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpcklyyjer] May 11 23:47:12.404245 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] [RD] OK (DNSCrypt) - rtt: 2ms May 11 23:47:12.404423 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 2ms) May 11 23:47:12.404423 osdx dnscrypt-proxy[313852]: [2025-05-11 23:47:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:47:06.461599 osdx systemd-journald[1386]: Runtime Journal (/run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818) is 2.4M, max 9.7M, 7.3M free. May 11 23:47:06.464701 osdx systemd-journald[1386]: Received client request to rotate journal, rotating. May 11 23:47:06.464792 osdx systemd-journald[1386]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818. May 11 23:47:06.480174 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal clear'. May 11 23:47:07.231111 osdx osdx-coredump[169439]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:47:07.241169 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:47:08.978642 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:47:09.146273 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 11 23:47:09.281171 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:47:09.401936 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service ssh'. May 11 23:47:09.529877 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:09.684684 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:47:09.953603 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 11 23:47:09.992996 osdx sshd[169532]: Server listening on 0.0.0.0 port 22. May 11 23:47:09.993454 osdx sshd[169532]: Server listening on :: port 22. May 11 23:47:09.994000 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 11 23:47:10.033340 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:47:10.081714 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:47:10.117128 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:47:10.305199 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 11 23:47:13.780105 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:47:13.930720 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 11 23:47:14.054774 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 11 23:47:14.157407 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 11 23:47:14.272380 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 11 23:47:14.379793 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 11 23:47:14.503961 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 11 23:47:14.721611 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0'. May 11 23:47:14.937748 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:15.113460 osdx ca-certificates[169603]: Updating certificates in /etc/ssl/certs... May 11 23:47:16.042457 osdx ca-certificates[170607]: 1 added, 0 removed; done. May 11 23:47:16.047370 osdx ca-certificates[170614]: Running hooks in /etc/ca-certificates/update.d... May 11 23:47:16.052162 osdx ca-certificates[170616]: done. May 11 23:47:16.169393 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:47:16.172582 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:47:16.177757 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:47:16.218286 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:47:16.218286 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Network connectivity detected May 11 23:47:16.218286 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Dropping privileges May 11 23:47:16.222067 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Network connectivity detected May 11 23:47:16.222067 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:47:16.222067 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:47:16.222067 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Firefox workaround initialized May 11 23:47:16.222067 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpctjjw34u] May 11 23:47:16.230076 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:47:16.442752 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] [DUT0] OK (DoH) - rtt: 118ms May 11 23:47:16.442752 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 118ms) May 11 23:47:16.442752 osdx dnscrypt-proxy[170623]: [2025-05-11 23:47:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 11 23:47:16.463246 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 11 23:47:26.445789 osdx systemd-journald[118835]: Runtime Journal (/run/log/journal/f55f446d40464b198e70fbabb9c21674) is 2.0M, max 15.3M, 13.3M free. May 11 23:47:26.448873 osdx systemd-journald[118835]: Received client request to rotate journal, rotating. May 11 23:47:26.448962 osdx systemd-journald[118835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f55f446d40464b198e70fbabb9c21674. May 11 23:47:26.464945 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system journal clear'. May 11 23:47:27.038817 osdx osdx-coredump[315495]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:47:27.052444 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:47:27.839449 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:47:27.977238 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 11 23:47:28.092677 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:47:28.241919 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:28.372863 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:47:28.561794 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:47:28.600828 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:47:28.646030 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:47:28.858820 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 11 23:47:30.659784 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 11 23:47:30.833985 osdx OSDxCLI[242344]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 58:12:b5:90:4c:e7:8a:ef:e7:2d:c0:8b:25:70:1a:8e:38:55:0c:ed:41:a9:c8:c8:f0:d4:ba:23:a2:31:e6:df ip 10.215.168.1 port 8443'. May 11 23:47:31.012590 osdx OSDxCLI[242344]: User 'admin' entered the configuration menu. May 11 23:47:31.153038 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 11 23:47:31.258563 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 11 23:47:31.392833 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFgStZBM54rv5y3AiyVwGo44VQztQanIyPDUuiOiMebfGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z''. May 11 23:47:31.502684 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 11 23:47:31.610471 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert file 'running://dns.dut0.crt''. May 11 23:47:31.741860 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns proxy server cert key 'running://dns.dut0.key''. May 11 23:47:31.895907 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 11 23:47:32.066974 osdx OSDxCLI[242344]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:32.192661 osdx ca-certificates[315642]: Updating certificates in /etc/ssl/certs... May 11 23:47:33.044096 osdx ca-certificates[316646]: 1 added, 0 removed; done. May 11 23:47:33.049005 osdx ca-certificates[316652]: Running hooks in /etc/ca-certificates/update.d... May 11 23:47:33.054054 osdx ca-certificates[316654]: done. May 11 23:47:33.233421 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:47:33.235447 osdx cfgd[1244]: [242344]Completed change to active configuration May 11 23:47:33.239820 osdx OSDxCLI[242344]: User 'admin' committed the configuration. May 11 23:47:33.263961 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:47:33.263961 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Network connectivity detected May 11 23:47:33.263961 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Dropping privileges May 11 23:47:33.266212 osdx OSDxCLI[242344]: User 'admin' left the configuration menu. May 11 23:47:33.268239 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Network connectivity detected May 11 23:47:33.268303 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:47:33.268303 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:47:33.268303 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 11 23:47:33.268403 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Firefox workaround initialized May 11 23:47:33.268403 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5h5uqyu9] May 11 23:47:33.269590 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 11 23:47:33.269711 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 11 23:47:33.269789 osdx dnscrypt-proxy[316714]: [2025-05-11 23:47:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 11 23:47:26.439648 osdx systemd-journald[1386]: Runtime Journal (/run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818) is 1.3M, max 9.7M, 8.4M free. May 11 23:47:26.440902 osdx systemd-journald[1386]: Received client request to rotate journal, rotating. May 11 23:47:26.440977 osdx systemd-journald[1386]: Vacuuming done, freed 0B of archived journals from /run/log/journal/2e53bb94cf5347b6b7c2aa8cefa11818. May 11 23:47:26.459463 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal clear'. May 11 23:47:27.206308 osdx osdx-coredump[172242]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 11 23:47:27.217225 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system coredump delete all'. May 11 23:47:28.964161 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:47:29.119790 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 11 23:47:29.239734 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 11 23:47:29.338836 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service ssh'. May 11 23:47:29.487691 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:29.680898 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 11 23:47:29.949386 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 11 23:47:29.983713 osdx sshd[172335]: Server listening on 0.0.0.0 port 22. May 11 23:47:29.984057 osdx sshd[172335]: Server listening on :: port 22. May 11 23:47:29.984312 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 11 23:47:30.022908 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:47:30.073699 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:47:30.117465 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:47:30.374451 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 11 23:47:33.541753 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 575689f7a8639f98b68caeac400a54e5cafd2383aaa4e8d72b30082fb1cafaa0'. May 11 23:47:33.735274 osdx OSDxCLI[77508]: User 'admin' entered the configuration menu. May 11 23:47:33.864326 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 11 23:47:33.956453 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 11 23:47:34.052224 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 11 23:47:34.186338 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgV1aJ96hjn5i2jK6sQApU5cr9I4OqpOjXKzAIL7HK-qANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5''. May 11 23:47:34.344927 osdx OSDxCLI[77508]: User 'admin' added a new cfg line: 'show working'. May 11 23:47:34.494781 osdx ca-certificates[172407]: Updating certificates in /etc/ssl/certs... May 11 23:47:35.341527 osdx ca-certificates[173411]: 1 added, 0 removed; done. May 11 23:47:35.346170 osdx ca-certificates[173417]: Running hooks in /etc/ca-certificates/update.d... May 11 23:47:35.352036 osdx ca-certificates[173419]: done. May 11 23:47:35.465396 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 11 23:47:35.468350 osdx cfgd[1050]: [77508]Completed change to active configuration May 11 23:47:35.478999 osdx OSDxCLI[77508]: User 'admin' committed the configuration. May 11 23:47:35.510938 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] dnscrypt-proxy 2.0.45 May 11 23:47:35.511242 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Network connectivity detected May 11 23:47:35.511411 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Dropping privileges May 11 23:47:35.515426 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Network connectivity detected May 11 23:47:35.515426 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 11 23:47:35.515426 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 11 23:47:35.515426 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Firefox workaround initialized May 11 23:47:35.515426 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpb1jifx7d] May 11 23:47:35.521129 osdx OSDxCLI[77508]: User 'admin' left the configuration menu. May 11 23:47:35.743643 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:36.055522 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:36.356349 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:36.673244 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:37.003338 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:37.323551 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:37.634724 osdx OSDxCLI[77508]: User 'admin' executed a new command: 'system journal show | cat'. May 11 23:47:37.635482 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:37] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [dns.dut0] using fallback resolvers over tcp May 11 23:47:37.865934 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:37] [NOTICE] [DUT0] OK (DoH) - rtt: 137ms May 11 23:47:37.865934 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:37] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 137ms) May 11 23:47:37.865934 osdx dnscrypt-proxy[173426]: [2025-05-11 23:47:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13