Source
Test suite to validate using one or multiple ciphers to protect DoH connection
Valid Source
Description
Configures a valid source with the expected minisign key and checks that everything works.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key RWReB5mDuOeaTDVNWX+86++FF/CEyaar0EVGnX6lz2U4e3mcPOt0pEtl set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
(?m)^.*\[rd-server\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 03 18:17:56.373605 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 18:17:56.374124 osdx systemd-journald[262779]: Received client request to rotate journal, rotating. Jun 03 18:17:56.374166 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 18:17:56.385875 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'. Jun 03 18:17:56.687392 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 18:17:56.985727 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu. Jun 03 18:17:57.091745 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 18:17:57.181878 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 03 18:17:57.244021 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'. Jun 03 18:17:57.345157 osdx ubnt-cfgd[966720]: inactive Jun 03 18:17:57.366957 osdx INFO[966727]: FRR daemons did not change Jun 03 18:17:57.401809 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 18:17:57.449201 osdx WARNING[966798]: No supported link modes on interface eth0 Jun 03 18:17:57.451311 osdx modulelauncher[966798]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 18:17:57.451329 osdx modulelauncher[966798]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 18:17:57.452891 osdx modulelauncher[966798]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 18:17:57.452902 osdx modulelauncher[966798]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 18:17:57.689862 osdx cfgd[1899]: [893656]Completed change to active configuration Jun 03 18:17:57.690458 osdx OSDxCLI[893656]: User 'admin' committed the configuration. Jun 03 18:17:57.713416 osdx OSDxCLI[893656]: User 'admin' left the configuration menu. Jun 03 18:17:57.879623 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 03 18:17:57.962301 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 18:17:58.137821 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu. Jun 03 18:17:58.224485 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 03 18:17:58.308824 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'. Jun 03 18:17:58.438397 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key RWReB5mDuOeaTDVNWX+86++FF/CEyaar0EVGnX6lz2U4e3mcPOt0pEtl'. Jun 03 18:17:58.506299 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name rd-server'. Jun 03 18:17:58.625585 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'. Jun 03 18:17:58.765071 osdx ubnt-cfgd[966902]: inactive Jun 03 18:17:58.788463 osdx INFO[966911]: FRR daemons did not change Jun 03 18:17:58.802652 osdx ca-certificates[966927]: Updating certificates in /etc/ssl/certs... Jun 03 18:17:59.351763 osdx ubnt-cfgd[967939]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 03 18:17:59.361174 osdx ca-certificates[967944]: 1 added, 0 removed; done. Jun 03 18:17:59.364263 osdx ca-certificates[967951]: Running hooks in /etc/ca-certificates/update.d... Jun 03 18:17:59.367139 osdx ca-certificates[967953]: done. Jun 03 18:17:59.434149 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 03 18:17:59.440219 osdx cfgd[1899]: [893656]Completed change to active configuration Jun 03 18:17:59.440641 osdx OSDxCLI[893656]: User 'admin' committed the configuration. Jun 03 18:17:59.464260 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] dnscrypt-proxy 2.0.45 Jun 03 18:17:59.464478 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Network connectivity detected Jun 03 18:17:59.464549 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Dropping privileges Jun 03 18:17:59.467136 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Network connectivity detected Jun 03 18:17:59.467190 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 03 18:17:59.467190 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 03 18:17:59.468387 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-gy3b5r5ywdx4v46m.tmp: permission denied Jun 03 18:17:59.468387 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Source [RD] loaded Jun 03 18:17:59.468457 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [WARNING] Missing stamp for server [server-name`] Jun 03 18:17:59.468457 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [WARNING] Error in source [RD]: [Missing stamp for server [server-name`]] -- Continuing with reduced server count [1] Jun 03 18:17:59.468457 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Firefox workaround initialized Jun 03 18:17:59.468457 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpox9ex89e] Jun 03 18:17:59.469653 osdx OSDxCLI[893656]: User 'admin' left the configuration menu. Jun 03 18:17:59.636069 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 18:17:59.715298 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] [rd-server] OK (DoH) - rtt: 112ms Jun 03 18:17:59.715298 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] Server with the lowest initial latency: rd-server (rtt: 112ms) Jun 03 18:17:59.715298 osdx dnscrypt-proxy[967957]: [2026-06-03 18:17:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Valid Source With Prefix
Description
Configures a valid source with the expected minisign key and checks that everything works. Additionally, uses a prefix to avoid the duplicity of servers with the same name.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name PRIVATE-rd-server set service dns proxy source RD minisign-key RWReB5mDuOeaTDVNWX+86++FF/CEyaar0EVGnX6lz2U4e3mcPOt0pEtl set service dns proxy source RD prefix PRIVATE- set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
(?m)^.*\[PRIVATE-rd-server\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 03 18:18:07.289089 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 2.1M, max 13.8M, 11.6M free. Jun 03 18:18:07.291103 osdx systemd-journald[262779]: Received client request to rotate journal, rotating. Jun 03 18:18:07.291156 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 18:18:07.299700 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'. Jun 03 18:18:07.525844 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 18:18:07.794958 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu. Jun 03 18:18:07.888465 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 18:18:07.980083 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 03 18:18:08.087068 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'. Jun 03 18:18:08.146659 osdx ubnt-cfgd[969683]: inactive Jun 03 18:18:08.169367 osdx INFO[969690]: FRR daemons did not change Jun 03 18:18:08.203121 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 18:18:08.253991 osdx WARNING[969761]: No supported link modes on interface eth0 Jun 03 18:18:08.255871 osdx modulelauncher[969761]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 18:18:08.255890 osdx modulelauncher[969761]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 18:18:08.257403 osdx modulelauncher[969761]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 18:18:08.257413 osdx modulelauncher[969761]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 18:18:08.478179 osdx cfgd[1899]: [893656]Completed change to active configuration Jun 03 18:18:08.478735 osdx OSDxCLI[893656]: User 'admin' committed the configuration. Jun 03 18:18:08.495362 osdx OSDxCLI[893656]: User 'admin' left the configuration menu. Jun 03 18:18:08.649285 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 03 18:18:08.740003 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 18:18:08.919949 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu. Jun 03 18:18:08.976097 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 03 18:18:09.074597 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'. Jun 03 18:18:09.135712 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key RWReB5mDuOeaTDVNWX+86++FF/CEyaar0EVGnX6lz2U4e3mcPOt0pEtl'. Jun 03 18:18:09.225693 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy source RD prefix PRIVATE-'. Jun 03 18:18:09.282483 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name PRIVATE-rd-server'. Jun 03 18:18:09.434139 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'. Jun 03 18:18:09.495500 osdx ubnt-cfgd[969866]: inactive Jun 03 18:18:09.518412 osdx INFO[969875]: FRR daemons did not change Jun 03 18:18:09.532568 osdx ca-certificates[969891]: Updating certificates in /etc/ssl/certs... Jun 03 18:18:10.131338 osdx ubnt-cfgd[970903]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 03 18:18:10.139319 osdx ca-certificates[970909]: 1 added, 0 removed; done. Jun 03 18:18:10.142176 osdx ca-certificates[970915]: Running hooks in /etc/ca-certificates/update.d... Jun 03 18:18:10.144959 osdx ca-certificates[970917]: done. Jun 03 18:18:10.207579 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 03 18:18:10.213981 osdx cfgd[1899]: [893656]Completed change to active configuration Jun 03 18:18:10.214411 osdx OSDxCLI[893656]: User 'admin' committed the configuration. Jun 03 18:18:10.228549 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] dnscrypt-proxy 2.0.45 Jun 03 18:18:10.228749 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Network connectivity detected Jun 03 18:18:10.228812 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Dropping privileges Jun 03 18:18:10.231013 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Network connectivity detected Jun 03 18:18:10.231078 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 03 18:18:10.231078 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 03 18:18:10.232419 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-v7jj7bp6sztr7o6a.tmp: permission denied Jun 03 18:18:10.232419 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Source [RD] loaded Jun 03 18:18:10.232488 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [WARNING] Missing stamp for server [PRIVATE-server-name`] Jun 03 18:18:10.232488 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [WARNING] Error in source [RD]: [Missing stamp for server [PRIVATE-server-name`]] -- Continuing with reduced server count [1] Jun 03 18:18:10.232488 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Firefox workaround initialized Jun 03 18:18:10.232488 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpznwdsfxk] Jun 03 18:18:10.236014 osdx OSDxCLI[893656]: User 'admin' left the configuration menu. Jun 03 18:18:10.394123 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] [PRIVATE-rd-server] OK (DoH) - rtt: 139ms Jun 03 18:18:10.394123 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] Server with the lowest initial latency: PRIVATE-rd-server (rtt: 139ms) Jun 03 18:18:10.394123 osdx dnscrypt-proxy[970921]: [2026-06-03 18:18:10] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 03 18:18:10.407538 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Invalid Source
Description
Configures an invalid source with a random minisign key and expects it to fail.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy log level 0 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key F4RgwnjB5FuNIkWv3bf7t5M7 set service dns proxy source RD url 'http://10.215.168.1/~robot/invalid-source' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Invalid Minisign Key
Description
Configures a valid source but with an incorrect minisign key, which should fail.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy log level 0 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key InvalidMinisignKey== set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'