Static Server

Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.

Server With Upstream DoH

Description

Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set service dns resolver local
set service dns static host-name teldat.com inet 10.11.12.13
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:40:17.356694 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.2M free.
Mar 18 12:40:17.357256 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:40:17.357301 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:40:17.370851 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:17.821067 osdx osdx-coredump[86404]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:17.831048 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:18.448230 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:18.598884 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:40:18.674870 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:18.784291 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:18.877355 osdx INFO[86428]: FRR daemons did not change
Mar 18 12:40:18.901147 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:19.035149 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:19.071753 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:19.096245 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:40:19.270330 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:40:20.729860 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:20.849195 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:40:20.939685 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:40:21.041310 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:40:21.124448 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:40:21.218652 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:40:21.303576 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'.
Mar 18 12:40:21.420226 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'.
Mar 18 12:40:21.505620 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'.
Mar 18 12:40:21.596759 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'.
Mar 18 12:40:21.710846 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:21.814582 osdx INFO[86545]: FRR daemons did not change
Mar 18 12:40:21.832044 osdx ca-certificates[86561]: Updating certificates in /etc/ssl/certs...
Mar 18 12:40:22.533951 osdx ca-certificates[87565]: 1 added, 0 removed; done.
Mar 18 12:40:22.538153 osdx ca-certificates[87571]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:40:22.542147 osdx ca-certificates[87573]: done.
Mar 18 12:40:22.697483 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:40:22.699235 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:22.702387 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:22.728986 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:40:22.729261 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Network connectivity detected
Mar 18 12:40:22.729496 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Dropping privileges
Mar 18 12:40:22.732716 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Network connectivity detected
Mar 18 12:40:22.732802 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:40:22.732802 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:40:22.732802 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH]
Mar 18 12:40:22.732802 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Firefox workaround initialized
Mar 18 12:40:22.732886 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp62d0bmks]
Mar 18 12:40:22.737291 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:40:22.889881 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] [RD] OK (DoH) - rtt: 123ms
Mar 18 12:40:22.889881 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] Server with the lowest initial latency: RD (rtt: 123ms)
Mar 18 12:40:22.889881 osdx dnscrypt-proxy[87633]: [2025-03-18 12:40:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 3: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.215.168.65/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server-name DUT0
set service dns proxy static DUT0 protocol dns-over-https hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd
set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0
set service dns proxy static DUT0 protocol dns-over-https host port 3000
set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64
set service dns static host-name dns.dut0 inet 10.215.168.64
set service ssh
set system certificate trust 'running://CA.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:

^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:40:17.351650 osdx systemd-journald[1529]: Runtime Journal (/run/log/journal/b491cf57694a41c88ee96a0e11fa2117) is 992.0K, max 7.2M, 6.2M free.
Mar 18 12:40:17.354930 osdx systemd-journald[1529]: Received client request to rotate journal, rotating.
Mar 18 12:40:17.355028 osdx systemd-journald[1529]: Vacuuming done, freed 0B of archived journals from /run/log/journal/b491cf57694a41c88ee96a0e11fa2117.
Mar 18 12:40:17.368660 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:17.945129 osdx osdx-coredump[121447]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:17.955709 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:19.386892 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:19.549419 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'.
Mar 18 12:40:19.621983 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:19.735039 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service ssh'.
Mar 18 12:40:19.848022 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:19.949612 osdx INFO[121478]: FRR daemons did not change
Mar 18 12:40:19.974920 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:20.179218 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Mar 18 12:40:20.196234 osdx sshd[121548]: Server listening on 0.0.0.0 port 22.
Mar 18 12:40:20.196509 osdx sshd[121548]: Server listening on :: port 22.
Mar 18 12:40:20.196680 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Mar 18 12:40:20.225225 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:40:20.261458 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:40:20.294911 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:40:20.467576 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'.
Mar 18 12:40:23.027392 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:23.153888 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'.
Mar 18 12:40:23.239776 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'.
Mar 18 12:40:23.359105 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'.
Mar 18 12:40:23.458610 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'.
Mar 18 12:40:23.582826 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'.
Mar 18 12:40:23.670590 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'.
Mar 18 12:40:23.791491 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd'.
Mar 18 12:40:23.902632 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:24.019920 osdx INFO[121609]: FRR daemons did not change
Mar 18 12:40:24.054526 osdx ca-certificates[121625]: Updating certificates in /etc/ssl/certs...
Mar 18 12:40:24.793799 osdx ca-certificates[122627]: 1 added, 0 removed; done.
Mar 18 12:40:24.798145 osdx ca-certificates[122635]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:40:24.802401 osdx ca-certificates[122637]: done.
Mar 18 12:40:24.911533 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:40:24.914567 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:40:24.917766 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:40:24.943149 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:40:25.131733 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 18 12:40:25.149218 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:40:25.149526 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Network connectivity detected
Mar 18 12:40:25.149813 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Dropping privileges
Mar 18 12:40:25.152738 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Network connectivity detected
Mar 18 12:40:25.152810 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:40:25.152810 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:40:25.152810 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Firefox workaround initialized
Mar 18 12:40:25.152810 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpd7jftqe2]
Mar 18 12:40:25.428311 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] [DUT0] OK (DoH) - rtt: 139ms
Mar 18 12:40:25.428311 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 139ms)
Mar 18 12:40:25.428311 osdx dnscrypt-proxy[122644]: [2025-03-18 12:40:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

teldat.com has address 10.11.12.13

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 10.11.12.13

---

Server With Upstream DoH With Stamp

Description

Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).

Scenario

Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba at DUT0 and expect this output:

Show output

sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk

Step 2: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns proxy server-name RD
set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'
set service dns resolver local
set service dns static host-name teldat.com inet 10.11.12.13
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:40:35.390871 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.4M, max 15.3M, 12.8M free.
Mar 18 12:40:35.394433 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:40:35.394514 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:40:35.405049 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:35.825492 osdx osdx-coredump[89279]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:35.836010 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:36.447604 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:36.589327 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:40:36.663651 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:36.798352 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:36.889912 osdx INFO[89303]: FRR daemons did not change
Mar 18 12:40:36.914468 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:37.050823 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:37.086207 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:37.111414 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:40:37.286195 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:40:38.653507 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:40:38.833932 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:38.929902 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:40:39.048205 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:40:39.150803 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'.
Mar 18 12:40:39.235604 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'.
Mar 18 12:40:39.327438 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'.
Mar 18 12:40:39.419659 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'.
Mar 18 12:40:39.508815 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'.
Mar 18 12:40:39.603729 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'.
Mar 18 12:40:39.719540 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:39.847731 osdx INFO[89422]: FRR daemons did not change
Mar 18 12:40:39.866981 osdx ca-certificates[89438]: Updating certificates in /etc/ssl/certs...
Mar 18 12:40:40.568658 osdx ca-certificates[90442]: 1 added, 0 removed; done.
Mar 18 12:40:40.572527 osdx ca-certificates[90448]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:40:40.576634 osdx ca-certificates[90450]: done.
Mar 18 12:40:40.722891 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:40:40.724765 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:40.728636 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:40.755153 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:40:40.755436 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Network connectivity detected
Mar 18 12:40:40.755520 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Dropping privileges
Mar 18 12:40:40.758220 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Network connectivity detected
Mar 18 12:40:40.758276 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:40:40.758276 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:40:40.758325 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH]
Mar 18 12:40:40.758346 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Firefox workaround initialized
Mar 18 12:40:40.758346 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpejtoothz]
Mar 18 12:40:40.766113 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:40:40.916073 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] [RD] OK (DoH) - rtt: 119ms
Mar 18 12:40:40.916073 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms)
Mar 18 12:40:40.916073 osdx dnscrypt-proxy[90510]: [2025-03-18 12:40:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd at DUT1 and expect this output:

Show output

sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.215.168.65/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server-name DUT0
set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
set service dns static host-name dns.dut0 inet 10.215.168.64
set service ssh
set system certificate trust 'running://CA.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:

^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:40:35.347117 osdx systemd-journald[1529]: Runtime Journal (/run/log/journal/b491cf57694a41c88ee96a0e11fa2117) is 1016.0K, max 7.2M, 6.2M free.
Mar 18 12:40:35.349033 osdx systemd-journald[1529]: Received client request to rotate journal, rotating.
Mar 18 12:40:35.349116 osdx systemd-journald[1529]: Vacuuming done, freed 0B of archived journals from /run/log/journal/b491cf57694a41c88ee96a0e11fa2117.
Mar 18 12:40:35.360407 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:35.921316 osdx osdx-coredump[124265]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:35.931275 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:37.317407 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:37.460131 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'.
Mar 18 12:40:37.533225 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:37.618593 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service ssh'.
Mar 18 12:40:37.729310 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:37.829150 osdx INFO[124296]: FRR daemons did not change
Mar 18 12:40:37.853037 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:38.073340 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Mar 18 12:40:38.090635 osdx sshd[124366]: Server listening on 0.0.0.0 port 22.
Mar 18 12:40:38.090931 osdx sshd[124366]: Server listening on :: port 22.
Mar 18 12:40:38.091119 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Mar 18 12:40:38.121172 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:40:38.157325 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:40:38.182071 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:40:38.365957 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'.
Mar 18 12:40:41.088707 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd'.
Mar 18 12:40:41.264669 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:41.362113 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'.
Mar 18 12:40:41.474550 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'.
Mar 18 12:40:41.565501 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'.
Mar 18 12:40:41.690507 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'.
Mar 18 12:40:41.798402 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:41.895540 osdx INFO[124427]: FRR daemons did not change
Mar 18 12:40:41.914871 osdx ca-certificates[124443]: Updating certificates in /etc/ssl/certs...
Mar 18 12:40:42.590545 osdx ca-certificates[125446]: 1 added, 0 removed; done.
Mar 18 12:40:42.595045 osdx ca-certificates[125453]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:40:42.599491 osdx ca-certificates[125455]: done.
Mar 18 12:40:42.693690 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:40:42.696975 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:40:42.703547 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:40:42.731175 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:40:42.741471 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:40:42.741766 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Network connectivity detected
Mar 18 12:40:42.741864 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Dropping privileges
Mar 18 12:40:42.744611 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Network connectivity detected
Mar 18 12:40:42.747545 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:40:42.747618 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:40:42.747703 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Firefox workaround initialized
Mar 18 12:40:42.747766 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpezy60nkk]
Mar 18 12:40:42.926424 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 18 12:40:43.012851 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:43] [NOTICE] [DUT0] OK (DoH) - rtt: 127ms
Mar 18 12:40:43.012851 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:43] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 127ms)
Mar 18 12:40:43.012851 osdx dnscrypt-proxy[125462]: [2025-03-18 12:40:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

teldat.com has address 10.11.12.13

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 10.11.12.13

---

Server With Upstream DNSCrypt

Description

Configures DUT0 to connect, using DNSCrypt over an upstream server.

Scenario

Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:

Show output

91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71

Step 2: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-crypt ip 10.215.168.1
set service dns proxy static RD protocol dns-crypt port 8443
set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns
set service dns proxy static RD protocol dns-crypt provider public-key '91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71'
set service dns resolver local
set service dns static host-name teldat.com inet 10.11.12.13
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$

Show output

Mar 18 12:40:52.361452 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.2M free.
Mar 18 12:40:52.362649 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:40:52.362703 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:40:52.377409 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:52.804262 osdx osdx-coredump[92154]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:52.814344 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:53.420705 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:53.560580 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:40:53.632813 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:53.786696 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:53.878565 osdx INFO[92178]: FRR daemons did not change
Mar 18 12:40:53.902608 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:54.036939 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:54.071736 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:54.096287 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:40:54.275271 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:40:55.775117 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'.
Mar 18 12:40:55.944846 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:40:56.038280 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:40:56.173214 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:40:56.280343 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'.
Mar 18 12:40:56.365373 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'.
Mar 18 12:40:56.485090 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'.
Mar 18 12:40:56.579179 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71'.
Mar 18 12:40:56.656450 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'.
Mar 18 12:40:56.812303 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'.
Mar 18 12:40:56.904240 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'.
Mar 18 12:40:57.026864 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'.
Mar 18 12:40:57.145563 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:57.244948 osdx INFO[92298]: FRR daemons did not change
Mar 18 12:40:57.261741 osdx ca-certificates[92314]: Updating certificates in /etc/ssl/certs...
Mar 18 12:40:57.967206 osdx ca-certificates[93318]: 1 added, 0 removed; done.
Mar 18 12:40:57.971793 osdx ca-certificates[93324]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:40:57.976291 osdx ca-certificates[93326]: done.
Mar 18 12:40:58.119032 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:40:58.120612 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:40:58.123948 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:40:58.163591 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:40:58.163825 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Network connectivity detected
Mar 18 12:40:58.163965 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Dropping privileges
Mar 18 12:40:58.166859 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Network connectivity detected
Mar 18 12:40:58.166939 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:40:58.166939 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:40:58.166939 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH]
Mar 18 12:40:58.166939 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Firefox workaround initialized
Mar 18 12:40:58.167032 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6hsetqcv]
Mar 18 12:40:58.167662 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms
Mar 18 12:40:58.167662 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms)
Mar 18 12:40:58.167741 osdx dnscrypt-proxy[93386]: [2025-03-18 12:40:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Mar 18 12:40:58.180794 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.

Step 4: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.215.168.65/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server-name DUT0
set service dns proxy static DUT0 protocol dns-over-https hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd
set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0
set service dns proxy static DUT0 protocol dns-over-https host port 3000
set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64
set service dns static host-name dns.dut0 inet 10.215.168.64
set service ssh
set system certificate trust 'running://CA.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:

^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:40:52.346964 osdx systemd-journald[1529]: Runtime Journal (/run/log/journal/b491cf57694a41c88ee96a0e11fa2117) is 1.0M, max 7.2M, 6.2M free.
Mar 18 12:40:52.347446 osdx systemd-journald[1529]: Received client request to rotate journal, rotating.
Mar 18 12:40:52.347513 osdx systemd-journald[1529]: Vacuuming done, freed 0B of archived journals from /run/log/journal/b491cf57694a41c88ee96a0e11fa2117.
Mar 18 12:40:52.360238 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:40:52.919989 osdx osdx-coredump[127084]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:40:52.930273 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:40:54.400299 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:54.564190 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'.
Mar 18 12:40:54.641326 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:40:54.754067 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service ssh'.
Mar 18 12:40:54.865511 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:54.966586 osdx INFO[127115]: FRR daemons did not change
Mar 18 12:40:54.991225 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:40:55.199605 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Mar 18 12:40:55.215746 osdx sshd[127185]: Server listening on 0.0.0.0 port 22.
Mar 18 12:40:55.216011 osdx sshd[127185]: Server listening on :: port 22.
Mar 18 12:40:55.216166 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Mar 18 12:40:55.245645 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:40:55.280940 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:40:55.312600 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:40:55.501997 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'.
Mar 18 12:40:58.452531 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:40:58.575673 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'.
Mar 18 12:40:58.668047 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'.
Mar 18 12:40:58.761716 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'.
Mar 18 12:40:58.888806 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'.
Mar 18 12:40:58.971888 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'.
Mar 18 12:40:59.092114 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'.
Mar 18 12:40:59.184847 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd'.
Mar 18 12:40:59.295101 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:40:59.396639 osdx INFO[127246]: FRR daemons did not change
Mar 18 12:40:59.415847 osdx ca-certificates[127262]: Updating certificates in /etc/ssl/certs...
Mar 18 12:41:00.145473 osdx ca-certificates[128265]: 1 added, 0 removed; done.
Mar 18 12:41:00.149944 osdx ca-certificates[128272]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:41:00.154121 osdx ca-certificates[128274]: done.
Mar 18 12:41:00.259822 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:41:00.263635 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:41:00.270835 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:41:00.289992 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:41:00.290209 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Network connectivity detected
Mar 18 12:41:00.290371 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Dropping privileges
Mar 18 12:41:00.293676 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Network connectivity detected
Mar 18 12:41:00.293821 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:41:00.293895 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:41:00.293979 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Firefox workaround initialized
Mar 18 12:41:00.294042 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp58czjb_k]
Mar 18 12:41:00.300817 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:41:00.496693 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 18 12:41:00.505440 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] [DUT0] OK (DoH) - rtt: 136ms
Mar 18 12:41:00.505440 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 136ms)
Mar 18 12:41:00.505440 osdx dnscrypt-proxy[128281]: [2025-03-18 12:41:00] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

teldat.com has address 10.11.12.13

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 10.11.12.13

---

Server With Upstream DNSCrypt With Stamp

Description

Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).

Scenario

Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:

Show output

91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71

Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443 at DUT0 and expect this output:

Show output

sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z

Step 3: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server cert file 'running://dns.dut0.crt'
set service dns proxy server cert key 'running://dns.dut0.key'
set service dns proxy server-name RD
set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'
set service dns resolver local
set service dns static host-name teldat.com inet 10.11.12.13
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$

Show output

Mar 18 12:41:10.361719 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.2M free.
Mar 18 12:41:10.362310 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:41:10.362356 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:41:10.375568 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:41:10.815035 osdx osdx-coredump[95034]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:41:10.825081 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:41:11.446437 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:41:11.584826 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:41:11.660242 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:41:11.791657 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:41:11.887191 osdx INFO[95058]: FRR daemons did not change
Mar 18 12:41:11.914015 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:41:12.044962 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:41:12.079885 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:41:12.104506 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:41:12.276590 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:41:13.625495 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'.
Mar 18 12:41:13.750274 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443'.
Mar 18 12:41:13.923990 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:41:14.017518 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:41:14.134065 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:41:14.230837 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'.
Mar 18 12:41:14.310886 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns resolver local'.
Mar 18 12:41:14.401390 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'.
Mar 18 12:41:14.489267 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'.
Mar 18 12:41:14.579720 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'.
Mar 18 12:41:14.693660 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:41:14.794152 osdx INFO[95178]: FRR daemons did not change
Mar 18 12:41:14.811209 osdx ca-certificates[95194]: Updating certificates in /etc/ssl/certs...
Mar 18 12:41:15.511901 osdx ca-certificates[96197]: 1 added, 0 removed; done.
Mar 18 12:41:15.515986 osdx ca-certificates[96204]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:41:15.520066 osdx ca-certificates[96206]: done.
Mar 18 12:41:15.662468 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:41:15.663971 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:41:15.667343 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:41:15.693955 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:41:15.694188 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Network connectivity detected
Mar 18 12:41:15.694137 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:41:15.694360 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Dropping privileges
Mar 18 12:41:15.697034 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Network connectivity detected
Mar 18 12:41:15.697100 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:41:15.697100 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:41:15.697100 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH]
Mar 18 12:41:15.697164 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Firefox workaround initialized
Mar 18 12:41:15.697164 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpocv1_6y0]
Mar 18 12:41:15.697771 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms
Mar 18 12:41:15.697771 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms)
Mar 18 12:41:15.697840 osdx dnscrypt-proxy[96266]: [2025-03-18 12:41:15] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd at DUT1 and expect this output:

Show output

sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5

Step 6: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.215.168.65/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy server-name DUT0
set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'
set service dns static host-name dns.dut0 inet 10.215.168.64
set service ssh
set system certificate trust 'running://CA.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:

^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$

Show output

Mar 18 12:41:10.343807 osdx systemd-journald[1529]: Runtime Journal (/run/log/journal/b491cf57694a41c88ee96a0e11fa2117) is 1.0M, max 7.2M, 6.2M free.
Mar 18 12:41:10.344362 osdx systemd-journald[1529]: Received client request to rotate journal, rotating.
Mar 18 12:41:10.344411 osdx systemd-journald[1529]: Vacuuming done, freed 0B of archived journals from /run/log/journal/b491cf57694a41c88ee96a0e11fa2117.
Mar 18 12:41:10.358856 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:41:10.938405 osdx osdx-coredump[129906]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:41:10.948954 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:41:12.327931 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:41:12.470249 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'.
Mar 18 12:41:12.545325 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:41:12.659200 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service ssh'.
Mar 18 12:41:12.772171 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:41:12.871509 osdx INFO[129937]: FRR daemons did not change
Mar 18 12:41:12.895975 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:41:13.108408 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Mar 18 12:41:13.124920 osdx sshd[130007]: Server listening on 0.0.0.0 port 22.
Mar 18 12:41:13.125194 osdx sshd[130007]: Server listening on :: port 22.
Mar 18 12:41:13.125358 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Mar 18 12:41:13.154717 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:41:13.189015 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:41:13.218642 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:41:13.389777 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'.
Mar 18 12:41:15.965231 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 7fdb1217a04df7473bcf8ae91f48d83ff029afbf257f48d40ec3f583e9dcf6dd'.
Mar 18 12:41:16.150467 osdx OSDxCLI[60720]: User 'admin' entered the configuration menu.
Mar 18 12:41:16.247790 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'.
Mar 18 12:41:16.373234 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'.
Mar 18 12:41:16.466504 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'.
Mar 18 12:41:16.588992 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgf9sSF6BN90c7z4rpH0jYP_Apr78lf0jUDsP1g-nc9t0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'.
Mar 18 12:41:16.702910 osdx OSDxCLI[60720]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:41:16.797767 osdx INFO[130068]: FRR daemons did not change
Mar 18 12:41:16.815112 osdx ca-certificates[130084]: Updating certificates in /etc/ssl/certs...
Mar 18 12:41:17.466402 osdx ca-certificates[131087]: 1 added, 0 removed; done.
Mar 18 12:41:17.470222 osdx ca-certificates[131094]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:41:17.473980 osdx ca-certificates[131096]: done.
Mar 18 12:41:17.560432 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:41:17.563091 osdx cfgd[1234]: [60720]Completed change to active configuration
Mar 18 12:41:17.566438 osdx OSDxCLI[60720]: User 'admin' committed the configuration.
Mar 18 12:41:17.592413 osdx OSDxCLI[60720]: User 'admin' left the configuration menu.
Mar 18 12:41:17.612217 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] dnscrypt-proxy 2.0.45
Mar 18 12:41:17.612456 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Network connectivity detected
Mar 18 12:41:17.612596 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Dropping privileges
Mar 18 12:41:17.615085 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Network connectivity detected
Mar 18 12:41:17.617918 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:41:17.617988 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:41:17.618073 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Firefox workaround initialized
Mar 18 12:41:17.618135 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqpofxn3e]
Mar 18 12:41:17.782751 osdx OSDxCLI[60720]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 18 12:41:17.801210 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] [DUT0] OK (DoH) - rtt: 118ms
Mar 18 12:41:17.801210 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 118ms)
Mar 18 12:41:17.801210 osdx dnscrypt-proxy[131103]: [2025-03-18 12:41:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1

Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:

teldat.com has address 10.11.12.13

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 10.11.12.13

---