Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:04:29.333180 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.2M free. May 26 12:04:29.335570 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:04:29.335618 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:04:29.343841 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:04:29.686991 osdx osdx-coredump[170384]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:04:29.694741 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:04:30.218451 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:30.295162 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:04:30.384169 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:04:30.486073 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:30.552318 osdx INFO[170404]: FRR daemons did not change May 26 12:04:30.571578 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:04:30.679169 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:30.716786 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:30.732705 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:30.877045 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:04:31.001440 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:31.061036 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:04:31.162916 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:04:31.227078 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 26 12:04:31.321476 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 26 12:04:31.384507 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. May 26 12:04:31.477134 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:04:31.560802 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:31.662726 osdx INFO[170514]: FRR daemons did not change May 26 12:04:31.676540 osdx ca-certificates[170530]: Updating certificates in /etc/ssl/certs... May 26 12:04:32.225390 osdx ca-certificates[171534]: 1 added, 0 removed; done. May 26 12:04:32.229364 osdx ca-certificates[171540]: Running hooks in /etc/ca-certificates/update.d... May 26 12:04:32.232585 osdx ca-certificates[171542]: done. May 26 12:04:32.343881 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:04:32.345283 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:32.348561 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:32.376050 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:04:32.376306 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Network connectivity detected May 26 12:04:32.376364 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Dropping privileges May 26 12:04:32.378858 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:32.379341 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Network connectivity detected May 26 12:04:32.379379 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:04:32.379379 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:04:32.379420 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Firefox workaround initialized May 26 12:04:32.379420 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp93exdw5d] May 26 12:04:32.540454 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] [RD] OK (DoH) - rtt: 133ms May 26 12:04:32.540454 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 133ms) May 26 12:04:32.540454 osdx dnscrypt-proxy[171599]: [2025-05-26 12:04:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 26 12:04:32.543825 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:04:40.301280 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free. May 26 12:04:40.302597 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:04:40.302639 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:04:40.312867 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:04:40.638656 osdx osdx-coredump[173244]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:04:40.647933 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:04:41.142787 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:41.283945 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:04:41.351944 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:04:41.488993 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:41.554479 osdx INFO[173264]: FRR daemons did not change May 26 12:04:41.586601 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:04:41.686676 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:41.711812 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:41.763470 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:41.869467 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:04:41.998990 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. May 26 12:04:42.137435 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:42.197287 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:04:42.297227 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:04:42.358797 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 26 12:04:42.451428 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:04:42.524094 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:42.623617 osdx INFO[173375]: FRR daemons did not change May 26 12:04:42.635908 osdx ca-certificates[173391]: Updating certificates in /etc/ssl/certs... May 26 12:04:43.103525 osdx ca-certificates[174395]: 1 added, 0 removed; done. May 26 12:04:43.106390 osdx ca-certificates[174401]: Running hooks in /etc/ca-certificates/update.d... May 26 12:04:43.109204 osdx ca-certificates[174403]: done. May 26 12:04:43.203104 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:04:43.205346 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:43.210062 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:43.229907 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:43.233674 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:04:43.233822 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Network connectivity detected May 26 12:04:43.233949 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Dropping privileges May 26 12:04:43.235929 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Network connectivity detected May 26 12:04:43.236002 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:04:43.236030 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:04:43.236068 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Firefox workaround initialized May 26 12:04:43.236092 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpajx8hzro] May 26 12:04:43.377810 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] [RD] OK (DoH) - rtt: 117ms May 26 12:04:43.377810 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] Server with the lowest initial latency: RD (rtt: 117ms) May 26 12:04:43.377810 osdx dnscrypt-proxy[174460]: [2025-05-26 12:04:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 26 12:04:48.300577 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free. May 26 12:04:48.302597 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:04:48.302654 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:04:48.311734 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:04:48.647354 osdx osdx-coredump[176101]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:04:48.654976 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:04:49.158036 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:49.233566 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:04:49.333502 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:04:49.413842 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:49.538663 osdx INFO[176121]: FRR daemons did not change May 26 12:04:49.558618 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:04:49.678615 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:49.714516 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:49.732694 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:49.894298 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:04:52.066360 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 26 12:04:52.205016 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:52.265105 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:04:52.365152 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:04:52.424244 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 26 12:04:52.521495 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 26 12:04:52.582962 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 26 12:04:52.688386 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. May 26 12:04:52.739815 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:04:52.873498 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:52.988853 osdx INFO[176234]: FRR daemons did not change May 26 12:04:53.005456 osdx ca-certificates[176250]: Updating certificates in /etc/ssl/certs... May 26 12:04:53.501020 osdx ca-certificates[177254]: 1 added, 0 removed; done. May 26 12:04:53.503815 osdx ca-certificates[177260]: Running hooks in /etc/ca-certificates/update.d... May 26 12:04:53.507534 osdx ca-certificates[177262]: done. May 26 12:04:53.614938 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:04:53.615915 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:53.618394 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:53.639772 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:04:53.639958 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Network connectivity detected May 26 12:04:53.640014 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Dropping privileges May 26 12:04:53.642108 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:53.642564 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Network connectivity detected May 26 12:04:53.642598 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:04:53.642598 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:04:53.642629 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Firefox workaround initialized May 26 12:04:53.642629 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf8db6_fr] May 26 12:04:53.643247 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 26 12:04:53.643247 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 26 12:04:53.643308 osdx dnscrypt-proxy[177319]: [2025-05-26 12:04:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 26 12:04:58.313526 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free. May 26 12:04:58.313997 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:04:58.314028 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:04:58.326853 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:04:58.664395 osdx osdx-coredump[178960]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:04:58.671968 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:04:59.142061 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:04:59.217804 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:04:59.311518 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:04:59.395019 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:04:59.499883 osdx INFO[178980]: FRR daemons did not change May 26 12:04:59.517675 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:04:59.615426 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:04:59.642291 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:04:59.658334 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:04:59.815547 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:04:59.998845 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 26 12:05:00.104444 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. May 26 12:05:00.242585 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:00.303891 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:05:00.405807 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:05:00.494028 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 26 12:05:00.599738 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:05:00.683623 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:00.816867 osdx INFO[179093]: FRR daemons did not change May 26 12:05:00.828694 osdx ca-certificates[179109]: Updating certificates in /etc/ssl/certs... May 26 12:05:01.366953 osdx ca-certificates[180112]: 1 added, 0 removed; done. May 26 12:05:01.369717 osdx ca-certificates[180119]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:01.372524 osdx ca-certificates[180121]: done. May 26 12:05:01.466003 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:01.467354 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:01.469900 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:01.489058 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:01.492424 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:01.492570 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Network connectivity detected May 26 12:05:01.492721 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Dropping privileges May 26 12:05:01.495262 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Network connectivity detected May 26 12:05:01.495293 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:01.495293 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:01.495325 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Firefox workaround initialized May 26 12:05:01.495325 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphggn8kn3] May 26 12:05:01.495937 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 26 12:05:01.495970 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 26 12:05:01.495970 osdx dnscrypt-proxy[180178]: [2025-05-26 12:05:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16