Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:05:15.316997 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.2M free. May 26 12:05:15.318383 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:05:15.318436 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:05:15.327490 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:15.721766 osdx osdx-coredump[182112]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:15.729554 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:16.267599 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:16.389179 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:05:16.442235 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:16.551676 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:16.624222 osdx INFO[182132]: FRR daemons did not change May 26 12:05:16.642385 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:16.742842 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:16.777065 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:16.794147 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:16.941916 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:05:18.145320 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:18.204564 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:05:18.301786 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:05:18.371065 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 26 12:05:18.463556 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 26 12:05:18.577118 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. May 26 12:05:18.646022 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 26 12:05:18.755487 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 26 12:05:18.810213 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:05:18.911775 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 26 12:05:19.004664 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:19.110158 osdx INFO[182245]: FRR daemons did not change May 26 12:05:19.125373 osdx ca-certificates[182261]: Updating certificates in /etc/ssl/certs... May 26 12:05:19.621883 osdx ca-certificates[183264]: 1 added, 0 removed; done. May 26 12:05:19.625681 osdx ca-certificates[183271]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:19.628598 osdx ca-certificates[183273]: done. May 26 12:05:19.746877 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:19.748529 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:19.751874 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:19.769402 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:19.778279 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:19.778523 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Network connectivity detected May 26 12:05:19.778694 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Dropping privileges May 26 12:05:19.781405 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Network connectivity detected May 26 12:05:19.781475 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:19.781475 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:19.781475 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 26 12:05:19.781475 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Firefox workaround initialized May 26 12:05:19.781475 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpftj8pp0k] May 26 12:05:19.912470 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] [RD] OK (DoH) - rtt: 107ms May 26 12:05:19.912470 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 107ms) May 26 12:05:19.912470 osdx dnscrypt-proxy[183333]: [2025-05-26 12:05:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:05:15.325529 osdx systemd-journald[1729]: Runtime Journal (/run/log/journal/ba2ceb2530374437ab3721223a91688e) is 992.0K, max 7.2M, 6.2M free. May 26 12:05:15.327725 osdx systemd-journald[1729]: Received client request to rotate journal, rotating. May 26 12:05:15.327774 osdx systemd-journald[1729]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba2ceb2530374437ab3721223a91688e. May 26 12:05:15.335660 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:15.819302 osdx osdx-coredump[178347]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:15.830209 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:16.996896 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:17.110476 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 26 12:05:17.187139 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:17.253210 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service ssh'. May 26 12:05:17.360592 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:17.460530 osdx INFO[178374]: FRR daemons did not change May 26 12:05:17.479718 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:17.652089 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 26 12:05:17.666320 osdx sshd[178444]: Server listening on 0.0.0.0 port 22. May 26 12:05:17.666536 osdx sshd[178444]: Server listening on :: port 22. May 26 12:05:17.666672 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 26 12:05:17.691676 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:17.722635 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:17.746498 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:17.902936 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 26 12:05:20.036383 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:20.097340 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 26 12:05:20.201286 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 26 12:05:20.256998 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 26 12:05:20.360024 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 26 12:05:20.421244 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 26 12:05:20.522289 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 26 12:05:20.604240 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72'. May 26 12:05:20.734761 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:20.827048 osdx INFO[178501]: FRR daemons did not change May 26 12:05:20.844550 osdx ca-certificates[178517]: Updating certificates in /etc/ssl/certs... May 26 12:05:21.336360 osdx ca-certificates[179522]: 1 added, 0 removed; done. May 26 12:05:21.340210 osdx ca-certificates[179527]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:21.343474 osdx ca-certificates[179529]: done. May 26 12:05:21.432219 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:21.434284 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:21.438354 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:21.454972 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:21.460192 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:21.460371 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Network connectivity detected May 26 12:05:21.460437 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Dropping privileges May 26 12:05:21.462225 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Network connectivity detected May 26 12:05:21.462282 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:21.462282 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:21.462282 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Firefox workaround initialized May 26 12:05:21.462282 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp27lzbjb5] May 26 12:05:21.605860 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal show | cat'. May 26 12:05:21.679031 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] [DUT0] OK (DoH) - rtt: 128ms May 26 12:05:21.679031 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 128ms) May 26 12:05:21.679031 osdx dnscrypt-proxy[179536]: [2025-05-26 12:05:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:05:30.311161 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free. May 26 12:05:30.311594 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:05:30.311623 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:05:30.323048 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:30.647116 osdx osdx-coredump[184975]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:30.654504 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:31.136085 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:31.213932 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:05:31.289649 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:31.402635 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:31.471875 osdx INFO[184995]: FRR daemons did not change May 26 12:05:31.491456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:31.595067 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:31.623963 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:31.641749 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:31.790050 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:05:33.028570 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. May 26 12:05:33.179612 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:33.264383 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:05:33.375654 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:05:33.460329 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 26 12:05:33.562910 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 26 12:05:33.642166 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 26 12:05:33.743901 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 26 12:05:33.810872 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:05:33.951800 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 26 12:05:34.042758 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:34.141745 osdx INFO[185110]: FRR daemons did not change May 26 12:05:34.155758 osdx ca-certificates[185126]: Updating certificates in /etc/ssl/certs... May 26 12:05:34.658362 osdx ca-certificates[186130]: 1 added, 0 removed; done. May 26 12:05:34.661877 osdx ca-certificates[186136]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:34.664675 osdx ca-certificates[186138]: done. May 26 12:05:34.787735 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:34.788967 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:34.791238 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:34.809935 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:34.810203 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Network connectivity detected May 26 12:05:34.810455 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Dropping privileges May 26 12:05:34.812495 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Network connectivity detected May 26 12:05:34.812545 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:34.812545 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:34.812545 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 26 12:05:34.812545 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Firefox workaround initialized May 26 12:05:34.812613 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp10n9u8bc] May 26 12:05:34.817271 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:34.975053 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal show | cat'. May 26 12:05:34.987567 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] [RD] OK (DoH) - rtt: 112ms May 26 12:05:34.987567 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 112ms) May 26 12:05:34.987567 osdx dnscrypt-proxy[186198]: [2025-05-26 12:05:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:05:30.281688 osdx systemd-journald[1729]: Runtime Journal (/run/log/journal/ba2ceb2530374437ab3721223a91688e) is 1016.0K, max 7.2M, 6.2M free. May 26 12:05:30.282162 osdx systemd-journald[1729]: Received client request to rotate journal, rotating. May 26 12:05:30.282211 osdx systemd-journald[1729]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba2ceb2530374437ab3721223a91688e. May 26 12:05:30.293316 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:30.729414 osdx osdx-coredump[181152]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:30.737351 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:31.890166 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:32.014376 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 26 12:05:32.105076 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:32.173107 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service ssh'. May 26 12:05:32.304233 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:32.393530 osdx INFO[181179]: FRR daemons did not change May 26 12:05:32.413905 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:32.586144 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 26 12:05:32.597942 osdx sshd[181249]: Server listening on 0.0.0.0 port 22. May 26 12:05:32.598151 osdx sshd[181249]: Server listening on :: port 22. May 26 12:05:32.598259 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 26 12:05:32.623020 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:32.650576 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:32.666539 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:32.821476 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 26 12:05:37.133331 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72'. May 26 12:05:37.272371 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:37.334900 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 26 12:05:37.432278 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 26 12:05:37.488309 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 26 12:05:37.590723 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 26 12:05:37.658867 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:37.765097 osdx INFO[181306]: FRR daemons did not change May 26 12:05:37.777294 osdx ca-certificates[181322]: Updating certificates in /etc/ssl/certs... May 26 12:05:38.248147 osdx ca-certificates[182325]: 1 added, 0 removed; done. May 26 12:05:38.251332 osdx ca-certificates[182332]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:38.254152 osdx ca-certificates[182334]: done. May 26 12:05:38.330179 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:38.332178 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:38.334830 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:38.353739 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:38.353739 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Network connectivity detected May 26 12:05:38.353739 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Dropping privileges May 26 12:05:38.355649 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Network connectivity detected May 26 12:05:38.355649 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:38.355649 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:38.355649 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Firefox workaround initialized May 26 12:05:38.355649 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3lsfiic_] May 26 12:05:38.370134 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:38.547746 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal show | cat'. May 26 12:05:38.687902 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms May 26 12:05:38.688026 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) May 26 12:05:38.688061 osdx dnscrypt-proxy[182341]: [2025-05-26 12:05:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 26 12:05:46.402257 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.5M, max 15.3M, 12.7M free. May 26 12:05:46.402685 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:05:46.402715 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:05:46.412583 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:46.734771 osdx osdx-coredump[187842]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:46.744373 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:47.207017 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:47.290944 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:05:47.401596 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:47.491780 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:47.569177 osdx INFO[187862]: FRR daemons did not change May 26 12:05:47.606460 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:47.718412 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:47.744970 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:47.775447 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:47.915580 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:05:49.007413 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 26 12:05:49.148172 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:05:49.208464 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:05:49.314030 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:05:49.372746 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 26 12:05:49.470659 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 26 12:05:49.532247 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 26 12:05:49.634181 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. May 26 12:05:49.693145 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:05:49.800269 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 26 12:05:49.943595 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 26 12:05:50.031345 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 26 12:05:50.115039 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:50.241199 osdx INFO[187980]: FRR daemons did not change May 26 12:05:50.252949 osdx ca-certificates[187996]: Updating certificates in /etc/ssl/certs... May 26 12:05:50.730194 osdx ca-certificates[189000]: 1 added, 0 removed; done. May 26 12:05:50.733155 osdx ca-certificates[189006]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:50.735834 osdx ca-certificates[189008]: done. May 26 12:05:50.850729 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:50.851872 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:05:50.855007 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:05:50.871305 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:05:50.873098 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:50.873248 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Network connectivity detected May 26 12:05:50.873458 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Dropping privileges May 26 12:05:50.875920 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Network connectivity detected May 26 12:05:50.875948 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:50.875948 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:50.875974 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 26 12:05:50.875974 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Firefox workaround initialized May 26 12:05:50.875974 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpeu927t6i] May 26 12:05:50.876566 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 26 12:05:50.876623 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 26 12:05:50.876658 osdx dnscrypt-proxy[189068]: [2025-05-26 12:05:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:05:46.344005 osdx systemd-journald[1729]: Runtime Journal (/run/log/journal/ba2ceb2530374437ab3721223a91688e) is 1.0M, max 7.2M, 6.2M free. May 26 12:05:46.347357 osdx systemd-journald[1729]: Received client request to rotate journal, rotating. May 26 12:05:46.347408 osdx systemd-journald[1729]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba2ceb2530374437ab3721223a91688e. May 26 12:05:46.353265 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal clear'. May 26 12:05:46.792224 osdx osdx-coredump[183958]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:05:46.799880 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:05:47.947144 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:48.023297 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 26 12:05:48.107710 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:05:48.166182 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service ssh'. May 26 12:05:48.279247 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:48.349073 osdx INFO[183987]: FRR daemons did not change May 26 12:05:48.371384 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:05:48.539831 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 26 12:05:48.554236 osdx sshd[184057]: Server listening on 0.0.0.0 port 22. May 26 12:05:48.554466 osdx sshd[184057]: Server listening on :: port 22. May 26 12:05:48.554600 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 26 12:05:48.581242 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:48.621150 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:48.644810 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:48.792756 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 26 12:05:51.037962 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:05:51.152519 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 26 12:05:51.231685 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 26 12:05:51.341616 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 26 12:05:51.432106 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 26 12:05:51.526683 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 26 12:05:51.595866 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 26 12:05:51.711318 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72'. May 26 12:05:51.799153 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:05:51.912013 osdx INFO[184114]: FRR daemons did not change May 26 12:05:51.924289 osdx ca-certificates[184130]: Updating certificates in /etc/ssl/certs... May 26 12:05:52.378155 osdx ca-certificates[185135]: 1 added, 0 removed; done. May 26 12:05:52.381150 osdx ca-certificates[185140]: Running hooks in /etc/ca-certificates/update.d... May 26 12:05:52.383962 osdx ca-certificates[185142]: done. May 26 12:05:52.451692 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:05:52.453668 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:05:52.457187 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:05:52.473921 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:05:52.474083 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Network connectivity detected May 26 12:05:52.474157 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Dropping privileges May 26 12:05:52.475913 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Network connectivity detected May 26 12:05:52.475986 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:05:52.476016 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:05:52.476055 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Firefox workaround initialized May 26 12:05:52.476081 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptp3_mkc2] May 26 12:05:52.489048 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:05:52.645046 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal show | cat'. May 26 12:05:52.710548 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] [DUT0] OK (DoH) - rtt: 112ms May 26 12:05:52.710548 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 112ms) May 26 12:05:52.710548 osdx dnscrypt-proxy[185149]: [2025-05-26 12:05:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 26 12:06:01.323255 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.2M free. May 26 12:06:01.326241 osdx systemd-journald[1847]: Received client request to rotate journal, rotating. May 26 12:06:01.326288 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8. May 26 12:06:01.332695 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'. May 26 12:06:01.669758 osdx osdx-coredump[190710]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:06:01.678881 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:06:02.196552 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:06:02.274882 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 26 12:06:02.364735 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:06:02.436977 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:06:02.540278 osdx INFO[190732]: FRR daemons did not change May 26 12:06:02.562242 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:06:02.665676 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:06:02.692498 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:06:02.710470 osdx OSDxCLI[29144]: User 'admin' left the configuration menu. May 26 12:06:02.857114 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 26 12:06:04.055932 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 26 12:06:04.146706 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. May 26 12:06:04.315383 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu. May 26 12:06:04.377636 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 26 12:06:04.489959 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 26 12:06:04.549367 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 26 12:06:04.640660 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 26 12:06:04.706723 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 26 12:06:04.805801 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 26 12:06:04.875256 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 26 12:06:05.011963 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'. May 26 12:06:05.097319 osdx INFO[190849]: FRR daemons did not change May 26 12:06:05.113853 osdx ca-certificates[190865]: Updating certificates in /etc/ssl/certs... May 26 12:06:05.611569 osdx ca-certificates[191868]: 1 added, 0 removed; done. May 26 12:06:05.614576 osdx ca-certificates[191875]: Running hooks in /etc/ca-certificates/update.d... May 26 12:06:05.617306 osdx ca-certificates[191877]: done. May 26 12:06:05.734512 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:06:05.735773 osdx cfgd[1653]: [29144]Completed change to active configuration May 26 12:06:05.738689 osdx OSDxCLI[29144]: User 'admin' committed the configuration. May 26 12:06:05.766634 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:06:05.766834 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Network connectivity detected May 26 12:06:05.766988 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Dropping privileges May 26 12:06:05.769385 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Network connectivity detected May 26 12:06:05.769425 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:06:05.769425 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:06:05.769425 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 26 12:06:05.769467 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Firefox workaround initialized May 26 12:06:05.769467 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5467lsmd] May 26 12:06:05.770094 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 26 12:06:05.770094 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 26 12:06:05.770172 osdx dnscrypt-proxy[191937]: [2025-05-26 12:06:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 26 12:06:05.788332 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 26 12:06:01.304323 osdx systemd-journald[1729]: Runtime Journal (/run/log/journal/ba2ceb2530374437ab3721223a91688e) is 1.0M, max 7.2M, 6.2M free. May 26 12:06:01.305682 osdx systemd-journald[1729]: Received client request to rotate journal, rotating. May 26 12:06:01.305731 osdx systemd-journald[1729]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba2ceb2530374437ab3721223a91688e. May 26 12:06:01.313430 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system journal clear'. May 26 12:06:01.767576 osdx osdx-coredump[186766]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 26 12:06:01.776229 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'system coredump delete all'. May 26 12:06:02.942377 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:06:03.024624 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 26 12:06:03.153994 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 26 12:06:03.217720 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service ssh'. May 26 12:06:03.331675 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:06:03.408739 osdx INFO[186796]: FRR daemons did not change May 26 12:06:03.425716 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 26 12:06:03.590033 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 26 12:06:03.601801 osdx sshd[186866]: Server listening on 0.0.0.0 port 22. May 26 12:06:03.602027 osdx sshd[186866]: Server listening on :: port 22. May 26 12:06:03.602161 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 26 12:06:03.623707 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:06:03.650033 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:06:03.690138 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:06:03.871501 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 26 12:06:06.057722 osdx OSDxCLI[112949]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash bbb0fba90e5a5a461da3643ec3ca77c137251eb61054daf37b00eda7b60dbc72'. May 26 12:06:06.204930 osdx OSDxCLI[112949]: User 'admin' entered the configuration menu. May 26 12:06:06.276215 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 26 12:06:06.377366 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 26 12:06:06.433937 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 26 12:06:06.537000 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgu7D7qQ5aWkYdo2Q-w8p3wTclHrYQVNrzewDtp7YNvHINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 26 12:06:06.603316 osdx OSDxCLI[112949]: User 'admin' added a new cfg line: 'show working'. May 26 12:06:06.704144 osdx INFO[186923]: FRR daemons did not change May 26 12:06:06.716567 osdx ca-certificates[186939]: Updating certificates in /etc/ssl/certs... May 26 12:06:07.200763 osdx ca-certificates[187944]: 1 added, 0 removed; done. May 26 12:06:07.203737 osdx ca-certificates[187949]: Running hooks in /etc/ca-certificates/update.d... May 26 12:06:07.206539 osdx ca-certificates[187951]: done. May 26 12:06:07.282076 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 26 12:06:07.284738 osdx cfgd[1437]: [112949]Completed change to active configuration May 26 12:06:07.292760 osdx OSDxCLI[112949]: User 'admin' committed the configuration. May 26 12:06:07.309028 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] dnscrypt-proxy 2.0.45 May 26 12:06:07.309232 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Network connectivity detected May 26 12:06:07.309290 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Dropping privileges May 26 12:06:07.311345 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Network connectivity detected May 26 12:06:07.311345 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 26 12:06:07.311345 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 26 12:06:07.311345 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Firefox workaround initialized May 26 12:06:07.311345 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdhcqpsov] May 26 12:06:07.325003 osdx OSDxCLI[112949]: User 'admin' left the configuration menu. May 26 12:06:07.465413 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] [DUT0] OK (DoH) - rtt: 106ms May 26 12:06:07.465413 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 106ms) May 26 12:06:07.465413 osdx dnscrypt-proxy[187958]: [2025-05-26 12:06:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13