Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:53:33.297101 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 07:53:33.299408 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:53:33.299484 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:53:33.307835 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:53:33.554293 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:53:33.841109 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:33.940530 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:53:34.034517 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:53:34.113044 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:34.233061 osdx INFO[108306]: FRR daemons did not change Jun 23 07:53:34.255400 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:53:34.347418 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:34.386235 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:34.403704 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:53:34.549726 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:53:34.715048 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:34.777091 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:53:34.916676 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:53:35.008943 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:53:35.102179 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:53:35.164063 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:53:35.262094 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:53:35.334966 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:35.441352 osdx INFO[108416]: FRR daemons did not change Jun 23 07:53:35.453205 osdx ca-certificates[108432]: Updating certificates in /etc/ssl/certs... Jun 23 07:53:35.929361 osdx ubnt-cfgd[109430]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:53:35.937974 osdx ca-certificates[109436]: 1 added, 0 removed; done. Jun 23 07:53:35.941295 osdx ca-certificates[109442]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:53:35.944994 osdx ca-certificates[109444]: done. Jun 23 07:53:36.063691 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:53:36.064793 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:36.066813 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:36.085334 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:53:36.087849 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:53:36.088027 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Network connectivity detected Jun 23 07:53:36.088116 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Dropping privileges Jun 23 07:53:36.090753 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Network connectivity detected Jun 23 07:53:36.090802 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:53:36.090802 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:53:36.090802 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Firefox workaround initialized Jun 23 07:53:36.090802 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjkowp2_e] Jun 23 07:53:36.242105 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] [RD] OK (DoH) - rtt: 118ms Jun 23 07:53:36.242105 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) Jun 23 07:53:36.242105 osdx dnscrypt-proxy[109501]: [2025-06-23 07:53:36] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 23 07:53:36.249418 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:53:42.000173 osdx systemd-timedated[67608]: Changed local time to Mon 2025-06-23 07:53:42 UTC Jun 23 07:53:42.001761 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'set date 2025-06-23 07:53:42'. Jun 23 07:53:42.003375 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 07:53:42.302124 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:53:42.303388 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:53:42.303433 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:53:42.312712 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:53:42.539655 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:53:42.838059 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:42.950964 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:53:43.057000 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:53:43.231171 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:43.359217 osdx INFO[111157]: FRR daemons did not change Jun 23 07:53:43.383388 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:53:43.503565 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:43.531933 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:43.562212 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:53:43.771389 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:53:44.007024 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:53:44.196827 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:44.259061 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:53:44.378921 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:53:44.475671 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 23 07:53:44.615635 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:53:44.718353 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:44.815833 osdx INFO[111268]: FRR daemons did not change Jun 23 07:53:44.830732 osdx ca-certificates[111284]: Updating certificates in /etc/ssl/certs... Jun 23 07:53:45.350530 osdx ubnt-cfgd[112282]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:53:45.358263 osdx ca-certificates[112288]: 1 added, 0 removed; done. Jun 23 07:53:45.361064 osdx ca-certificates[112294]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:53:45.363762 osdx ca-certificates[112296]: done. Jun 23 07:53:45.467818 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:53:45.469265 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:45.471734 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:45.495443 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:53:45.495637 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Network connectivity detected Jun 23 07:53:45.495903 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Dropping privileges Jun 23 07:53:45.498650 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Network connectivity detected Jun 23 07:53:45.498650 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:53:45.498650 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:53:45.498650 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Firefox workaround initialized Jun 23 07:53:45.498650 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3hvjs_if] Jun 23 07:53:45.499092 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:53:45.664622 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] [RD] OK (DoH) - rtt: 137ms Jun 23 07:53:45.664622 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 137ms) Jun 23 07:53:45.664622 osdx dnscrypt-proxy[112353]: [2025-06-23 07:53:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 23 07:53:45.676880 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 23 07:53:53.320637 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 07:53:53.321698 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:53:53.321748 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:53:53.330820 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:53:53.575639 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:53:53.814057 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:53.951013 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:53:54.014327 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:53:54.121152 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:54.195005 osdx INFO[114010]: FRR daemons did not change Jun 23 07:53:54.213704 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:53:54.311184 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:54.337285 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:54.354187 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:53:54.498920 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:53:54.640523 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 23 07:53:54.770664 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:53:54.831506 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:53:54.976310 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:53:55.034768 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 23 07:53:55.135752 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 23 07:53:55.198599 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 23 07:53:55.302675 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 23 07:53:55.355633 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:53:55.471705 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:53:55.570090 osdx INFO[114123]: FRR daemons did not change Jun 23 07:53:55.583535 osdx ca-certificates[114138]: Updating certificates in /etc/ssl/certs... Jun 23 07:53:56.079426 osdx ubnt-cfgd[115137]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:53:56.089392 osdx ca-certificates[115143]: 1 added, 0 removed; done. Jun 23 07:53:56.093211 osdx ca-certificates[115149]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:53:56.096923 osdx ca-certificates[115151]: done. Jun 23 07:53:56.206049 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:53:56.207467 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:53:56.210063 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:53:56.228862 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:53:56.229127 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Network connectivity detected Jun 23 07:53:56.229341 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Dropping privileges Jun 23 07:53:56.231561 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Network connectivity detected Jun 23 07:53:56.231600 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:53:56.231600 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:53:56.231632 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Firefox workaround initialized Jun 23 07:53:56.231632 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpngmutqo7] Jun 23 07:53:56.232254 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 23 07:53:56.232287 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 23 07:53:56.232287 osdx dnscrypt-proxy[115208]: [2025-06-23 07:53:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 23 07:53:56.239440 osdx OSDxCLI[4485]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 23 07:54:01.336875 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 07:54:01.337689 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:54:01.337730 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:54:01.348595 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:01.571953 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:01.798436 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:01.885471 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:54:02.004398 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:02.077502 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:02.179569 osdx INFO[116862]: FRR daemons did not change Jun 23 07:54:02.197702 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:02.310259 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:02.349517 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:02.373326 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:02.513684 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:54:02.663851 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 23 07:54:02.761132 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 23 07:54:02.919607 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:02.980924 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:54:03.080130 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:54:03.144695 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 23 07:54:03.239843 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:54:03.320249 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:03.432735 osdx INFO[116975]: FRR daemons did not change Jun 23 07:54:03.445262 osdx ca-certificates[116991]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:03.919852 osdx ubnt-cfgd[117989]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:03.927434 osdx ca-certificates[117995]: 1 added, 0 removed; done. Jun 23 07:54:03.930179 osdx ca-certificates[118001]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:03.933147 osdx ca-certificates[118003]: done. Jun 23 07:54:04.029975 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:04.031226 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:04.033344 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:04.051482 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:04.052168 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:04.052355 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Network connectivity detected Jun 23 07:54:04.052457 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Dropping privileges Jun 23 07:54:04.054716 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Network connectivity detected Jun 23 07:54:04.054766 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:04.054766 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:04.054795 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Firefox workaround initialized Jun 23 07:54:04.054795 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4fj72apz] Jun 23 07:54:04.055390 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 23 07:54:04.055390 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 23 07:54:04.055452 osdx dnscrypt-proxy[118060]: [2025-06-23 07:54:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16