Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:17.287320 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 07:54:17.288626 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:54:17.288676 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:54:17.299030 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:17.558913 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:17.901997 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:17.988064 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:54:18.070475 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:18.158049 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:18.284546 osdx INFO[119995]: FRR daemons did not change Jun 23 07:54:18.312665 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:18.442687 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:18.477113 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:18.515751 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:18.654698 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:54:19.898054 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:20.019880 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:54:20.095707 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:54:20.216923 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:54:20.314843 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:54:20.419581 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:54:20.497565 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 23 07:54:20.558042 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 23 07:54:20.661549 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:54:20.732400 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 23 07:54:20.892592 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:20.995661 osdx INFO[120108]: FRR daemons did not change Jun 23 07:54:21.009474 osdx ca-certificates[120124]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:21.505475 osdx ubnt-cfgd[121122]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:21.513646 osdx ca-certificates[121128]: 1 added, 0 removed; done. Jun 23 07:54:21.516431 osdx ca-certificates[121134]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:21.519022 osdx ca-certificates[121136]: done. Jun 23 07:54:21.653094 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:21.656022 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:21.661077 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:21.706454 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:21.709866 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:21.710038 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Network connectivity detected Jun 23 07:54:21.710173 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Dropping privileges Jun 23 07:54:21.712494 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Network connectivity detected Jun 23 07:54:21.712538 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:21.712538 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:21.712538 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 23 07:54:21.712576 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Firefox workaround initialized Jun 23 07:54:21.712576 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpv9dt_8id] Jun 23 07:54:21.834008 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] [RD] OK (DoH) - rtt: 95ms Jun 23 07:54:21.834008 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 95ms) Jun 23 07:54:21.834008 osdx dnscrypt-proxy[121196]: [2025-06-23 07:54:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:17.292167 osdx systemd-journald[1537]: Runtime Journal (/run/log/journal/904066e2ce1346e1b59b092eb2722774) is 992.0K, max 7.2M, 6.2M free. Jun 23 07:54:17.295730 osdx systemd-journald[1537]: Received client request to rotate journal, rotating. Jun 23 07:54:17.295793 osdx systemd-journald[1537]: Vacuuming done, freed 0B of archived journals from /run/log/journal/904066e2ce1346e1b59b092eb2722774. Jun 23 07:54:17.302813 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:17.515858 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:18.722121 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:18.805911 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 23 07:54:18.881181 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:19.006766 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service ssh'. Jun 23 07:54:19.088398 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:19.255035 osdx INFO[58346]: FRR daemons did not change Jun 23 07:54:19.275720 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:19.440144 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 23 07:54:19.452124 osdx sshd[58416]: Server listening on 0.0.0.0 port 22. Jun 23 07:54:19.452331 osdx sshd[58416]: Server listening on :: port 22. Jun 23 07:54:19.452440 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 23 07:54:19.474225 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:19.503096 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:19.533375 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:19.673261 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 23 07:54:21.880336 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:21.940580 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 23 07:54:22.034995 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 23 07:54:22.090982 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 23 07:54:22.195243 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 23 07:54:22.249616 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 23 07:54:22.348477 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 23 07:54:22.407603 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd'. Jun 23 07:54:22.508977 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:22.590598 osdx INFO[58473]: FRR daemons did not change Jun 23 07:54:22.604438 osdx ca-certificates[58489]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:23.058170 osdx ubnt-cfgd[59487]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:23.066635 osdx ca-certificates[59494]: 1 added, 0 removed; done. Jun 23 07:54:23.069421 osdx ca-certificates[59499]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:23.072152 osdx ca-certificates[59501]: done. Jun 23 07:54:23.168069 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:23.169448 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:23.172229 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:23.200972 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:23.201540 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:23.201799 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Network connectivity detected Jun 23 07:54:23.202070 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Dropping privileges Jun 23 07:54:23.204741 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Network connectivity detected Jun 23 07:54:23.204795 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:23.204795 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:23.204795 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Firefox workaround initialized Jun 23 07:54:23.204795 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgmln0jlc] Jun 23 07:54:23.367440 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 07:54:23.434820 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] [DUT0] OK (DoH) - rtt: 131ms Jun 23 07:54:23.434820 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 131ms) Jun 23 07:54:23.434820 osdx dnscrypt-proxy[59508]: [2025-06-23 07:54:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:31.330473 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:54:31.332633 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:54:31.332678 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:54:31.340216 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:31.590423 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:31.817193 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:31.890879 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:54:31.977496 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:32.044544 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:32.147508 osdx INFO[122845]: FRR daemons did not change Jun 23 07:54:32.164647 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:32.259077 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:32.293130 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:32.309542 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:32.444086 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:54:33.538168 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:54:33.683490 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:33.745624 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:54:33.847880 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:54:33.913256 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 23 07:54:34.006861 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 23 07:54:34.064446 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 23 07:54:34.164581 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 23 07:54:34.220905 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:54:34.319378 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 23 07:54:34.399069 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:34.497601 osdx INFO[122960]: FRR daemons did not change Jun 23 07:54:34.510416 osdx ca-certificates[122975]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:35.011780 osdx ubnt-cfgd[123974]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:35.019517 osdx ca-certificates[123980]: 1 added, 0 removed; done. Jun 23 07:54:35.022344 osdx ca-certificates[123986]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:35.025069 osdx ca-certificates[123988]: done. Jun 23 07:54:35.153010 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:35.154627 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:35.158372 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:35.189869 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:35.195483 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:35.195648 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Network connectivity detected Jun 23 07:54:35.195837 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Dropping privileges Jun 23 07:54:35.198633 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Network connectivity detected Jun 23 07:54:35.198724 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:35.198755 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:35.198793 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 23 07:54:35.198837 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Firefox workaround initialized Jun 23 07:54:35.198863 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5w9gc4si] Jun 23 07:54:35.351252 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] [RD] OK (DoH) - rtt: 128ms Jun 23 07:54:35.351252 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 128ms) Jun 23 07:54:35.351252 osdx dnscrypt-proxy[124048]: [2025-06-23 07:54:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:31.328176 osdx systemd-journald[1537]: Runtime Journal (/run/log/journal/904066e2ce1346e1b59b092eb2722774) is 1016.0K, max 7.2M, 6.2M free. Jun 23 07:54:31.330153 osdx systemd-journald[1537]: Received client request to rotate journal, rotating. Jun 23 07:54:31.330236 osdx systemd-journald[1537]: Vacuuming done, freed 0B of archived journals from /run/log/journal/904066e2ce1346e1b59b092eb2722774. Jun 23 07:54:31.341034 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:31.546131 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:32.503336 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:32.580818 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 23 07:54:32.663523 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:32.717031 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service ssh'. Jun 23 07:54:32.826784 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:32.894492 osdx INFO[61143]: FRR daemons did not change Jun 23 07:54:32.913952 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:33.070304 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 23 07:54:33.082481 osdx sshd[61213]: Server listening on 0.0.0.0 port 22. Jun 23 07:54:33.082677 osdx sshd[61213]: Server listening on :: port 22. Jun 23 07:54:33.082781 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 23 07:54:33.106404 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:33.145742 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:33.165169 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:33.316886 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 23 07:54:35.418926 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd'. Jun 23 07:54:35.558654 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:35.634267 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 23 07:54:35.729758 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 23 07:54:35.791661 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 23 07:54:35.925219 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 23 07:54:36.110252 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:36.214339 osdx INFO[61270]: FRR daemons did not change Jun 23 07:54:36.230624 osdx ca-certificates[61286]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:36.777203 osdx ubnt-cfgd[62284]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:36.787839 osdx ca-certificates[62290]: 1 added, 0 removed; done. Jun 23 07:54:36.792020 osdx ca-certificates[62296]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:36.796011 osdx ca-certificates[62298]: done. Jun 23 07:54:36.878264 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:36.880341 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:36.884197 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:36.909991 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:36.910248 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Network connectivity detected Jun 23 07:54:36.910278 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Dropping privileges Jun 23 07:54:36.912198 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Network connectivity detected Jun 23 07:54:36.912271 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:36.912271 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:36.912271 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Firefox workaround initialized Jun 23 07:54:36.912271 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:36] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpejmynvoa] Jun 23 07:54:36.915481 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:37.111196 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:37] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Jun 23 07:54:37.111196 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:37] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms) Jun 23 07:54:37.111196 osdx dnscrypt-proxy[62305]: [2025-06-23 07:54:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 23 07:54:37.117993 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 23 07:54:45.324624 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 07:54:45.327018 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:54:45.327072 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:54:45.337439 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:45.548775 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:45.801536 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:45.880315 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:54:45.974913 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:46.072533 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:46.176420 osdx INFO[125697]: FRR daemons did not change Jun 23 07:54:46.199022 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:46.315877 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:46.348361 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:46.369923 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:46.514887 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:54:47.574571 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 23 07:54:47.721471 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:47.795908 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:54:47.904865 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:54:47.984250 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 23 07:54:48.082406 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 23 07:54:48.142786 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 23 07:54:48.272479 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 23 07:54:48.334279 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:54:48.448226 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 23 07:54:48.549158 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 23 07:54:48.629712 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 23 07:54:48.757377 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:48.846534 osdx INFO[125813]: FRR daemons did not change Jun 23 07:54:48.859081 osdx ca-certificates[125829]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:49.376344 osdx ubnt-cfgd[126827]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:49.387049 osdx ca-certificates[126832]: 1 added, 0 removed; done. Jun 23 07:54:49.390238 osdx ca-certificates[126839]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:49.393339 osdx ca-certificates[126841]: done. Jun 23 07:54:49.539389 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:49.540792 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:49.542989 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:49.567304 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:49.570468 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:49.570622 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Network connectivity detected Jun 23 07:54:49.570756 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Dropping privileges Jun 23 07:54:49.572901 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Network connectivity detected Jun 23 07:54:49.572947 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:49.572947 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:49.572947 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 23 07:54:49.572947 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Firefox workaround initialized Jun 23 07:54:49.572947 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpz7s_7p38] Jun 23 07:54:49.573446 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 23 07:54:49.573474 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 23 07:54:49.573474 osdx dnscrypt-proxy[126901]: [2025-06-23 07:54:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:45.276949 osdx systemd-journald[1537]: Runtime Journal (/run/log/journal/904066e2ce1346e1b59b092eb2722774) is 1.0M, max 7.2M, 6.2M free. Jun 23 07:54:45.277854 osdx systemd-journald[1537]: Received client request to rotate journal, rotating. Jun 23 07:54:45.277903 osdx systemd-journald[1537]: Vacuuming done, freed 0B of archived journals from /run/log/journal/904066e2ce1346e1b59b092eb2722774. Jun 23 07:54:45.286306 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:45.501710 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:46.560390 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:46.637657 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 23 07:54:46.722208 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:46.772387 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service ssh'. Jun 23 07:54:46.890452 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:46.960235 osdx INFO[63939]: FRR daemons did not change Jun 23 07:54:46.981585 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:47.142094 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 23 07:54:47.152854 osdx sshd[64009]: Server listening on 0.0.0.0 port 22. Jun 23 07:54:47.153046 osdx sshd[64009]: Server listening on :: port 22. Jun 23 07:54:47.153159 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 23 07:54:47.174192 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:47.199730 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:47.215802 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:47.360374 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 23 07:54:49.751771 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:49.867180 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 23 07:54:49.936137 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 23 07:54:50.037182 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 23 07:54:50.105830 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 23 07:54:50.204720 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 23 07:54:50.266004 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 23 07:54:50.364015 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd'. Jun 23 07:54:50.435623 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:50.542499 osdx INFO[64066]: FRR daemons did not change Jun 23 07:54:50.555388 osdx ca-certificates[64082]: Updating certificates in /etc/ssl/certs... Jun 23 07:54:51.034626 osdx ubnt-cfgd[65080]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:54:51.043588 osdx ca-certificates[65087]: 1 added, 0 removed; done. Jun 23 07:54:51.046882 osdx ca-certificates[65092]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:54:51.050034 osdx ca-certificates[65094]: done. Jun 23 07:54:51.125962 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:54:51.127624 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:51.130856 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:51.150458 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:54:51.150747 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Network connectivity detected Jun 23 07:54:51.150983 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Dropping privileges Jun 23 07:54:51.152996 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Network connectivity detected Jun 23 07:54:51.153040 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:54:51.153040 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:54:51.153040 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Firefox workaround initialized Jun 23 07:54:51.153040 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyjdx5gq5] Jun 23 07:54:51.160972 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:51.307175 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] [DUT0] OK (DoH) - rtt: 112ms Jun 23 07:54:51.307314 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 112ms) Jun 23 07:54:51.307349 osdx dnscrypt-proxy[65101]: [2025-06-23 07:54:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 23 07:54:57.305426 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 07:54:57.309036 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:54:57.309105 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:54:57.314700 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:57.537741 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:57.795108 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:54:57.894420 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:54:57.971973 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:58.087770 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:58.157203 osdx INFO[128550]: FRR daemons did not change Jun 23 07:54:58.177033 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:58.286519 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:54:58.313494 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:54:58.334265 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:54:58.501843 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:54:59.693260 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 23 07:54:59.798948 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 23 07:54:59.953221 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:55:00.014659 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:55:00.104539 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:55:00.167571 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 23 07:55:00.260371 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 23 07:55:00.319713 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 23 07:55:00.419630 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 23 07:55:00.478510 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 23 07:55:00.590517 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:55:00.675138 osdx INFO[128666]: FRR daemons did not change Jun 23 07:55:00.688997 osdx ca-certificates[128681]: Updating certificates in /etc/ssl/certs... Jun 23 07:55:01.197184 osdx ubnt-cfgd[129680]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:55:01.207637 osdx ca-certificates[129686]: 1 added, 0 removed; done. Jun 23 07:55:01.210617 osdx ca-certificates[129692]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:55:01.213536 osdx ca-certificates[129694]: done. Jun 23 07:55:01.349357 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:55:01.351167 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:55:01.353421 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:55:01.371438 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:55:01.380028 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:55:01.380299 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Network connectivity detected Jun 23 07:55:01.380585 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Dropping privileges Jun 23 07:55:01.382804 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Network connectivity detected Jun 23 07:55:01.382856 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:55:01.382856 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:55:01.382856 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 23 07:55:01.382856 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Firefox workaround initialized Jun 23 07:55:01.382856 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyh81tuev] Jun 23 07:55:01.383429 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 23 07:55:01.383467 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 23 07:55:01.383491 osdx dnscrypt-proxy[129757]: [2025-06-23 07:55:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 23 07:54:57.271498 osdx systemd-journald[1537]: Runtime Journal (/run/log/journal/904066e2ce1346e1b59b092eb2722774) is 1.0M, max 7.2M, 6.2M free. Jun 23 07:54:57.271994 osdx systemd-journald[1537]: Received client request to rotate journal, rotating. Jun 23 07:54:57.272046 osdx systemd-journald[1537]: Vacuuming done, freed 0B of archived journals from /run/log/journal/904066e2ce1346e1b59b092eb2722774. Jun 23 07:54:57.284028 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:54:57.503424 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:54:58.580124 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:54:58.737067 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 23 07:54:58.795118 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:54:58.890657 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service ssh'. Jun 23 07:54:58.966658 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:54:59.061210 osdx INFO[66729]: FRR daemons did not change Jun 23 07:54:59.087746 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:54:59.248261 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 23 07:54:59.262621 osdx sshd[66799]: Server listening on 0.0.0.0 port 22. Jun 23 07:54:59.262924 osdx sshd[66799]: Server listening on :: port 22. Jun 23 07:54:59.263103 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 23 07:54:59.288700 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:54:59.322487 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:54:59.350415 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:54:59.499214 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 23 07:55:01.622370 osdx OSDxCLI[1792]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash fe1b6476c15b9c51701fcb34aaee5e126f5194af75293335415f2d3300b483dd'. Jun 23 07:55:01.849286 osdx OSDxCLI[1792]: User 'admin' entered the configuration menu. Jun 23 07:55:01.931364 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 23 07:55:02.031540 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 23 07:55:02.154129 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 23 07:55:02.285738 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg_htkdsFbnFFwH8s0qu5eEm9RlK91KTM1QV8tMwC0g90NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 23 07:55:02.422956 osdx OSDxCLI[1792]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:55:02.502174 osdx INFO[66859]: FRR daemons did not change Jun 23 07:55:02.515341 osdx ca-certificates[66875]: Updating certificates in /etc/ssl/certs... Jun 23 07:55:03.003700 osdx ubnt-cfgd[67873]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:55:03.012215 osdx ca-certificates[67880]: 1 added, 0 removed; done. Jun 23 07:55:03.015351 osdx ca-certificates[67885]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:55:03.018334 osdx ca-certificates[67887]: done. Jun 23 07:55:03.088108 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:55:03.090137 osdx cfgd[1243]: [1792]Completed change to active configuration Jun 23 07:55:03.092204 osdx OSDxCLI[1792]: User 'admin' committed the configuration. Jun 23 07:55:03.108930 osdx OSDxCLI[1792]: User 'admin' left the configuration menu. Jun 23 07:55:03.119376 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] dnscrypt-proxy 2.0.45 Jun 23 07:55:03.119376 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Network connectivity detected Jun 23 07:55:03.119376 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Dropping privileges Jun 23 07:55:03.122292 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Network connectivity detected Jun 23 07:55:03.122292 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 23 07:55:03.122292 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 23 07:55:03.122292 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Firefox workaround initialized Jun 23 07:55:03.122292 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmparbebspc] Jun 23 07:55:03.276990 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms Jun 23 07:55:03.276990 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) Jun 23 07:55:03.276990 osdx dnscrypt-proxy[67894]: [2025-06-23 07:55:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13