Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:49:49.374982 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.2M free. May 19 14:49:49.376899 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:49:49.376950 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:49:49.384426 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:49:49.718367 osdx osdx-coredump[143281]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:49:49.725998 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:49:50.249974 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:50.410871 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:49:50.464651 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:49:50.575606 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:50.656349 osdx INFO[143301]: FRR daemons did not change May 19 14:49:50.676909 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:49:50.797415 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:50.824126 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:50.862011 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:49:51.066409 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:49:51.294428 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:51.378707 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:49:51.488974 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:49:51.565073 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 19 14:49:51.662075 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 19 14:49:51.723042 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 19 14:49:51.819750 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:49:51.897040 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:52.006497 osdx INFO[143411]: FRR daemons did not change May 19 14:49:52.022231 osdx ca-certificates[143427]: Updating certificates in /etc/ssl/certs... May 19 14:49:52.534039 osdx ca-certificates[144431]: 1 added, 0 removed; done. May 19 14:49:52.538070 osdx ca-certificates[144437]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:52.540910 osdx ca-certificates[144439]: done. May 19 14:49:52.637264 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:52.638444 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:52.640681 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:52.659700 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:52.659906 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Network connectivity detected May 19 14:49:52.660003 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Dropping privileges May 19 14:49:52.662606 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Network connectivity detected May 19 14:49:52.662646 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:52.662646 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:52.662646 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Firefox workaround initialized May 19 14:49:52.662646 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8o2ao9da] May 19 14:49:52.667945 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:49:52.835036 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] [RD] OK (DoH) - rtt: 146ms May 19 14:49:52.835036 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 146ms) May 19 14:49:52.835036 osdx dnscrypt-proxy[144496]: [2025-05-19 14:49:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:49:52.848871 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:50:00.323697 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.3M free. May 19 14:50:00.326960 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:50:00.327016 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:50:00.333807 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:50:00.681667 osdx osdx-coredump[146141]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:50:00.689841 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:50:01.177956 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:01.261736 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:50:01.365588 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:50:01.466688 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:01.544407 osdx INFO[146161]: FRR daemons did not change May 19 14:50:01.566969 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:50:01.693044 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:01.732033 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:01.749157 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:50:01.903376 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:50:02.053731 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 19 14:50:02.203010 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:02.288638 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:50:02.402253 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:50:02.492308 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 19 14:50:02.589262 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:50:02.684218 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:02.803903 osdx INFO[146275]: FRR daemons did not change May 19 14:50:02.818197 osdx ca-certificates[146290]: Updating certificates in /etc/ssl/certs... May 19 14:50:03.387873 osdx ca-certificates[147295]: 1 added, 0 removed; done. May 19 14:50:03.390861 osdx ca-certificates[147301]: Running hooks in /etc/ca-certificates/update.d... May 19 14:50:03.393838 osdx ca-certificates[147303]: done. May 19 14:50:03.499226 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:50:03.500683 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:03.503009 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:03.521495 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:50:03.521680 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Network connectivity detected May 19 14:50:03.521730 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Dropping privileges May 19 14:50:03.523956 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Network connectivity detected May 19 14:50:03.523987 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:50:03.523987 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:50:03.524013 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Firefox workaround initialized May 19 14:50:03.524013 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpggu5ykcc] May 19 14:50:03.533757 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:50:03.648507 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] [RD] OK (DoH) - rtt: 101ms May 19 14:50:03.648507 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 101ms) May 19 14:50:03.648507 osdx dnscrypt-proxy[147360]: [2025-05-19 14:50:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 19 14:50:09.335784 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.2M free. May 19 14:50:09.339075 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:50:09.339135 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:50:09.346204 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:50:09.676856 osdx osdx-coredump[149000]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:50:09.684547 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:50:10.151245 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:10.278463 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:50:10.334619 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:50:10.439812 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:10.514169 osdx INFO[149020]: FRR daemons did not change May 19 14:50:10.535080 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:50:10.662188 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:10.691446 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:10.709120 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:50:10.860622 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:50:10.996032 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 19 14:50:11.140430 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:11.210547 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:50:11.314474 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:50:11.373573 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 19 14:50:11.473475 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 19 14:50:11.533557 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 19 14:50:11.635653 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7'. May 19 14:50:11.685926 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:50:11.799090 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:11.870127 osdx INFO[149133]: FRR daemons did not change May 19 14:50:11.885659 osdx ca-certificates[149148]: Updating certificates in /etc/ssl/certs... May 19 14:50:12.403923 osdx ca-certificates[150152]: 1 added, 0 removed; done. May 19 14:50:12.406831 osdx ca-certificates[150159]: Running hooks in /etc/ca-certificates/update.d... May 19 14:50:12.409510 osdx ca-certificates[150161]: done. May 19 14:50:12.511506 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:50:12.512750 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:12.517480 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:12.534684 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:50:12.534937 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Network connectivity detected May 19 14:50:12.534937 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Dropping privileges May 19 14:50:12.537133 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Network connectivity detected May 19 14:50:12.537164 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:50:12.537164 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:50:12.537207 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Firefox workaround initialized May 19 14:50:12.537207 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptpekfb_0] May 19 14:50:12.537683 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 19 14:50:12.537708 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 19 14:50:12.537708 osdx dnscrypt-proxy[150218]: [2025-05-19 14:50:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:50:12.544049 osdx OSDxCLI[2756]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 19 14:50:17.315737 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.3M free. May 19 14:50:17.318103 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:50:17.318164 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:50:17.325965 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:50:17.702648 osdx osdx-coredump[151860]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:50:17.710443 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:50:18.216829 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:18.296598 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:50:18.385498 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:50:18.458426 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:18.551459 osdx INFO[151880]: FRR daemons did not change May 19 14:50:18.574091 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:50:18.679984 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:18.710029 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:18.728398 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:50:18.863927 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:50:19.011323 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 19 14:50:19.114521 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443'. May 19 14:50:19.276992 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:50:19.338259 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:50:19.441529 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:50:19.504055 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 19 14:50:19.597479 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:50:19.728862 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:50:19.853161 osdx INFO[151993]: FRR daemons did not change May 19 14:50:19.866446 osdx ca-certificates[152009]: Updating certificates in /etc/ssl/certs... May 19 14:50:20.371577 osdx ca-certificates[153013]: 1 added, 0 removed; done. May 19 14:50:20.375676 osdx ca-certificates[153019]: Running hooks in /etc/ca-certificates/update.d... May 19 14:50:20.379085 osdx ca-certificates[153021]: done. May 19 14:50:20.482452 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:50:20.483697 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:50:20.485992 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:50:20.504514 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:50:20.505744 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:50:20.505908 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Network connectivity detected May 19 14:50:20.506020 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Dropping privileges May 19 14:50:20.508103 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Network connectivity detected May 19 14:50:20.508151 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:50:20.508151 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:50:20.508192 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Firefox workaround initialized May 19 14:50:20.508192 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdgptctlc] May 19 14:50:20.508738 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 19 14:50:20.508738 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 19 14:50:20.508738 osdx dnscrypt-proxy[153078]: [2025-05-19 14:50:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16