Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:48:43.301207 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.3M free. May 19 14:48:43.303063 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:48:43.303137 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:48:43.311730 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:48:43.649022 osdx osdx-coredump[131571]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:48:43.657417 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:48:44.146263 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:48:44.229792 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:48:44.313526 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:48:44.401935 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:44.510951 osdx INFO[131591]: FRR daemons did not change May 19 14:48:44.535074 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:48:44.658136 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:48:44.688845 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:48:44.706467 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:48:44.842034 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:48:46.033205 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:48:46.097357 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:48:46.205962 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:48:46.276008 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 19 14:48:46.372691 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 19 14:48:46.445258 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 19 14:48:46.538654 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 19 14:48:46.595096 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 19 14:48:46.693412 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:48:46.754764 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 19 14:48:46.876775 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:46.956458 osdx INFO[131704]: FRR daemons did not change May 19 14:48:46.971968 osdx ca-certificates[131720]: Updating certificates in /etc/ssl/certs... May 19 14:48:47.497819 osdx ca-certificates[132724]: 1 added, 0 removed; done. May 19 14:48:47.501935 osdx ca-certificates[132730]: Running hooks in /etc/ca-certificates/update.d... May 19 14:48:47.504954 osdx ca-certificates[132732]: done. May 19 14:48:47.623343 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:48:47.624733 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:48:47.626859 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:48:47.644039 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:48:47.646603 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:48:47.646992 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Network connectivity detected May 19 14:48:47.647486 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Dropping privileges May 19 14:48:47.649983 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Network connectivity detected May 19 14:48:47.650037 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:48:47.650037 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:48:47.650037 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 19 14:48:47.650037 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Firefox workaround initialized May 19 14:48:47.650037 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_ckiwept] May 19 14:48:47.779209 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] [RD] OK (DoH) - rtt: 103ms May 19 14:48:47.779209 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] Server with the lowest initial latency: RD (rtt: 103ms) May 19 14:48:47.779209 osdx dnscrypt-proxy[132792]: [2025-05-19 14:48:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:48:43.286940 osdx systemd-journald[1727]: Runtime Journal (/run/log/journal/84645c9b514a44e9b4e3e764dfb17349) is 1004.0K, max 7.2M, 6.2M free. May 19 14:48:43.287415 osdx systemd-journald[1727]: Received client request to rotate journal, rotating. May 19 14:48:43.287460 osdx systemd-journald[1727]: Vacuuming done, freed 0B of archived journals from /run/log/journal/84645c9b514a44e9b4e3e764dfb17349. May 19 14:48:43.296781 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal clear'. May 19 14:48:43.744683 osdx osdx-coredump[53452]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:48:43.752635 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:48:44.891701 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:48:45.049464 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 19 14:48:45.130246 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:48:45.223455 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service ssh'. May 19 14:48:45.301262 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:45.404547 osdx INFO[53479]: FRR daemons did not change May 19 14:48:45.427434 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:48:45.595775 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 19 14:48:45.607201 osdx sshd[53549]: Server listening on 0.0.0.0 port 22. May 19 14:48:45.607431 osdx sshd[53549]: Server listening on :: port 22. May 19 14:48:45.607545 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 19 14:48:45.628850 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:48:45.662396 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:48:45.680468 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:48:45.834084 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 19 14:48:47.820903 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:48:47.883043 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 19 14:48:47.978002 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 19 14:48:48.035121 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 19 14:48:48.144625 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 19 14:48:48.209348 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 19 14:48:48.316361 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 19 14:48:48.387860 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62'. May 19 14:48:48.499905 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:48.576679 osdx INFO[53606]: FRR daemons did not change May 19 14:48:48.589481 osdx ca-certificates[53622]: Updating certificates in /etc/ssl/certs... May 19 14:48:49.108655 osdx ca-certificates[54627]: 1 added, 0 removed; done. May 19 14:48:49.111677 osdx ca-certificates[54632]: Running hooks in /etc/ca-certificates/update.d... May 19 14:48:49.115569 osdx ca-certificates[54634]: done. May 19 14:48:49.191953 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:48:49.194150 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:48:49.197923 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:48:49.222125 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:48:49.263250 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:48:49.266394 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Network connectivity detected May 19 14:48:49.266646 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Dropping privileges May 19 14:48:49.268767 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Network connectivity detected May 19 14:48:49.268861 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:48:49.268897 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:48:49.268939 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Firefox workaround initialized May 19 14:48:49.268968 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgbnnhwp_] May 19 14:48:49.381621 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal show | cat'. May 19 14:48:49.428583 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] [DUT0] OK (DoH) - rtt: 99ms May 19 14:48:49.428583 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 99ms) May 19 14:48:49.428583 osdx dnscrypt-proxy[54641]: [2025-05-19 14:48:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:48:57.290692 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.3M free. May 19 14:48:57.294034 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:48:57.294079 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:48:57.299942 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:48:57.626080 osdx osdx-coredump[134432]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:48:57.633605 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:48:58.172509 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:48:58.255520 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:48:58.357140 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:48:58.442983 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:58.556935 osdx INFO[134452]: FRR daemons did not change May 19 14:48:58.578042 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:48:58.681598 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:48:58.708315 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:48:58.727533 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:48:58.901126 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:49:00.119871 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 19 14:49:00.281761 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:00.359785 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:49:00.458130 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:49:00.516532 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 19 14:49:00.609285 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 19 14:49:00.668380 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 19 14:49:00.768431 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 19 14:49:00.826660 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:49:00.927068 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 19 14:49:01.076800 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:01.157446 osdx INFO[134567]: FRR daemons did not change May 19 14:49:01.173944 osdx ca-certificates[134583]: Updating certificates in /etc/ssl/certs... May 19 14:49:01.693341 osdx ca-certificates[135590]: 1 added, 0 removed; done. May 19 14:49:01.697139 osdx ca-certificates[135596]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:01.700871 osdx ca-certificates[135598]: done. May 19 14:49:01.802387 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:01.803588 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:01.807062 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:01.839913 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:49:01.842840 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:01.843092 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Network connectivity detected May 19 14:49:01.843202 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Dropping privileges May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Network connectivity detected May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Firefox workaround initialized May 19 14:49:01.845637 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpc1jr948f] May 19 14:49:01.979068 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] [RD] OK (DoH) - rtt: 108ms May 19 14:49:01.979068 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 108ms) May 19 14:49:01.979068 osdx dnscrypt-proxy[135658]: [2025-05-19 14:49:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:49:02.006990 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:48:57.265309 osdx systemd-journald[1727]: Runtime Journal (/run/log/journal/84645c9b514a44e9b4e3e764dfb17349) is 1016.0K, max 7.2M, 6.2M free. May 19 14:48:57.265810 osdx systemd-journald[1727]: Received client request to rotate journal, rotating. May 19 14:48:57.265861 osdx systemd-journald[1727]: Vacuuming done, freed 0B of archived journals from /run/log/journal/84645c9b514a44e9b4e3e764dfb17349. May 19 14:48:57.274677 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal clear'. May 19 14:48:57.699265 osdx osdx-coredump[56258]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:48:57.706951 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:48:58.981967 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:48:59.102928 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 19 14:48:59.158546 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:48:59.265208 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service ssh'. May 19 14:48:59.360472 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:48:59.477175 osdx INFO[56285]: FRR daemons did not change May 19 14:48:59.497739 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:48:59.653958 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 19 14:48:59.665609 osdx sshd[56355]: Server listening on 0.0.0.0 port 22. May 19 14:48:59.665793 osdx sshd[56355]: Server listening on :: port 22. May 19 14:48:59.665895 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 19 14:48:59.687371 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:48:59.713363 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:48:59.736178 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:48:59.904090 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 19 14:49:04.164318 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62'. May 19 14:49:04.299851 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:49:04.366438 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 19 14:49:04.455391 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 19 14:49:04.514979 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 19 14:49:04.653228 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 19 14:49:04.724560 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:04.844039 osdx INFO[56415]: FRR daemons did not change May 19 14:49:04.858350 osdx ca-certificates[56430]: Updating certificates in /etc/ssl/certs... May 19 14:49:05.348793 osdx ca-certificates[57435]: 1 added, 0 removed; done. May 19 14:49:05.351940 osdx ca-certificates[57441]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:05.354888 osdx ca-certificates[57443]: done. May 19 14:49:05.422145 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:05.423928 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:49:05.427603 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:49:05.444827 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:49:05.447261 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:05.447561 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Network connectivity detected May 19 14:49:05.447863 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Dropping privileges May 19 14:49:05.450490 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Network connectivity detected May 19 14:49:05.450539 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:05.450539 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:05.450590 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Firefox workaround initialized May 19 14:49:05.450590 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyuw2u5pf] May 19 14:49:05.610296 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal show | cat'. May 19 14:49:05.638771 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] [DUT0] OK (DoH) - rtt: 112ms May 19 14:49:05.638771 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 112ms) May 19 14:49:05.638771 osdx dnscrypt-proxy[57450]: [2025-05-19 14:49:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 19 14:49:14.322062 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.2M free. May 19 14:49:14.324617 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:49:14.324659 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:49:14.331345 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:49:14.693899 osdx osdx-coredump[137305]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:49:14.701536 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:49:15.200569 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:15.276667 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:49:15.365159 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:49:15.448666 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:15.550175 osdx INFO[137325]: FRR daemons did not change May 19 14:49:15.572635 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:49:15.670715 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:15.696007 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:15.713052 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:49:15.857042 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:49:16.916574 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 19 14:49:17.050922 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:17.120405 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:49:17.230961 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:49:17.290952 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 19 14:49:17.398594 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 19 14:49:17.477026 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 19 14:49:17.580587 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7'. May 19 14:49:17.631385 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:49:17.736331 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 19 14:49:17.836758 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 19 14:49:17.896917 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 19 14:49:18.014212 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:18.101677 osdx INFO[137441]: FRR daemons did not change May 19 14:49:18.114456 osdx ca-certificates[137456]: Updating certificates in /etc/ssl/certs... May 19 14:49:18.608331 osdx ca-certificates[138461]: 1 added, 0 removed; done. May 19 14:49:18.611087 osdx ca-certificates[138467]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:18.613857 osdx ca-certificates[138469]: done. May 19 14:49:18.736871 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:18.738812 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:18.744288 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:18.785617 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:18.785819 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Network connectivity detected May 19 14:49:18.785909 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Dropping privileges May 19 14:49:18.788132 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Network connectivity detected May 19 14:49:18.788165 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:18.788165 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:18.788192 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 19 14:49:18.788233 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Firefox workaround initialized May 19 14:49:18.788233 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpzsrk2umm] May 19 14:49:18.788813 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 19 14:49:18.788813 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 19 14:49:18.788874 osdx dnscrypt-proxy[138529]: [2025-05-19 14:49:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:49:18.798302 osdx OSDxCLI[2756]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:49:14.285493 osdx systemd-journald[1727]: Runtime Journal (/run/log/journal/84645c9b514a44e9b4e3e764dfb17349) is 1.0M, max 7.2M, 6.2M free. May 19 14:49:14.286851 osdx systemd-journald[1727]: Received client request to rotate journal, rotating. May 19 14:49:14.286915 osdx systemd-journald[1727]: Vacuuming done, freed 0B of archived journals from /run/log/journal/84645c9b514a44e9b4e3e764dfb17349. May 19 14:49:14.298069 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal clear'. May 19 14:49:14.772034 osdx osdx-coredump[59067]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:49:14.779807 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:49:15.865350 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:49:15.942053 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 19 14:49:16.028287 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:49:16.084861 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service ssh'. May 19 14:49:16.195936 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:16.273182 osdx INFO[59094]: FRR daemons did not change May 19 14:49:16.294840 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:49:16.451232 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 19 14:49:16.464933 osdx sshd[59164]: Server listening on 0.0.0.0 port 22. May 19 14:49:16.465201 osdx sshd[59164]: Server listening on :: port 22. May 19 14:49:16.465354 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 19 14:49:16.489331 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:49:16.517984 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:49:16.534655 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:49:16.689403 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 19 14:49:18.994819 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:49:19.060378 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 19 14:49:19.162990 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 19 14:49:19.225704 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 19 14:49:19.326183 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 19 14:49:19.387020 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 19 14:49:19.519751 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 19 14:49:19.605860 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62'. May 19 14:49:19.732534 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:19.804549 osdx INFO[59221]: FRR daemons did not change May 19 14:49:19.816760 osdx ca-certificates[59237]: Updating certificates in /etc/ssl/certs... May 19 14:49:20.292621 osdx ca-certificates[60241]: 1 added, 0 removed; done. May 19 14:49:20.296130 osdx ca-certificates[60247]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:20.298815 osdx ca-certificates[60249]: done. May 19 14:49:20.403230 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:20.405384 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:49:20.410283 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:49:20.425610 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:20.425804 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Network connectivity detected May 19 14:49:20.425966 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Dropping privileges May 19 14:49:20.429196 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:49:20.430706 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Network connectivity detected May 19 14:49:20.430706 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:20.430706 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:20.430706 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Firefox workaround initialized May 19 14:49:20.430706 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdi4koj5h] May 19 14:49:20.612084 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal show | cat'. May 19 14:49:20.622362 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] [DUT0] OK (DoH) - rtt: 149ms May 19 14:49:20.622362 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 149ms) May 19 14:49:20.622362 osdx dnscrypt-proxy[60256]: [2025-05-19 14:49:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 19 14:49:28.302129 osdx systemd-journald[1859]: Runtime Journal (/run/log/journal/dd53a6d251524eaf96fe5f49da605cd5) is 2.0M, max 15.3M, 13.2M free. May 19 14:49:28.302574 osdx systemd-journald[1859]: Received client request to rotate journal, rotating. May 19 14:49:28.302612 osdx systemd-journald[1859]: Vacuuming done, freed 0B of archived journals from /run/log/journal/dd53a6d251524eaf96fe5f49da605cd5. May 19 14:49:28.312202 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system journal clear'. May 19 14:49:28.631481 osdx osdx-coredump[140169]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:49:28.639166 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:49:29.099980 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:29.176956 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 14:49:29.275612 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:49:29.346590 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:29.450565 osdx INFO[140189]: FRR daemons did not change May 19 14:49:29.474441 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:49:29.602574 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:29.629408 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:29.660903 osdx OSDxCLI[2756]: User 'admin' left the configuration menu. May 19 14:49:29.880422 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 14:49:31.073462 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 19 14:49:31.165900 osdx OSDxCLI[2756]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443'. May 19 14:49:31.322973 osdx OSDxCLI[2756]: User 'admin' entered the configuration menu. May 19 14:49:31.381950 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 19 14:49:31.474191 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 19 14:49:31.543267 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 19 14:49:31.638859 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 19 14:49:31.699745 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 19 14:49:31.824219 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 19 14:49:31.890927 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 19 14:49:32.005752 osdx OSDxCLI[2756]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:32.079787 osdx INFO[140305]: FRR daemons did not change May 19 14:49:32.092033 osdx ca-certificates[140321]: Updating certificates in /etc/ssl/certs... May 19 14:49:32.582157 osdx ca-certificates[141325]: 1 added, 0 removed; done. May 19 14:49:32.585004 osdx ca-certificates[141331]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:32.588176 osdx ca-certificates[141333]: done. May 19 14:49:32.710857 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:32.712327 osdx cfgd[1649]: [2756]Completed change to active configuration May 19 14:49:32.714962 osdx OSDxCLI[2756]: User 'admin' committed the configuration. May 19 14:49:32.733149 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:32.733391 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Network connectivity detected May 19 14:49:32.733417 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Dropping privileges May 19 14:49:32.735413 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Network connectivity detected May 19 14:49:32.735413 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:32.735413 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:32.735488 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 19 14:49:32.735488 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Firefox workaround initialized May 19 14:49:32.735488 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4sur516_] May 19 14:49:32.736129 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 19 14:49:32.736129 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 19 14:49:32.736183 osdx dnscrypt-proxy[141393]: [2025-05-19 14:49:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:49:32.768221 osdx OSDxCLI[2756]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 19 14:49:28.262904 osdx systemd-journald[1727]: Runtime Journal (/run/log/journal/84645c9b514a44e9b4e3e764dfb17349) is 1.0M, max 7.2M, 6.2M free. May 19 14:49:28.264431 osdx systemd-journald[1727]: Received client request to rotate journal, rotating. May 19 14:49:28.264485 osdx systemd-journald[1727]: Vacuuming done, freed 0B of archived journals from /run/log/journal/84645c9b514a44e9b4e3e764dfb17349. May 19 14:49:28.274571 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal clear'. May 19 14:49:28.686996 osdx osdx-coredump[61874]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 19 14:49:28.694699 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system coredump delete all'. May 19 14:49:29.969527 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:49:30.069018 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 19 14:49:30.150458 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 19 14:49:30.265391 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service ssh'. May 19 14:49:30.341422 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:30.454109 osdx INFO[61901]: FRR daemons did not change May 19 14:49:30.472431 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 14:49:30.636843 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 19 14:49:30.647877 osdx sshd[61971]: Server listening on 0.0.0.0 port 22. May 19 14:49:30.648077 osdx sshd[61971]: Server listening on :: port 22. May 19 14:49:30.648182 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 19 14:49:30.671609 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:49:30.702893 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:49:30.721615 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:49:30.874332 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 19 14:49:32.930915 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 0a1638674f4c54badcba02a103614c7cd897c48a18ed79a49a187daa47fbff62'. May 19 14:49:33.073610 osdx OSDxCLI[1965]: User 'admin' entered the configuration menu. May 19 14:49:33.139178 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 19 14:49:33.234888 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 19 14:49:33.304892 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 19 14:49:33.424976 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgChY4Z09MVLrcugKhA2FMfNiXxIoY7Xmkmhh9qkf7_2INZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 19 14:49:33.501221 osdx OSDxCLI[1965]: User 'admin' added a new cfg line: 'show working'. May 19 14:49:33.631892 osdx INFO[62028]: FRR daemons did not change May 19 14:49:33.648638 osdx ca-certificates[62044]: Updating certificates in /etc/ssl/certs... May 19 14:49:34.215497 osdx ca-certificates[63049]: 1 added, 0 removed; done. May 19 14:49:34.218451 osdx ca-certificates[63054]: Running hooks in /etc/ca-certificates/update.d... May 19 14:49:34.221262 osdx ca-certificates[63056]: done. May 19 14:49:34.292724 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 19 14:49:34.294441 osdx cfgd[1434]: [1965]Completed change to active configuration May 19 14:49:34.297926 osdx OSDxCLI[1965]: User 'admin' committed the configuration. May 19 14:49:34.322497 osdx OSDxCLI[1965]: User 'admin' left the configuration menu. May 19 14:49:34.333930 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] dnscrypt-proxy 2.0.45 May 19 14:49:34.334166 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Network connectivity detected May 19 14:49:34.334362 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Dropping privileges May 19 14:49:34.336367 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Network connectivity detected May 19 14:49:34.336431 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 19 14:49:34.336431 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 19 14:49:34.336482 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Firefox workaround initialized May 19 14:49:34.336482 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprce70evd] May 19 14:49:34.488568 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] [DUT0] OK (DoH) - rtt: 107ms May 19 14:49:34.488568 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 107ms) May 19 14:49:34.488568 osdx dnscrypt-proxy[63063]: [2025-05-19 14:49:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 19 14:49:34.489701 osdx OSDxCLI[1965]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13