Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:26:09.418955 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:26:09.421033 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:26:09.421126 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:26:09.439983 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:26:10.027926 osdx osdx-coredump[131712]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:26:10.042075 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:26:10.895853 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:26:11.069849 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:26:11.192418 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:26:11.352171 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:11.497653 osdx ubnt-cfgd[131734]: inactive Mar 21 16:26:11.605694 osdx INFO[131746]: FRR daemons did not change Mar 21 16:26:11.797148 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:26:11.815281 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:26:11.893564 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:26:12.125656 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:26:14.847846 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:26:14.992023 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:26:15.176754 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:26:15.336476 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 21 16:26:15.509236 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 21 16:26:15.687390 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 21 16:26:15.874221 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 21 16:26:16.043859 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 21 16:26:16.203818 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:26:16.377158 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 21 16:26:16.617791 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:16.824141 osdx ubnt-cfgd[131905]: inactive Mar 21 16:26:16.999129 osdx INFO[131917]: FRR daemons did not change Mar 21 16:26:17.023232 osdx ca-certificates[131932]: Updating certificates in /etc/ssl/certs... Mar 21 16:26:18.405634 osdx ca-certificates[132937]: 1 added, 0 removed; done. Mar 21 16:26:18.411072 osdx ca-certificates[132943]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:26:18.416116 osdx ca-certificates[132945]: done. Mar 21 16:26:18.702539 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:26:18.709231 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:26:18.715069 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:26:18.762365 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:26:18.762944 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Network connectivity detected Mar 21 16:26:18.763491 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Dropping privileges Mar 21 16:26:18.779124 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:26:18.783196 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Network connectivity detected Mar 21 16:26:18.783350 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:26:18.783350 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:26:18.783350 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 21 16:26:18.783508 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Firefox workaround initialized Mar 21 16:26:18.783508 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0razc_7b] Mar 21 16:26:18.937671 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] [RD] OK (DoH) - rtt: 79ms Mar 21 16:26:18.937671 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] Server with the lowest initial latency: RD (rtt: 79ms) Mar 21 16:26:18.937671 osdx dnscrypt-proxy[133005]: [2025-03-21 16:26:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:26:09.405491 osdx systemd-journald[1788]: Runtime Journal (/run/log/journal/861e844a51d845da80ca1ef91808d3be) is 992.0K, max 7.2M, 6.2M free. Mar 21 16:26:09.406286 osdx systemd-journald[1788]: Received client request to rotate journal, rotating. Mar 21 16:26:09.406360 osdx systemd-journald[1788]: Vacuuming done, freed 0B of archived journals from /run/log/journal/861e844a51d845da80ca1ef91808d3be. Mar 21 16:26:09.421536 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:26:10.232344 osdx osdx-coredump[32523]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:26:10.248880 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:26:12.361382 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:26:12.535074 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 21 16:26:12.701579 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:26:12.992294 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service ssh'. Mar 21 16:26:13.151594 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:13.300589 osdx ubnt-cfgd[32546]: inactive Mar 21 16:26:13.690882 osdx INFO[32564]: FRR daemons did not change Mar 21 16:26:14.039555 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 21 16:26:14.078055 osdx sshd[32678]: Server listening on 0.0.0.0 port 22. Mar 21 16:26:14.078512 osdx sshd[32678]: Server listening on :: port 22. Mar 21 16:26:14.078755 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 21 16:26:14.122111 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:26:14.145551 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:26:14.192849 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:26:14.459968 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 21 16:26:19.314174 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:26:19.442736 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 21 16:26:19.641835 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 21 16:26:19.812452 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 21 16:26:20.031169 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 21 16:26:20.196101 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 21 16:26:20.338335 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 21 16:26:20.478244 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0'. Mar 21 16:26:20.672093 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:20.876794 osdx ubnt-cfgd[32737]: inactive Mar 21 16:26:21.114124 osdx INFO[32749]: FRR daemons did not change Mar 21 16:26:21.146148 osdx ca-certificates[32764]: Updating certificates in /etc/ssl/certs... Mar 21 16:26:22.373084 osdx ca-certificates[33768]: 1 added, 0 removed; done. Mar 21 16:26:22.378105 osdx ca-certificates[33775]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:26:22.382994 osdx ca-certificates[33777]: done. Mar 21 16:26:22.518971 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:26:22.521147 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:26:22.526108 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:26:22.563869 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:26:22.564318 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Network connectivity detected Mar 21 16:26:22.564730 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Dropping privileges Mar 21 16:26:22.569561 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:26:22.577345 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Network connectivity detected Mar 21 16:26:22.577345 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:26:22.577345 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:26:22.577345 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Firefox workaround initialized Mar 21 16:26:22.577345 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplk4p14st] Mar 21 16:26:22.722434 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] [DUT0] OK (DoH) - rtt: 52ms Mar 21 16:26:22.722434 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 52ms) Mar 21 16:26:22.722434 osdx dnscrypt-proxy[33784]: [2025-03-21 16:26:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:26:35.495093 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free. Mar 21 16:26:35.496225 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:26:35.496307 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:26:35.514722 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:26:36.148386 osdx osdx-coredump[134704]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:26:36.161001 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:26:37.363984 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:26:37.570594 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:26:37.684460 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:26:37.927367 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:38.059434 osdx ubnt-cfgd[134726]: inactive Mar 21 16:26:38.220121 osdx INFO[134738]: FRR daemons did not change Mar 21 16:26:38.581015 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:26:38.614656 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:26:38.690138 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:26:38.989413 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:26:41.698117 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'. Mar 21 16:26:41.950313 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:26:42.136615 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:26:42.328149 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:26:42.539771 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDc18edUX7wNeEuuBVtY1mI-Qt2tfRd4Baq1k_Lj8mYugpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 21 16:26:42.778672 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 21 16:26:42.911618 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 21 16:26:43.062737 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 21 16:26:43.213151 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:26:43.372861 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 21 16:26:43.629756 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:43.818612 osdx ubnt-cfgd[134899]: inactive Mar 21 16:26:43.945840 osdx INFO[134911]: FRR daemons did not change Mar 21 16:26:43.986425 osdx ca-certificates[134927]: Updating certificates in /etc/ssl/certs... Mar 21 16:26:45.218855 osdx ca-certificates[135931]: 1 added, 0 removed; done. Mar 21 16:26:45.224041 osdx ca-certificates[135937]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:26:45.234537 osdx ca-certificates[135939]: done. Mar 21 16:26:45.464335 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:26:45.473289 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:26:45.497431 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:26:45.525390 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:26:45.525390 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Network connectivity detected Mar 21 16:26:45.525390 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Dropping privileges Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Network connectivity detected Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Firefox workaround initialized Mar 21 16:26:45.548790 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4k0048zk] Mar 21 16:26:45.565012 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:26:45.729498 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] [RD] OK (DoH) - rtt: 141ms Mar 21 16:26:45.729707 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 141ms) Mar 21 16:26:45.729769 osdx dnscrypt-proxy[135999]: [2025-03-21 16:26:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:26:35.482006 osdx systemd-journald[1788]: Runtime Journal (/run/log/journal/861e844a51d845da80ca1ef91808d3be) is 1020.0K, max 7.2M, 6.2M free. Mar 21 16:26:35.482617 osdx systemd-journald[1788]: Received client request to rotate journal, rotating. Mar 21 16:26:35.482682 osdx systemd-journald[1788]: Vacuuming done, freed 0B of archived journals from /run/log/journal/861e844a51d845da80ca1ef91808d3be. Mar 21 16:26:35.498694 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:26:36.350384 osdx osdx-coredump[35456]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:26:36.370431 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:26:39.216507 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:26:39.484600 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 21 16:26:39.623882 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:26:39.797061 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service ssh'. Mar 21 16:26:39.982331 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:40.164366 osdx ubnt-cfgd[35479]: inactive Mar 21 16:26:40.409923 osdx INFO[35497]: FRR daemons did not change Mar 21 16:26:40.763616 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 21 16:26:40.799247 osdx sshd[35611]: Server listening on 0.0.0.0 port 22. Mar 21 16:26:40.799289 osdx sshd[35611]: Server listening on :: port 22. Mar 21 16:26:40.799784 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 21 16:26:40.870719 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:26:40.895070 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:26:40.966792 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:26:41.243591 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 21 16:26:45.989996 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0'. Mar 21 16:26:46.226278 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:26:46.370762 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 21 16:26:46.503117 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 21 16:26:46.661035 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 21 16:26:46.849353 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 21 16:26:47.015908 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:26:47.139133 osdx ubnt-cfgd[35672]: inactive Mar 21 16:26:47.256987 osdx INFO[35684]: FRR daemons did not change Mar 21 16:26:47.276582 osdx ca-certificates[35699]: Updating certificates in /etc/ssl/certs... Mar 21 16:26:48.372543 osdx ca-certificates[36703]: 1 added, 0 removed; done. Mar 21 16:26:48.377170 osdx ca-certificates[36710]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:26:48.385795 osdx ca-certificates[36712]: done. Mar 21 16:26:48.503502 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:26:48.507633 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:26:48.529636 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:26:48.567672 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:26:48.567672 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Network connectivity detected Mar 21 16:26:48.567672 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Dropping privileges Mar 21 16:26:48.571890 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Network connectivity detected Mar 21 16:26:48.572070 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:26:48.572141 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:26:48.572224 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Firefox workaround initialized Mar 21 16:26:48.572314 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7t9_k2to] Mar 21 16:26:48.596881 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:26:48.800768 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] [DUT0] OK (DoH) - rtt: 102ms Mar 21 16:26:48.800768 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 102ms) Mar 21 16:26:48.800768 osdx dnscrypt-proxy[36719]: [2025-03-21 16:26:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 21 16:27:00.428699 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:27:00.430445 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:27:00.430521 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:27:00.448725 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:27:01.237646 osdx osdx-coredump[137700]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:27:01.255714 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:27:02.542171 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:27:02.768723 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:27:02.919906 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:27:03.084695 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:03.239401 osdx ubnt-cfgd[137725]: inactive Mar 21 16:27:03.416994 osdx INFO[137737]: FRR daemons did not change Mar 21 16:27:03.656833 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:27:03.677820 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:27:03.710520 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:27:03.946921 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:27:05.907624 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 21 16:27:06.171894 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:27:06.337542 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:27:06.485557 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:27:06.651445 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 21 16:27:06.878741 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 21 16:27:07.012399 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 21 16:27:07.196678 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71'. Mar 21 16:27:07.341007 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:27:07.475702 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 21 16:27:07.655872 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 21 16:27:07.786024 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 21 16:27:07.984171 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:08.151815 osdx ubnt-cfgd[137899]: inactive Mar 21 16:27:08.302918 osdx INFO[137911]: FRR daemons did not change Mar 21 16:27:08.332127 osdx ca-certificates[137927]: Updating certificates in /etc/ssl/certs... Mar 21 16:27:09.320631 osdx ca-certificates[138931]: 1 added, 0 removed; done. Mar 21 16:27:09.326042 osdx ca-certificates[138937]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:27:09.331537 osdx ca-certificates[138939]: done. Mar 21 16:27:09.514966 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:27:09.517894 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:27:09.522854 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:27:09.556214 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:27:09.556516 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Network connectivity detected Mar 21 16:27:09.556674 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Dropping privileges Mar 21 16:27:09.559826 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Network connectivity detected Mar 21 16:27:09.559909 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:27:09.559909 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:27:09.559909 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 21 16:27:09.559909 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Firefox workaround initialized Mar 21 16:27:09.560056 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4n_i4073] Mar 21 16:27:09.560806 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 21 16:27:09.560806 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 21 16:27:09.560902 osdx dnscrypt-proxy[138999]: [2025-03-21 16:27:09] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 21 16:27:09.581724 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:27:00.442887 osdx systemd-journald[1788]: Runtime Journal (/run/log/journal/861e844a51d845da80ca1ef91808d3be) is 1.0M, max 7.2M, 6.2M free. Mar 21 16:27:00.445515 osdx systemd-journald[1788]: Received client request to rotate journal, rotating. Mar 21 16:27:00.445607 osdx systemd-journald[1788]: Vacuuming done, freed 0B of archived journals from /run/log/journal/861e844a51d845da80ca1ef91808d3be. Mar 21 16:27:00.463062 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:27:01.450624 osdx osdx-coredump[38389]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:27:01.479508 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:27:04.055476 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:27:04.209373 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 21 16:27:04.330668 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:27:04.465209 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service ssh'. Mar 21 16:27:04.674604 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:04.790366 osdx ubnt-cfgd[38415]: inactive Mar 21 16:27:04.954355 osdx INFO[38433]: FRR daemons did not change Mar 21 16:27:05.246015 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 21 16:27:05.267156 osdx sshd[38547]: Server listening on 0.0.0.0 port 22. Mar 21 16:27:05.267514 osdx sshd[38547]: Server listening on :: port 22. Mar 21 16:27:05.267737 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 21 16:27:05.304159 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:27:05.321329 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:27:05.355077 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:27:05.574382 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 21 16:27:10.024369 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:27:10.207258 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 21 16:27:10.345070 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 21 16:27:10.542734 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 21 16:27:10.715781 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 21 16:27:10.899710 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 21 16:27:11.051176 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 21 16:27:11.205210 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0'. Mar 21 16:27:11.413208 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:11.562237 osdx ubnt-cfgd[38606]: inactive Mar 21 16:27:11.712723 osdx INFO[38618]: FRR daemons did not change Mar 21 16:27:11.736006 osdx ca-certificates[38634]: Updating certificates in /etc/ssl/certs... Mar 21 16:27:12.964168 osdx ca-certificates[39637]: 1 added, 0 removed; done. Mar 21 16:27:12.969043 osdx ca-certificates[39644]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:27:12.974148 osdx ca-certificates[39646]: done. Mar 21 16:27:13.114691 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:27:13.125275 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:27:13.136589 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:27:13.181208 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:27:13.181703 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Network connectivity detected Mar 21 16:27:13.182127 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Dropping privileges Mar 21 16:27:13.208127 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:27:13.212224 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Network connectivity detected Mar 21 16:27:13.212224 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:27:13.212224 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:27:13.212819 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Firefox workaround initialized Mar 21 16:27:13.212819 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptcdjnw59] Mar 21 16:27:13.474949 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] [DUT0] OK (DoH) - rtt: 64ms Mar 21 16:27:13.474949 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 64ms) Mar 21 16:27:13.474949 osdx dnscrypt-proxy[39653]: [2025-03-21 16:27:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 21 16:27:13.487789 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 21 16:27:28.535382 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free. Mar 21 16:27:28.536916 osdx systemd-journald[1986]: Received client request to rotate journal, rotating. Mar 21 16:27:28.536996 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec. Mar 21 16:27:28.559121 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:27:29.224333 osdx osdx-coredump[140700]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:27:29.241816 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:27:30.338897 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:27:30.570025 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 21 16:27:30.697636 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:27:30.883456 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:31.034448 osdx ubnt-cfgd[140722]: inactive Mar 21 16:27:31.187526 osdx INFO[140734]: FRR daemons did not change Mar 21 16:27:31.379339 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:27:31.399219 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:27:31.451912 osdx OSDxCLI[2248]: User 'admin' left the configuration menu. Mar 21 16:27:31.678906 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 16:27:34.329964 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 21 16:27:34.584375 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 91:74:77:ba:03:ee:9d:53:19:0f:1e:0b:08:ff:67:d1:39:7e:7b:ee:33:f3:27:6d:a8:34:cc:44:9b:3b:e6:71 ip 10.215.168.1 port 8443'. Mar 21 16:27:34.857685 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu. Mar 21 16:27:35.034336 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 21 16:27:35.177171 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 21 16:27:35.335330 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIJF0d7oD7p1TGQ8eCwj_Z9E5fnvuM_Mnbag0zESbO-ZxGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 21 16:27:35.465122 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 21 16:27:35.602014 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 21 16:27:35.779003 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 21 16:27:35.995668 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 21 16:27:36.195723 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:36.377992 osdx ubnt-cfgd[140896]: inactive Mar 21 16:27:36.521480 osdx INFO[140908]: FRR daemons did not change Mar 21 16:27:36.548763 osdx ca-certificates[140924]: Updating certificates in /etc/ssl/certs... Mar 21 16:27:38.028327 osdx ca-certificates[141928]: 1 added, 0 removed; done. Mar 21 16:27:38.033240 osdx ca-certificates[141934]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:27:38.039312 osdx ca-certificates[141936]: done. Mar 21 16:27:38.213480 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:27:38.215782 osdx cfgd[1672]: [2248]Completed change to active configuration Mar 21 16:27:38.224945 osdx OSDxCLI[2248]: User 'admin' committed the configuration. Mar 21 16:27:38.266341 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:27:38.266632 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Network connectivity detected Mar 21 16:27:38.266881 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Dropping privileges Mar 21 16:27:38.270517 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Network connectivity detected Mar 21 16:27:38.270517 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:27:38.270517 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:27:38.270517 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 21 16:27:38.270916 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Firefox workaround initialized Mar 21 16:27:38.270916 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvw_jc7_v] Mar 21 16:27:38.273918 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] [RD] OK (DNSCrypt) - rtt: 2ms Mar 21 16:27:38.273918 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] Server with the lowest initial latency: RD (rtt: 2ms) Mar 21 16:27:38.273918 osdx dnscrypt-proxy[141996]: [2025-03-21 16:27:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 21 16:27:38.290100 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 21 16:27:28.489122 osdx systemd-journald[1788]: Runtime Journal (/run/log/journal/861e844a51d845da80ca1ef91808d3be) is 1.0M, max 7.2M, 6.2M free. Mar 21 16:27:28.491367 osdx systemd-journald[1788]: Received client request to rotate journal, rotating. Mar 21 16:27:28.491473 osdx systemd-journald[1788]: Vacuuming done, freed 0B of archived journals from /run/log/journal/861e844a51d845da80ca1ef91808d3be. Mar 21 16:27:28.506169 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal clear'. Mar 21 16:27:29.451304 osdx osdx-coredump[41328]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 16:27:29.464580 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 16:27:31.825227 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:27:32.031151 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 21 16:27:32.236841 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 21 16:27:32.406224 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service ssh'. Mar 21 16:27:32.622121 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:32.746182 osdx ubnt-cfgd[41351]: inactive Mar 21 16:27:33.160503 osdx INFO[41369]: FRR daemons did not change Mar 21 16:27:33.484190 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 21 16:27:33.508290 osdx sshd[41483]: Server listening on 0.0.0.0 port 22. Mar 21 16:27:33.508675 osdx sshd[41483]: Server listening on :: port 22. Mar 21 16:27:33.508908 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 21 16:27:33.548888 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:27:33.570858 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:27:33.610313 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:27:33.904205 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 21 16:27:38.592744 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 8e70bf1f1781f804c8abb8c0390b1a35e4cf75b893d5e4d17d86bfd4ba157cd0'. Mar 21 16:27:38.835015 osdx OSDxCLI[2049]: User 'admin' entered the configuration menu. Mar 21 16:27:38.982452 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 21 16:27:39.141832 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 21 16:27:39.260914 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 21 16:27:39.416324 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgjnC_HxeB-ATIq7jAOQsaNeTPdbiT1eTRfYa_1LoVfNANZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 21 16:27:39.577908 osdx OSDxCLI[2049]: User 'admin' added a new cfg line: 'show working'. Mar 21 16:27:39.714740 osdx ubnt-cfgd[41542]: inactive Mar 21 16:27:39.876857 osdx INFO[41554]: FRR daemons did not change Mar 21 16:27:39.898483 osdx ca-certificates[41570]: Updating certificates in /etc/ssl/certs... Mar 21 16:27:41.282090 osdx ca-certificates[42573]: 1 added, 0 removed; done. Mar 21 16:27:41.287917 osdx ca-certificates[42580]: Running hooks in /etc/ca-certificates/update.d... Mar 21 16:27:41.293272 osdx ca-certificates[42582]: done. Mar 21 16:27:41.444132 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 21 16:27:41.446869 osdx cfgd[1473]: [2049]Completed change to active configuration Mar 21 16:27:41.453168 osdx OSDxCLI[2049]: User 'admin' committed the configuration. Mar 21 16:27:41.500872 osdx OSDxCLI[2049]: User 'admin' left the configuration menu. Mar 21 16:27:41.517695 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] dnscrypt-proxy 2.0.45 Mar 21 16:27:41.518140 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Network connectivity detected Mar 21 16:27:41.518569 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Dropping privileges Mar 21 16:27:41.522251 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Network connectivity detected Mar 21 16:27:41.522589 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 21 16:27:41.522714 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 21 16:27:41.522829 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Firefox workaround initialized Mar 21 16:27:41.522910 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6mbl7lcj] Mar 21 16:27:41.772073 osdx OSDxCLI[2049]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 16:27:41.907453 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] [DUT0] OK (DoH) - rtt: 101ms Mar 21 16:27:41.907453 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 101ms) Mar 21 16:27:41.907453 osdx dnscrypt-proxy[42589]: [2025-03-21 16:27:41] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13