Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 02 09:55:59.000212 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:55:59 UTC Jun 02 09:55:59.001344 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:55:59'. Jun 02 09:55:59.004447 osdx systemd-journald[148515]: Time jumped backwards, rotating. Jun 02 09:55:59.336370 osdx sudo[323914]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:55:59.339613 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 09:55:59.340447 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 09:55:59.340487 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 09:55:59.343517 osdx sudo[323913]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:55:59.349773 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'. Jun 02 09:55:59.569077 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 09:55:59.817362 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:55:59.930776 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 09:56:00.012049 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 09:56:00.075569 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:00.196945 osdx ubnt-cfgd[323940]: inactive Jun 02 09:56:00.242192 osdx INFO[323948]: FRR daemons did not change Jun 02 09:56:00.272456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 09:56:00.350268 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:00.365019 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:00.385071 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:00.575047 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 09:56:00.781170 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:00.894854 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 02 09:56:00.979093 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 02 09:56:01.144142 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 02 09:56:01.204009 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 02 09:56:01.322054 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'. Jun 02 09:56:01.386085 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 02 09:56:01.501071 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:01.598417 osdx ubnt-cfgd[324102]: inactive Jun 02 09:56:01.621075 osdx INFO[324110]: FRR daemons did not change Jun 02 09:56:01.624758 osdx sudo[324113]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:01.633624 osdx ca-certificates[324126]: Updating certificates in /etc/ssl/certs... Jun 02 09:56:02.197050 osdx ubnt-cfgd[325124]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 02 09:56:02.205617 osdx ca-certificates[325129]: 1 added, 0 removed; done. Jun 02 09:56:02.208663 osdx ca-certificates[325136]: Running hooks in /etc/ca-certificates/update.d... Jun 02 09:56:02.211586 osdx ca-certificates[325138]: done. Jun 02 09:56:02.304783 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 02 09:56:02.306042 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:02.308250 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:02.327201 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] dnscrypt-proxy 2.0.45 Jun 02 09:56:02.327446 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Network connectivity detected Jun 02 09:56:02.327519 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Dropping privileges Jun 02 09:56:02.329921 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Network connectivity detected Jun 02 09:56:02.329984 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 02 09:56:02.329984 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 02 09:56:02.329984 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Firefox workaround initialized Jun 02 09:56:02.329984 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:02] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpynbrii8j] Jun 02 09:56:02.338201 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:02.521897 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 09:56:03.379714 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:03] [CRITICAL] [RD] may be a lying resolver Jun 02 09:56:03.379714 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:03] [NOTICE] [RD] OK (DoH) - rtt: 1021ms Jun 02 09:56:03.380013 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 1021ms) Jun 02 09:56:03.380013 osdx dnscrypt-proxy[325195]: [2026-06-02 09:56:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCB2MV0ROemhlAz4XnlGogoGqwXJAPn5ohgP2KLq9oMvQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCB2MV0ROemhlAz4XnlGogoGqwXJAPn5ohgP2KLq9oMvQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 02 09:56:10.371394 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 09:56:10.373295 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 09:56:10.373339 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 09:56:10.376499 osdx sudo[326874]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:10.383176 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'. Jun 02 09:56:10.611942 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 09:56:10.843006 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:10.930399 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 09:56:11.031957 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 09:56:11.107150 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:11.225416 osdx ubnt-cfgd[326901]: inactive Jun 02 09:56:11.249211 osdx INFO[326909]: FRR daemons did not change Jun 02 09:56:11.277307 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 09:56:11.366756 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:11.381484 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:11.406645 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:11.590402 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 09:56:11.727857 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'. Jun 02 09:56:11.884742 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:11.944298 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 02 09:56:12.053841 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 02 09:56:12.134592 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCB2MV0ROemhlAz4XnlGogoGqwXJAPn5ohgP2KLq9oMvQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 02 09:56:12.234735 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 02 09:56:12.374095 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:12.435770 osdx ubnt-cfgd[327064]: inactive Jun 02 09:56:12.459755 osdx INFO[327072]: FRR daemons did not change Jun 02 09:56:12.467119 osdx sudo[327075]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:12.478391 osdx ca-certificates[327088]: Updating certificates in /etc/ssl/certs... Jun 02 09:56:12.981991 osdx ubnt-cfgd[328086]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 02 09:56:12.991647 osdx ca-certificates[328092]: 1 added, 0 removed; done. Jun 02 09:56:12.994620 osdx ca-certificates[328098]: Running hooks in /etc/ca-certificates/update.d... Jun 02 09:56:12.997616 osdx ca-certificates[328100]: done. Jun 02 09:56:13.113794 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 02 09:56:13.115708 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:13.118621 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:13.140656 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:13.142761 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] dnscrypt-proxy 2.0.45 Jun 02 09:56:13.143000 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Network connectivity detected Jun 02 09:56:13.143098 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Dropping privileges Jun 02 09:56:13.146458 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Network connectivity detected Jun 02 09:56:13.146525 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 02 09:56:13.146525 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 02 09:56:13.146525 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Firefox workaround initialized Jun 02 09:56:13.146525 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfqi25xvv] Jun 02 09:56:13.279466 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] [RD] OK (DoH) - rtt: 105ms Jun 02 09:56:13.279466 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] Server with the lowest initial latency: RD (rtt: 105ms) Jun 02 09:56:13.279575 osdx dnscrypt-proxy[328157]: [2026-06-02 09:56:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 02 09:56:18.000195 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:56:18 UTC Jun 02 09:56:18.001377 osdx systemd-journald[148515]: Time jumped backwards, rotating. Jun 02 09:56:18.001987 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:56:18'. Jun 02 09:56:18.345027 osdx sudo[329833]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:18.348955 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 09:56:18.349367 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 09:56:18.349404 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 09:56:18.354032 osdx sudo[329832]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:18.362074 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'. Jun 02 09:56:18.601207 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 09:56:18.862472 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:18.979020 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 09:56:19.034356 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 09:56:19.163572 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:19.224612 osdx ubnt-cfgd[329859]: inactive Jun 02 09:56:19.246782 osdx INFO[329867]: FRR daemons did not change Jun 02 09:56:19.277368 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 09:56:19.348357 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:19.360014 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:19.375911 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:19.522237 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 09:56:19.669206 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 02 09:56:19.809849 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:19.892970 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 02 09:56:20.004974 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 02 09:56:20.084013 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 02 09:56:20.230774 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 02 09:56:20.304413 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 02 09:56:20.405637 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d'. Jun 02 09:56:20.461291 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 02 09:56:20.582441 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:20.685612 osdx ubnt-cfgd[330024]: inactive Jun 02 09:56:20.710874 osdx INFO[330032]: FRR daemons did not change Jun 02 09:56:20.716137 osdx sudo[330035]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:20.726359 osdx ca-certificates[330047]: Updating certificates in /etc/ssl/certs... Jun 02 09:56:21.283185 osdx ubnt-cfgd[331046]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 02 09:56:21.292705 osdx ca-certificates[331051]: 1 added, 0 removed; done. Jun 02 09:56:21.296488 osdx ca-certificates[331058]: Running hooks in /etc/ca-certificates/update.d... Jun 02 09:56:21.299435 osdx ca-certificates[331060]: done. Jun 02 09:56:21.413756 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 02 09:56:21.415097 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:21.417324 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:21.435025 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] dnscrypt-proxy 2.0.45 Jun 02 09:56:21.435254 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Network connectivity detected Jun 02 09:56:21.435254 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Dropping privileges Jun 02 09:56:21.437795 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Network connectivity detected Jun 02 09:56:21.437878 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 02 09:56:21.437913 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 02 09:56:21.437964 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Firefox workaround initialized Jun 02 09:56:21.437996 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8swyzyys] Jun 02 09:56:21.438698 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 02 09:56:21.438745 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 02 09:56:21.438777 osdx dnscrypt-proxy[331117]: [2026-06-02 09:56:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 02 09:56:21.474746 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIHDaHMRHPjOLI3PFSGSNpswcZOwDsC87JclqfcbcWZdGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIHDaHMRHPjOLI3PFSGSNpswcZOwDsC87JclqfcbcWZdGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 02 09:56:27.314542 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 09:56:27.315099 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 09:56:27.315149 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 09:56:27.318579 osdx sudo[332793]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:27.326055 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'. Jun 02 09:56:27.539116 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 09:56:27.784388 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:27.869668 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 02 09:56:27.948173 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 02 09:56:28.055726 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:28.115873 osdx ubnt-cfgd[332820]: inactive Jun 02 09:56:28.136345 osdx INFO[332828]: FRR daemons did not change Jun 02 09:56:28.162702 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 09:56:28.236166 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:28.247590 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:28.288075 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:28.449646 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 09:56:28.578246 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 02 09:56:28.694643 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 81:c3:68:73:11:1c:f8:ce:2c:8d:cf:15:21:92:36:9b:30:71:93:b0:0e:c0:bc:ec:97:25:a9:f7:1b:71:66:5d ip 10.215.168.1 port 8443'. Jun 02 09:56:28.839718 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu. Jun 02 09:56:28.901533 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 02 09:56:29.016077 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 02 09:56:29.079598 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIIHDaHMRHPjOLI3PFSGSNpswcZOwDsC87JclqfcbcWZdGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 02 09:56:29.171158 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 02 09:56:29.243583 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'. Jun 02 09:56:29.338882 osdx ubnt-cfgd[332985]: inactive Jun 02 09:56:29.362839 osdx INFO[332993]: FRR daemons did not change Jun 02 09:56:29.367837 osdx sudo[332996]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 09:56:29.377415 osdx ca-certificates[333009]: Updating certificates in /etc/ssl/certs... Jun 02 09:56:29.917702 osdx ubnt-cfgd[334007]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 02 09:56:29.927101 osdx ca-certificates[334012]: 1 added, 0 removed; done. Jun 02 09:56:29.930753 osdx ca-certificates[334019]: Running hooks in /etc/ca-certificates/update.d... Jun 02 09:56:29.934443 osdx ca-certificates[334021]: done. Jun 02 09:56:30.038967 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 02 09:56:30.040130 osdx cfgd[1665]: [171599]Completed change to active configuration Jun 02 09:56:30.042459 osdx OSDxCLI[171599]: User 'admin' committed the configuration. Jun 02 09:56:30.059474 osdx OSDxCLI[171599]: User 'admin' left the configuration menu. Jun 02 09:56:30.070243 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] dnscrypt-proxy 2.0.45 Jun 02 09:56:30.070459 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Network connectivity detected Jun 02 09:56:30.070582 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Dropping privileges Jun 02 09:56:30.073462 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Network connectivity detected Jun 02 09:56:30.073506 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 02 09:56:30.073506 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 02 09:56:30.073506 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Firefox workaround initialized Jun 02 09:56:30.073506 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgdc8ad39] Jun 02 09:56:30.074138 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 02 09:56:30.074199 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 02 09:56:30.074231 osdx dnscrypt-proxy[334078]: [2026-06-02 09:56:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16