Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:13:43.348305 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.1M, max 15.3M, 13.2M free. Apr 10 20:13:43.350030 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:13:43.350093 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:13:43.359384 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:13:43.726364 osdx osdx-coredump[374778]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:13:43.734331 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:13:44.269795 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:13:44.413951 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:13:44.469193 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:13:44.608651 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:13:44.671506 osdx ubnt-cfgd[374796]: inactive Apr 10 20:13:44.704145 osdx INFO[374804]: FRR daemons did not change Apr 10 20:13:44.726040 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:13:44.800180 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:13:44.813936 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:13:44.832242 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:13:44.986962 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:13:45.160591 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:13:45.231983 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:13:45.370393 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:13:45.457598 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:13:45.564502 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:13:45.676273 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:13:45.753027 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:13:45.841884 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:13:46.046884 osdx ubnt-cfgd[374956]: inactive Apr 10 20:13:46.092513 osdx INFO[374964]: FRR daemons did not change Apr 10 20:13:46.112147 osdx ca-certificates[374980]: Updating certificates in /etc/ssl/certs... Apr 10 20:13:46.628550 osdx ca-certificates[375984]: 1 added, 0 removed; done. Apr 10 20:13:46.631676 osdx ca-certificates[375990]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:13:46.635390 osdx ca-certificates[375992]: done. Apr 10 20:13:46.726450 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:13:46.727923 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:13:46.731208 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:13:46.749669 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:13:46.749850 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Network connectivity detected Apr 10 20:13:46.749968 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Dropping privileges Apr 10 20:13:46.752555 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Network connectivity detected Apr 10 20:13:46.752589 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:13:46.752589 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:13:46.752626 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Firefox workaround initialized Apr 10 20:13:46.752626 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwa8dkzw9] Apr 10 20:13:46.761647 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:13:46.845724 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] [RD] OK (DoH) - rtt: 69ms Apr 10 20:13:46.845724 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 69ms) Apr 10 20:13:46.845724 osdx dnscrypt-proxy[376049]: [2025-04-10 20:13:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:13:52.312586 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:13:52.314802 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:13:52.314875 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:13:52.323559 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:13:52.652637 osdx osdx-coredump[377739]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:13:52.662536 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:13:53.148059 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:13:53.234011 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:13:53.319771 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:13:53.386937 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:13:53.475445 osdx ubnt-cfgd[377757]: inactive Apr 10 20:13:53.542358 osdx INFO[377765]: FRR daemons did not change Apr 10 20:13:53.566788 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:13:53.640793 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:13:53.652115 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:13:53.668886 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:13:53.831946 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:13:53.957514 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:13:54.104846 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:13:54.172831 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:13:54.278130 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:13:54.349594 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Apr 10 20:13:54.443358 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:13:54.516758 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:13:54.617241 osdx ubnt-cfgd[377918]: inactive Apr 10 20:13:54.674854 osdx INFO[377926]: FRR daemons did not change Apr 10 20:13:54.687133 osdx ca-certificates[377942]: Updating certificates in /etc/ssl/certs... Apr 10 20:13:55.158560 osdx ca-certificates[378946]: 1 added, 0 removed; done. Apr 10 20:13:55.161600 osdx ca-certificates[378952]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:13:55.164245 osdx ca-certificates[378954]: done. Apr 10 20:13:55.247109 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:13:55.248321 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:13:55.250781 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:13:55.269196 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:13:55.269788 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:13:55.269920 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Network connectivity detected Apr 10 20:13:55.270041 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Dropping privileges Apr 10 20:13:55.272291 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Network connectivity detected Apr 10 20:13:55.272324 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:13:55.272324 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:13:55.272356 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Firefox workaround initialized Apr 10 20:13:55.272356 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfgyspeu4] Apr 10 20:13:55.371867 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] [RD] OK (DoH) - rtt: 75ms Apr 10 20:13:55.371968 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] Server with the lowest initial latency: RD (rtt: 75ms) Apr 10 20:13:55.371995 osdx dnscrypt-proxy[379011]: [2025-04-10 20:13:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Apr 10 20:14:00.357820 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.2M free. Apr 10 20:14:00.359752 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:14:00.359828 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:14:00.368197 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:00.711911 osdx osdx-coredump[380703]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:00.721123 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:01.255576 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:01.340339 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:14:01.453367 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:01.584600 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:01.655294 osdx ubnt-cfgd[380721]: inactive Apr 10 20:14:01.726043 osdx INFO[380729]: FRR daemons did not change Apr 10 20:14:01.747756 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:01.843668 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:01.857160 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:01.875197 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:02.027569 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:14:02.247716 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 10 20:14:02.429293 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:02.519267 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:14:02.646711 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:14:02.715022 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Apr 10 20:14:02.820161 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Apr 10 20:14:02.891508 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Apr 10 20:14:02.995156 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c'. Apr 10 20:14:03.051350 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:14:03.197262 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:03.273007 osdx ubnt-cfgd[380887]: inactive Apr 10 20:14:03.305726 osdx INFO[380895]: FRR daemons did not change Apr 10 20:14:03.319694 osdx ca-certificates[380910]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:03.901300 osdx ca-certificates[381915]: 1 added, 0 removed; done. Apr 10 20:14:03.904584 osdx ca-certificates[381921]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:03.908330 osdx ca-certificates[381923]: done. Apr 10 20:14:04.032099 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:04.033421 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:04.036522 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:04.061762 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:04.061981 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Network connectivity detected Apr 10 20:14:04.062095 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Dropping privileges Apr 10 20:14:04.063367 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:04.064644 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Network connectivity detected Apr 10 20:14:04.064697 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:04.064697 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:04.064697 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Firefox workaround initialized Apr 10 20:14:04.064697 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpeevo5b2i] Apr 10 20:14:04.104431 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 39ms Apr 10 20:14:04.104431 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 39ms) Apr 10 20:14:04.104431 osdx dnscrypt-proxy[381980]: [2025-04-10 20:14:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Apr 10 20:14:09.303335 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.2M free. Apr 10 20:14:09.306973 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:14:09.307047 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:14:09.314347 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:09.674481 osdx osdx-coredump[383671]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:09.682100 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:10.192461 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:10.317485 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:14:10.371109 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:10.483973 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:10.543962 osdx ubnt-cfgd[383689]: inactive Apr 10 20:14:10.595105 osdx INFO[383697]: FRR daemons did not change Apr 10 20:14:10.614976 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:10.700640 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:10.713776 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:10.738033 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:10.883487 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:14:11.010019 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 10 20:14:11.104157 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443'. Apr 10 20:14:11.276127 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:11.340310 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:14:11.472680 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:14:11.540302 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Apr 10 20:14:11.634604 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:14:11.723792 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:11.900572 osdx ubnt-cfgd[383852]: inactive Apr 10 20:14:11.965464 osdx INFO[383860]: FRR daemons did not change Apr 10 20:14:11.980404 osdx ca-certificates[383876]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:12.517413 osdx ca-certificates[384880]: 1 added, 0 removed; done. Apr 10 20:14:12.520551 osdx ca-certificates[384886]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:12.523251 osdx ca-certificates[384888]: done. Apr 10 20:14:12.623285 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:12.624468 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:12.628956 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:12.656313 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:12.656536 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Network connectivity detected Apr 10 20:14:12.656644 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Dropping privileges Apr 10 20:14:12.659634 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Network connectivity detected Apr 10 20:14:12.659634 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:12.659634 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:12.659714 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Firefox workaround initialized Apr 10 20:14:12.659714 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxvwvsgh1] Apr 10 20:14:12.660229 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 10 20:14:12.660264 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 10 20:14:12.660277 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:12.660418 osdx dnscrypt-proxy[384945]: [2025-04-10 20:14:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16