Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:14:27.343514 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.2M free. Apr 10 20:14:27.345155 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:14:27.345217 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:14:27.353563 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:27.761241 osdx osdx-coredump[387025]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:27.770044 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:28.284643 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:28.365278 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:14:28.451788 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:28.521913 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:28.604642 osdx ubnt-cfgd[387043]: inactive Apr 10 20:14:28.665800 osdx INFO[387051]: FRR daemons did not change Apr 10 20:14:28.685153 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:28.766530 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:28.777868 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:28.803500 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:28.947842 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:14:30.158839 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:30.232413 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:14:30.345849 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:14:30.432277 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:14:30.536474 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:14:30.644139 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:14:30.721180 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Apr 10 20:14:30.831421 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Apr 10 20:14:30.888173 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:14:31.007567 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 10 20:14:31.133759 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:31.213072 osdx ubnt-cfgd[387206]: inactive Apr 10 20:14:31.269828 osdx INFO[387214]: FRR daemons did not change Apr 10 20:14:31.284589 osdx ca-certificates[387230]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:31.829782 osdx ca-certificates[388233]: 1 added, 0 removed; done. Apr 10 20:14:31.832803 osdx ca-certificates[388240]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:31.835590 osdx ca-certificates[388242]: done. Apr 10 20:14:31.965502 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:31.966917 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:31.970538 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:31.994715 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:31.999373 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:31] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:31.999562 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:31] [NOTICE] Network connectivity detected Apr 10 20:14:31.999648 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:31] [NOTICE] Dropping privileges Apr 10 20:14:32.001724 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Network connectivity detected Apr 10 20:14:32.001752 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:32.001752 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:32.001752 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 10 20:14:32.001804 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Firefox workaround initialized Apr 10 20:14:32.001804 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1zweuouk] Apr 10 20:14:32.093774 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] [RD] OK (DoH) - rtt: 68ms Apr 10 20:14:32.093774 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 68ms) Apr 10 20:14:32.093774 osdx dnscrypt-proxy[388302]: [2025-04-10 20:14:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:14:27.344018 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/05ba5a9ee053420dac2414195c972f49) is 992.0K, max 7.2M, 6.2M free. Apr 10 20:14:27.346240 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Apr 10 20:14:27.346301 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/05ba5a9ee053420dac2414195c972f49. Apr 10 20:14:27.356538 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:27.846957 osdx osdx-coredump[301378]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:27.857350 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:29.015662 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:29.088052 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 10 20:14:29.173563 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:29.233626 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service ssh'. Apr 10 20:14:29.345874 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:29.412240 osdx ubnt-cfgd[301397]: inactive Apr 10 20:14:29.486241 osdx INFO[301411]: FRR daemons did not change Apr 10 20:14:29.510216 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:29.678632 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Apr 10 20:14:29.691103 osdx sshd[301525]: Server listening on 0.0.0.0 port 22. Apr 10 20:14:29.691353 osdx sshd[301525]: Server listening on :: port 22. Apr 10 20:14:29.691496 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Apr 10 20:14:29.713442 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:29.725768 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:29.742791 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:29.915281 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 10 20:14:32.171749 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:32.233986 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 10 20:14:32.336326 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 10 20:14:32.399368 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 10 20:14:32.510884 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 10 20:14:32.572585 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 10 20:14:32.673208 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Apr 10 20:14:32.751342 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212'. Apr 10 20:14:32.887537 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:32.969983 osdx ubnt-cfgd[301580]: inactive Apr 10 20:14:33.040880 osdx INFO[301588]: FRR daemons did not change Apr 10 20:14:33.055553 osdx ca-certificates[301603]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:33.554680 osdx ca-certificates[302609]: 1 added, 0 removed; done. Apr 10 20:14:33.558044 osdx ca-certificates[302614]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:33.562038 osdx ca-certificates[302616]: done. Apr 10 20:14:33.654704 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:33.656955 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:33.660055 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:33.677941 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:33.695117 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:33.695370 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Network connectivity detected Apr 10 20:14:33.695429 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Dropping privileges Apr 10 20:14:33.697454 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Network connectivity detected Apr 10 20:14:33.700198 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:33.700198 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:33.700294 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Firefox workaround initialized Apr 10 20:14:33.700294 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0d4b2x_o] Apr 10 20:14:33.838939 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] [DUT0] OK (DoH) - rtt: 74ms Apr 10 20:14:33.838939 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 74ms) Apr 10 20:14:33.838939 osdx dnscrypt-proxy[302623]: [2025-04-10 20:14:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:14:39.000191 osdx systemd-timedated[374445]: Changed local time to Thu 2025-04-10 20:14:39 UTC Apr 10 20:14:39.001876 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'set date 2025-04-10 20:14:39'. Apr 10 20:14:39.003513 osdx systemd-journald[55338]: Time jumped backwards, rotating. Apr 10 20:14:39.336003 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.2M free. Apr 10 20:14:39.339518 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:14:39.339585 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:14:39.347462 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:39.666959 osdx osdx-coredump[389993]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:39.674615 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:40.171527 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:40.249628 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:14:40.360535 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:40.432943 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:40.521174 osdx ubnt-cfgd[390011]: inactive Apr 10 20:14:40.580276 osdx INFO[390019]: FRR daemons did not change Apr 10 20:14:40.599529 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:40.678080 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:40.689178 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:40.706855 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:40.870680 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:14:42.044443 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:14:42.210786 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:42.285633 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:14:42.394917 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:14:42.484088 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW-ElWqBuDJqzN5_MVkmWuje5fE3fMLL7nuvT_i4yCxgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Apr 10 20:14:42.580586 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Apr 10 20:14:42.657833 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Apr 10 20:14:42.769150 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 10 20:14:42.870053 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:14:42.941616 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 10 20:14:43.061140 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:43.132530 osdx ubnt-cfgd[390176]: inactive Apr 10 20:14:43.193798 osdx INFO[390184]: FRR daemons did not change Apr 10 20:14:43.207055 osdx ca-certificates[390200]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:43.802288 osdx ca-certificates[391204]: 1 added, 0 removed; done. Apr 10 20:14:43.806083 osdx ca-certificates[391210]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:43.809776 osdx ca-certificates[391212]: done. Apr 10 20:14:43.951931 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:43.954693 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:43.958039 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:43.975727 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:43.975925 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Network connectivity detected Apr 10 20:14:43.976121 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Dropping privileges Apr 10 20:14:43.978932 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Network connectivity detected Apr 10 20:14:43.978932 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:43.978932 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:43.978932 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 10 20:14:43.979065 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Firefox workaround initialized Apr 10 20:14:43.979065 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpaf5pqqcq] Apr 10 20:14:43.994545 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:44.089496 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:44] [NOTICE] [RD] OK (DoH) - rtt: 72ms Apr 10 20:14:44.089496 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:44] [NOTICE] Server with the lowest initial latency: RD (rtt: 72ms) Apr 10 20:14:44.089496 osdx dnscrypt-proxy[391272]: [2025-04-10 20:14:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:14:40.304855 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/05ba5a9ee053420dac2414195c972f49) is 1020.0K, max 7.2M, 6.2M free. Apr 10 20:14:40.308705 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Apr 10 20:14:40.308761 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/05ba5a9ee053420dac2414195c972f49. Apr 10 20:14:40.314572 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:40.764010 osdx osdx-coredump[304285]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:40.771601 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:41.898167 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:41.979568 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 10 20:14:42.077540 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:42.137868 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service ssh'. Apr 10 20:14:42.288176 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:42.373548 osdx ubnt-cfgd[304304]: inactive Apr 10 20:14:42.430165 osdx INFO[304318]: FRR daemons did not change Apr 10 20:14:42.452701 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:42.605124 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Apr 10 20:14:42.620857 osdx sshd[304432]: Server listening on 0.0.0.0 port 22. Apr 10 20:14:42.620887 osdx sshd[304432]: Server listening on :: port 22. Apr 10 20:14:42.621246 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Apr 10 20:14:42.658592 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:42.670829 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:42.686679 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:42.829887 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 10 20:14:45.213731 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212'. Apr 10 20:14:45.383936 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:45.467601 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 10 20:14:45.531319 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 10 20:14:45.632478 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 10 20:14:45.708244 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Apr 10 20:14:45.824006 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:45.902144 osdx ubnt-cfgd[304487]: inactive Apr 10 20:14:45.953464 osdx INFO[304495]: FRR daemons did not change Apr 10 20:14:45.966065 osdx ca-certificates[304510]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:46.454452 osdx ca-certificates[305516]: 1 added, 0 removed; done. Apr 10 20:14:46.458123 osdx ca-certificates[305521]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:46.461753 osdx ca-certificates[305523]: done. Apr 10 20:14:46.545148 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:46.546841 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:46.550820 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:46.577951 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:46.577951 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Network connectivity detected Apr 10 20:14:46.577951 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Dropping privileges Apr 10 20:14:46.580387 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:46.580778 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Network connectivity detected Apr 10 20:14:46.580778 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:46.580778 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:46.580778 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Firefox workaround initialized Apr 10 20:14:46.580778 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprdgxopdk] Apr 10 20:14:46.712557 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] [DUT0] OK (DoH) - rtt: 77ms Apr 10 20:14:46.712557 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 77ms) Apr 10 20:14:46.712557 osdx dnscrypt-proxy[305530]: [2025-04-10 20:14:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Apr 10 20:14:52.338845 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.1M, max 15.3M, 13.2M free. Apr 10 20:14:52.342120 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:14:52.342192 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:14:52.349643 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:52.670671 osdx osdx-coredump[392961]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:52.678391 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:53.161767 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:53.241999 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:14:53.331595 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:53.404819 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:53.500605 osdx ubnt-cfgd[392979]: inactive Apr 10 20:14:53.579770 osdx INFO[392987]: FRR daemons did not change Apr 10 20:14:53.602119 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:53.685458 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:53.697536 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:53.714483 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:14:53.863404 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:14:55.113892 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 10 20:14:55.253259 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:14:55.316229 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:14:55.418436 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:14:55.483021 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Apr 10 20:14:55.602326 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Apr 10 20:14:55.677082 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Apr 10 20:14:55.821300 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c'. Apr 10 20:14:55.895072 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:14:55.993087 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Apr 10 20:14:56.051546 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Apr 10 20:14:56.163459 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 10 20:14:56.238114 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:56.337226 osdx ubnt-cfgd[393145]: inactive Apr 10 20:14:56.374209 osdx INFO[393153]: FRR daemons did not change Apr 10 20:14:56.389979 osdx ca-certificates[393168]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:56.900779 osdx ca-certificates[394173]: 1 added, 0 removed; done. Apr 10 20:14:56.903565 osdx ca-certificates[394179]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:56.906486 osdx ca-certificates[394181]: done. Apr 10 20:14:57.030407 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:57.031945 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:14:57.034693 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:14:57.053554 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:57.053748 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Network connectivity detected Apr 10 20:14:57.053943 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Dropping privileges Apr 10 20:14:57.056111 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Network connectivity detected Apr 10 20:14:57.056151 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:57.056151 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:57.056183 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 10 20:14:57.056196 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Firefox workaround initialized Apr 10 20:14:57.056196 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp65kk2sh9] Apr 10 20:14:57.056861 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 10 20:14:57.056861 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 10 20:14:57.056912 osdx dnscrypt-proxy[394241]: [2025-04-10 20:14:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Apr 10 20:14:57.063962 osdx OSDxCLI[284355]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:14:52.000202 osdx systemd-timedated[300647]: Changed local time to Thu 2025-04-10 20:14:52 UTC Apr 10 20:14:52.001870 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'set date 2025-04-10 20:14:52'. Apr 10 20:14:52.003124 osdx systemd-journald[1764]: Time jumped backwards, rotating. Apr 10 20:14:52.310257 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/05ba5a9ee053420dac2414195c972f49) is 1.0M, max 7.2M, 6.2M free. Apr 10 20:14:52.311164 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Apr 10 20:14:52.311219 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/05ba5a9ee053420dac2414195c972f49. Apr 10 20:14:52.323101 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:14:52.758092 osdx osdx-coredump[307193]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:14:52.766409 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:14:53.941409 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:54.101926 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 10 20:14:54.169646 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:14:54.286810 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service ssh'. Apr 10 20:14:54.359790 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:54.454590 osdx ubnt-cfgd[307214]: inactive Apr 10 20:14:54.518740 osdx INFO[307228]: FRR daemons did not change Apr 10 20:14:54.543130 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:14:54.691428 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Apr 10 20:14:54.705986 osdx sshd[307342]: Server listening on 0.0.0.0 port 22. Apr 10 20:14:54.706285 osdx sshd[307342]: Server listening on :: port 22. Apr 10 20:14:54.706438 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Apr 10 20:14:54.727818 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:54.740175 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:54.775870 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:54.930924 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 10 20:14:57.310719 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:14:57.382958 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 10 20:14:57.478991 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 10 20:14:57.553499 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 10 20:14:57.677905 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Apr 10 20:14:57.746078 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Apr 10 20:14:57.848471 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Apr 10 20:14:57.926799 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212'. Apr 10 20:14:58.047290 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:14:58.130874 osdx ubnt-cfgd[307397]: inactive Apr 10 20:14:58.208554 osdx INFO[307405]: FRR daemons did not change Apr 10 20:14:58.224999 osdx ca-certificates[307421]: Updating certificates in /etc/ssl/certs... Apr 10 20:14:58.726544 osdx ca-certificates[308426]: 1 added, 0 removed; done. Apr 10 20:14:58.729605 osdx ca-certificates[308431]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:14:58.732514 osdx ca-certificates[308433]: done. Apr 10 20:14:58.823656 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:14:58.826003 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:14:58.830385 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:14:58.845458 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:14:58.845630 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Network connectivity detected Apr 10 20:14:58.845768 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Dropping privileges Apr 10 20:14:58.847575 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Network connectivity detected Apr 10 20:14:58.847659 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:14:58.847692 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:14:58.847748 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Firefox workaround initialized Apr 10 20:14:58.847775 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk2p2086a] Apr 10 20:14:58.854507 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:14:58.967430 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] [DUT0] OK (DoH) - rtt: 74ms Apr 10 20:14:58.967572 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 74ms) Apr 10 20:14:58.967616 osdx dnscrypt-proxy[308440]: [2025-04-10 20:14:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Apr 10 20:15:06.387485 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.1M, max 15.3M, 13.2M free. Apr 10 20:15:06.388006 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:15:06.388036 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:15:06.399179 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:15:06.916058 osdx osdx-coredump[395936]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:15:06.927011 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:15:07.467033 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:15:07.551107 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:15:07.630521 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:15:07.699158 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:15:07.789127 osdx ubnt-cfgd[395956]: inactive Apr 10 20:15:07.841728 osdx INFO[395964]: FRR daemons did not change Apr 10 20:15:07.863748 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:15:07.938966 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:15:07.949676 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:15:07.967328 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:15:08.126772 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:15:09.386205 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Apr 10 20:15:09.478615 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 8d:81:35:2a:7c:15:d5:77:53:f9:79:27:c0:e9:60:b0:d1:e8:fd:e7:84:9e:be:21:e9:69:7d:ff:65:60:aa:8c ip 10.215.168.1 port 8443'. Apr 10 20:15:09.637414 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:15:09.698725 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:15:09.819363 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:15:09.885460 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzII2BNSp8FdV3U_l5J8DpYLDR6P3nhJ6-Ielpff9lYKqMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Apr 10 20:15:09.982374 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns resolver local'. Apr 10 20:15:10.056757 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Apr 10 20:15:10.160394 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Apr 10 20:15:10.217531 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Apr 10 20:15:10.335694 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:15:10.404822 osdx ubnt-cfgd[396122]: inactive Apr 10 20:15:10.435371 osdx INFO[396130]: FRR daemons did not change Apr 10 20:15:10.448185 osdx ca-certificates[396146]: Updating certificates in /etc/ssl/certs... Apr 10 20:15:10.962046 osdx ca-certificates[397150]: 1 added, 0 removed; done. Apr 10 20:15:10.965316 osdx ca-certificates[397156]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:15:10.968999 osdx ca-certificates[397158]: done. Apr 10 20:15:11.124160 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:15:11.125753 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:15:11.128534 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:15:11.157196 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:15:11.157548 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Network connectivity detected Apr 10 20:15:11.157605 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:15:11.158020 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Dropping privileges Apr 10 20:15:11.160449 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Network connectivity detected Apr 10 20:15:11.160502 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:15:11.160502 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:15:11.160502 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Apr 10 20:15:11.160548 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Firefox workaround initialized Apr 10 20:15:11.160548 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6q26da90] Apr 10 20:15:11.161191 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Apr 10 20:15:11.161191 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Apr 10 20:15:11.161191 osdx dnscrypt-proxy[397218]: [2025-04-10 20:15:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Apr 10 20:15:06.378862 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/05ba5a9ee053420dac2414195c972f49) is 1.0M, max 7.2M, 6.1M free. Apr 10 20:15:06.385710 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Apr 10 20:15:06.385781 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/05ba5a9ee053420dac2414195c972f49. Apr 10 20:15:06.396700 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:15:06.986902 osdx osdx-coredump[310104]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:15:06.996493 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:15:08.152090 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:15:08.271515 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Apr 10 20:15:08.385823 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:15:08.467015 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service ssh'. Apr 10 20:15:08.550041 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:15:08.659451 osdx ubnt-cfgd[310123]: inactive Apr 10 20:15:08.747638 osdx INFO[310137]: FRR daemons did not change Apr 10 20:15:08.765858 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:15:08.930133 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Apr 10 20:15:08.959546 osdx sshd[310251]: Server listening on 0.0.0.0 port 22. Apr 10 20:15:08.959980 osdx sshd[310251]: Server listening on :: port 22. Apr 10 20:15:08.960243 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Apr 10 20:15:08.989055 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:15:09.000517 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:15:09.023118 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:15:09.159727 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Apr 10 20:15:11.335280 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 5c278e78d86e87471221de29b283519d2171ba2d0125a72ba2804e8aaa1f7212'. Apr 10 20:15:11.498858 osdx OSDxCLI[223617]: User 'admin' entered the configuration menu. Apr 10 20:15:11.579396 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Apr 10 20:15:11.698059 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Apr 10 20:15:11.769155 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Apr 10 20:15:11.881720 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgXCeOeNhuh0cSId4psoNRnSFxui0BJacrooBOiqofchINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Apr 10 20:15:11.981243 osdx OSDxCLI[223617]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:15:12.081210 osdx ubnt-cfgd[310306]: inactive Apr 10 20:15:12.143619 osdx INFO[310314]: FRR daemons did not change Apr 10 20:15:12.156326 osdx ca-certificates[310330]: Updating certificates in /etc/ssl/certs... Apr 10 20:15:12.692852 osdx ca-certificates[311335]: 1 added, 0 removed; done. Apr 10 20:15:12.695965 osdx ca-certificates[311340]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:15:12.698879 osdx ca-certificates[311342]: done. Apr 10 20:15:12.790141 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:15:12.791413 osdx cfgd[1456]: [223617]Completed change to active configuration Apr 10 20:15:12.794352 osdx OSDxCLI[223617]: User 'admin' committed the configuration. Apr 10 20:15:12.812051 osdx OSDxCLI[223617]: User 'admin' left the configuration menu. Apr 10 20:15:12.837418 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] dnscrypt-proxy 2.0.45 Apr 10 20:15:12.837644 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Network connectivity detected Apr 10 20:15:12.837662 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Dropping privileges Apr 10 20:15:12.839897 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Network connectivity detected Apr 10 20:15:12.839944 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 10 20:15:12.839944 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 10 20:15:12.839944 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Firefox workaround initialized Apr 10 20:15:12.839944 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp05z2sjpc] Apr 10 20:15:12.994524 osdx OSDxCLI[223617]: User 'admin' executed a new command: 'system journal show | cat'. Apr 10 20:15:12.998842 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] [DUT0] OK (DoH) - rtt: 69ms Apr 10 20:15:12.998842 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 69ms) Apr 10 20:15:12.998842 osdx dnscrypt-proxy[311349]: [2025-04-10 20:15:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13