Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:00.306526 osdx systemd-journald[1884]: Runtime Journal (/run/log/journal/0288f6065d6743618e90e784ba8b9df5) is 2.7M, max 15.3M, 12.6M free. May 14 09:41:00.309745 osdx systemd-journald[1884]: Received client request to rotate journal, rotating. May 14 09:41:00.309802 osdx systemd-journald[1884]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0288f6065d6743618e90e784ba8b9df5. May 14 09:41:00.316890 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:00.637769 osdx osdx-coredump[3236]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:00.645546 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:01.177672 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:01.311950 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 14 09:41:01.376693 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:01.488274 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:01.556440 osdx ubnt-cfgd[3254]: inactive May 14 09:41:01.580407 osdx INFO[3262]: FRR daemons did not change May 14 09:41:01.684560 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:01.694893 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:01.713002 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:01.868192 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 14 09:41:03.100195 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:03.177578 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 14 09:41:03.280497 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 14 09:41:03.344406 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 14 09:41:03.436194 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 14 09:41:03.494217 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 14 09:41:03.585879 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 14 09:41:03.641138 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 14 09:41:03.749158 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 14 09:41:03.809359 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 14 09:41:03.925532 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:03.991024 osdx ubnt-cfgd[3420]: inactive May 14 09:41:04.012956 osdx INFO[3428]: FRR daemons did not change May 14 09:41:04.037972 osdx ca-certificates[3443]: Updating certificates in /etc/ssl/certs... May 14 09:41:04.614195 osdx ca-certificates[4446]: 1 added, 0 removed; done. May 14 09:41:04.617274 osdx ca-certificates[4454]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:04.620317 osdx ca-certificates[4456]: done. May 14 09:41:04.750053 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:04.750282 osdx systemd[1]: Reached target nss-lookup.target - Host and Network Name Lookups. May 14 09:41:04.752544 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:04.755926 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:04.773859 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:04.929813 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:04.948914 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:04.948914 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Network connectivity detected May 14 09:41:04.948914 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Dropping privileges May 14 09:41:04.951771 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Network connectivity detected May 14 09:41:04.951820 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:04.951820 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:04.951820 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 14 09:41:04.951820 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Firefox workaround initialized May 14 09:41:04.951875 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyfy26xut] May 14 09:41:05.235152 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:05] [NOTICE] [RD] OK (DoH) - rtt: 160ms May 14 09:41:05.235152 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:05] [NOTICE] Server with the lowest initial latency: RD (rtt: 160ms) May 14 09:41:05.235152 osdx dnscrypt-proxy[4516]: [2025-05-14 09:41:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:00.283246 osdx systemd-journald[1753]: Runtime Journal (/run/log/journal/899392cd00944cdaa29aa3964bffbd0e) is 1004.0K, max 7.2M, 6.2M free. May 14 09:41:00.285656 osdx systemd-journald[1753]: Received client request to rotate journal, rotating. May 14 09:41:00.285712 osdx systemd-journald[1753]: Vacuuming done, freed 0B of archived journals from /run/log/journal/899392cd00944cdaa29aa3964bffbd0e. May 14 09:41:00.294996 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:00.728593 osdx osdx-coredump[188418]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:00.736397 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:02.091604 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:02.166434 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 14 09:41:02.267080 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:02.325175 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service ssh'. May 14 09:41:02.431747 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:02.491551 osdx ubnt-cfgd[188440]: inactive May 14 09:41:02.515366 osdx INFO[188454]: FRR daemons did not change May 14 09:41:02.533653 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 14 09:41:02.686208 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 14 09:41:02.700261 osdx sshd[188568]: Server listening on 0.0.0.0 port 22. May 14 09:41:02.700574 osdx sshd[188568]: Server listening on :: port 22. May 14 09:41:02.700713 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 14 09:41:02.726492 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:02.738067 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:02.754666 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:02.898812 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 14 09:41:07.114225 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:07.191368 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 14 09:41:07.286223 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 14 09:41:07.355608 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 14 09:41:07.454858 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 14 09:41:07.511667 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 14 09:41:07.604752 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 14 09:41:07.675539 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438'. May 14 09:41:07.773073 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:07.845726 osdx ubnt-cfgd[188623]: inactive May 14 09:41:07.870887 osdx INFO[188631]: FRR daemons did not change May 14 09:41:07.913512 osdx ca-certificates[188647]: Updating certificates in /etc/ssl/certs... May 14 09:41:08.449649 osdx ca-certificates[189649]: 1 added, 0 removed; done. May 14 09:41:08.452502 osdx ca-certificates[189657]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:08.455141 osdx ca-certificates[189659]: done. May 14 09:41:08.542087 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:08.543508 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:08.549395 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:08.586289 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:08.739576 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:08.739825 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Network connectivity detected May 14 09:41:08.739897 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Dropping privileges May 14 09:41:08.742204 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Network connectivity detected May 14 09:41:08.742264 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:08.742264 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:08.742264 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Firefox workaround initialized May 14 09:41:08.742264 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpngluefty] May 14 09:41:08.774171 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:08.933503 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] [DUT0] OK (DoH) - rtt: 116ms May 14 09:41:08.933503 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 116ms) May 14 09:41:08.933503 osdx dnscrypt-proxy[189666]: [2025-05-14 09:41:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:17.341246 osdx systemd-journald[1884]: Runtime Journal (/run/log/journal/0288f6065d6743618e90e784ba8b9df5) is 2.0M, max 15.3M, 13.2M free. May 14 09:41:17.344631 osdx systemd-journald[1884]: Received client request to rotate journal, rotating. May 14 09:41:17.344706 osdx systemd-journald[1884]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0288f6065d6743618e90e784ba8b9df5. May 14 09:41:17.353586 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:17.693436 osdx osdx-coredump[6211]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:17.703025 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:18.156781 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:18.238655 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 14 09:41:18.323853 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:18.393452 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:18.486074 osdx ubnt-cfgd[6229]: inactive May 14 09:41:18.511985 osdx INFO[6237]: FRR daemons did not change May 14 09:41:18.614491 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:18.625277 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:18.642343 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:18.788428 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 14 09:41:19.892913 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 14 09:41:20.036109 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:20.098999 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 14 09:41:20.203956 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 14 09:41:20.268128 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 14 09:41:20.362489 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 14 09:41:20.420187 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 14 09:41:20.519655 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 14 09:41:20.576204 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 14 09:41:20.678025 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 14 09:41:20.762973 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:20.866453 osdx ubnt-cfgd[6394]: inactive May 14 09:41:20.885092 osdx INFO[6402]: FRR daemons did not change May 14 09:41:20.904634 osdx ca-certificates[6418]: Updating certificates in /etc/ssl/certs... May 14 09:41:21.396551 osdx ca-certificates[7422]: 1 added, 0 removed; done. May 14 09:41:21.399574 osdx ca-certificates[7428]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:21.402219 osdx ca-certificates[7430]: done. May 14 09:41:21.516881 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:21.518027 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:21.520783 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:21.538329 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:21.540592 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:21.540730 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Network connectivity detected May 14 09:41:21.540875 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Dropping privileges May 14 09:41:21.543170 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Network connectivity detected May 14 09:41:21.543193 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:21.543208 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:21.543208 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 14 09:41:21.543233 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Firefox workaround initialized May 14 09:41:21.543233 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphj4de7xq] May 14 09:41:21.697196 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:21.724975 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] [RD] OK (DoH) - rtt: 126ms May 14 09:41:21.724975 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 126ms) May 14 09:41:21.724975 osdx dnscrypt-proxy[7490]: [2025-05-14 09:41:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:17.321728 osdx systemd-journald[1753]: Runtime Journal (/run/log/journal/899392cd00944cdaa29aa3964bffbd0e) is 1020.0K, max 7.2M, 6.2M free. May 14 09:41:17.324475 osdx systemd-journald[1753]: Received client request to rotate journal, rotating. May 14 09:41:17.324530 osdx systemd-journald[1753]: Vacuuming done, freed 0B of archived journals from /run/log/journal/899392cd00944cdaa29aa3964bffbd0e. May 14 09:41:17.331140 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:17.764489 osdx osdx-coredump[191335]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:17.772255 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:18.839209 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:18.915666 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 14 09:41:18.998572 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:19.058590 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service ssh'. May 14 09:41:19.173933 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:19.240034 osdx ubnt-cfgd[191354]: inactive May 14 09:41:19.265938 osdx INFO[191368]: FRR daemons did not change May 14 09:41:19.292464 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 14 09:41:19.456816 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 14 09:41:19.468644 osdx sshd[191482]: Server listening on 0.0.0.0 port 22. May 14 09:41:19.468864 osdx sshd[191482]: Server listening on :: port 22. May 14 09:41:19.468987 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 14 09:41:19.493221 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:19.505283 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:19.521282 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:19.671630 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 14 09:41:23.859037 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438'. May 14 09:41:24.004236 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:24.069389 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 14 09:41:24.162865 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 14 09:41:24.221850 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 14 09:41:24.327865 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 14 09:41:24.412880 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:24.513914 osdx ubnt-cfgd[191537]: inactive May 14 09:41:24.534164 osdx INFO[191545]: FRR daemons did not change May 14 09:41:24.547466 osdx ca-certificates[191561]: Updating certificates in /etc/ssl/certs... May 14 09:41:25.010704 osdx ca-certificates[192566]: 1 added, 0 removed; done. May 14 09:41:25.013863 osdx ca-certificates[192571]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:25.016790 osdx ca-certificates[192573]: done. May 14 09:41:25.084870 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:25.087178 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:25.091210 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:25.120073 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:25.120308 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Network connectivity detected May 14 09:41:25.120385 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Dropping privileges May 14 09:41:25.122827 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Network connectivity detected May 14 09:41:25.122827 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:25.122827 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:25.122827 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Firefox workaround initialized May 14 09:41:25.122827 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7x2ros07] May 14 09:41:25.129351 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:25.308143 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:25.308525 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms May 14 09:41:25.308525 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) May 14 09:41:25.308525 osdx dnscrypt-proxy[192580]: [2025-05-14 09:41:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 14 09:41:33.318036 osdx systemd-journald[1884]: Runtime Journal (/run/log/journal/0288f6065d6743618e90e784ba8b9df5) is 2.0M, max 15.3M, 13.2M free. May 14 09:41:33.318880 osdx systemd-journald[1884]: Received client request to rotate journal, rotating. May 14 09:41:33.318941 osdx systemd-journald[1884]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0288f6065d6743618e90e784ba8b9df5. May 14 09:41:33.327388 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:33.694482 osdx osdx-coredump[9185]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:33.701900 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:34.177501 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:34.258193 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 14 09:41:34.342658 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:34.407388 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:34.502701 osdx ubnt-cfgd[9203]: inactive May 14 09:41:34.522731 osdx INFO[9211]: FRR daemons did not change May 14 09:41:34.621062 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:34.632402 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:34.649247 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:34.789421 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 14 09:41:35.996297 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 14 09:41:36.145595 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:36.252246 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 14 09:41:36.329555 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 14 09:41:36.496872 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 14 09:41:36.617615 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 14 09:41:36.748161 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 14 09:41:36.865665 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7'. May 14 09:41:36.927797 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 14 09:41:37.041236 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 14 09:41:37.171832 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 14 09:41:37.244449 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 14 09:41:37.323556 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:37.422570 osdx ubnt-cfgd[9369]: inactive May 14 09:41:37.442827 osdx INFO[9377]: FRR daemons did not change May 14 09:41:37.456457 osdx ca-certificates[9393]: Updating certificates in /etc/ssl/certs... May 14 09:41:37.980500 osdx ca-certificates[10396]: 1 added, 0 removed; done. May 14 09:41:37.984449 osdx ca-certificates[10403]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:37.987771 osdx ca-certificates[10405]: done. May 14 09:41:38.123309 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:38.125163 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:38.128070 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:38.144865 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:38.145051 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Network connectivity detected May 14 09:41:38.145136 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Dropping privileges May 14 09:41:38.147229 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Network connectivity detected May 14 09:41:38.147257 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:38.147257 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:38.147285 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 14 09:41:38.147285 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Firefox workaround initialized May 14 09:41:38.147285 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpoj375baq] May 14 09:41:38.149882 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:38.160689 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] [RD] OK (DNSCrypt) - rtt: 13ms May 14 09:41:38.160760 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] Server with the lowest initial latency: RD (rtt: 13ms) May 14 09:41:38.160789 osdx dnscrypt-proxy[10465]: [2025-05-14 09:41:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:33.324808 osdx systemd-journald[1753]: Runtime Journal (/run/log/journal/899392cd00944cdaa29aa3964bffbd0e) is 1.0M, max 7.2M, 6.2M free. May 14 09:41:33.328436 osdx systemd-journald[1753]: Received client request to rotate journal, rotating. May 14 09:41:33.328483 osdx systemd-journald[1753]: Vacuuming done, freed 0B of archived journals from /run/log/journal/899392cd00944cdaa29aa3964bffbd0e. May 14 09:41:33.334195 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:33.770526 osdx osdx-coredump[194247]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:33.778747 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:34.903923 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:34.980862 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 14 09:41:35.056895 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:35.145394 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service ssh'. May 14 09:41:35.224803 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:35.306512 osdx ubnt-cfgd[194266]: inactive May 14 09:41:35.332688 osdx INFO[194280]: FRR daemons did not change May 14 09:41:35.352419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 14 09:41:35.504690 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 14 09:41:35.516696 osdx sshd[194394]: Server listening on 0.0.0.0 port 22. May 14 09:41:35.516899 osdx sshd[194394]: Server listening on :: port 22. May 14 09:41:35.517009 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 14 09:41:35.538009 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:35.550015 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:35.574725 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:35.749710 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 14 09:41:38.436528 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:38.536554 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 14 09:41:38.661634 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 14 09:41:38.733186 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 14 09:41:38.836813 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 14 09:41:38.895313 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 14 09:41:38.994083 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 14 09:41:39.063195 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438'. May 14 09:41:39.223319 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:39.300985 osdx ubnt-cfgd[194449]: inactive May 14 09:41:39.321363 osdx INFO[194457]: FRR daemons did not change May 14 09:41:39.333883 osdx ca-certificates[194472]: Updating certificates in /etc/ssl/certs... May 14 09:41:39.823793 osdx ca-certificates[195478]: 1 added, 0 removed; done. May 14 09:41:39.826890 osdx ca-certificates[195483]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:39.829754 osdx ca-certificates[195485]: done. May 14 09:41:39.908953 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:39.910592 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:39.914642 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:39.932369 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:39.941422 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:39.941638 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Network connectivity detected May 14 09:41:39.941713 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Dropping privileges May 14 09:41:39.944319 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Network connectivity detected May 14 09:41:39.944432 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:39.944491 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:39.944558 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Firefox workaround initialized May 14 09:41:39.944597 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqaiy9hxq] May 14 09:41:40.100210 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:40.248355 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:40] [NOTICE] [DUT0] OK (DoH) - rtt: 131ms May 14 09:41:40.248355 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:40] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 131ms) May 14 09:41:40.248355 osdx dnscrypt-proxy[195492]: [2025-05-14 09:41:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 14 09:41:48.296367 osdx systemd-journald[1884]: Runtime Journal (/run/log/journal/0288f6065d6743618e90e784ba8b9df5) is 2.0M, max 15.3M, 13.2M free. May 14 09:41:48.297819 osdx systemd-journald[1884]: Received client request to rotate journal, rotating. May 14 09:41:48.297868 osdx systemd-journald[1884]: Vacuuming done, freed 0B of archived journals from /run/log/journal/0288f6065d6743618e90e784ba8b9df5. May 14 09:41:48.306759 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:48.620007 osdx osdx-coredump[12155]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:48.628061 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:49.103507 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:49.180545 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 14 09:41:49.270227 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:49.337042 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:49.437211 osdx ubnt-cfgd[12173]: inactive May 14 09:41:49.461568 osdx INFO[12181]: FRR daemons did not change May 14 09:41:49.555620 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:49.567300 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:49.583547 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:49.720699 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 14 09:41:50.873397 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 14 09:41:50.968131 osdx OSDxCLI[2678]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443'. May 14 09:41:51.129615 osdx OSDxCLI[2678]: User 'admin' entered the configuration menu. May 14 09:41:51.197047 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 14 09:41:51.289487 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 14 09:41:51.361267 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 14 09:41:51.450848 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 14 09:41:51.510698 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 14 09:41:51.613354 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 14 09:41:51.687056 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 14 09:41:51.804437 osdx OSDxCLI[2678]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:51.884828 osdx ubnt-cfgd[12341]: inactive May 14 09:41:51.906713 osdx INFO[12349]: FRR daemons did not change May 14 09:41:51.919908 osdx ca-certificates[12365]: Updating certificates in /etc/ssl/certs... May 14 09:41:52.441220 osdx ca-certificates[13368]: 1 added, 0 removed; done. May 14 09:41:52.444222 osdx ca-certificates[13375]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:52.447845 osdx ca-certificates[13377]: done. May 14 09:41:52.558144 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:52.559710 osdx cfgd[1681]: [2678]Completed change to active configuration May 14 09:41:52.562666 osdx OSDxCLI[2678]: User 'admin' committed the configuration. May 14 09:41:52.580763 osdx OSDxCLI[2678]: User 'admin' left the configuration menu. May 14 09:41:52.582298 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:52.582469 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Network connectivity detected May 14 09:41:52.582596 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Dropping privileges May 14 09:41:52.584763 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Network connectivity detected May 14 09:41:52.584794 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:52.584794 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:52.584835 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 14 09:41:52.584835 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Firefox workaround initialized May 14 09:41:52.584835 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpv02y62ew] May 14 09:41:52.585395 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 14 09:41:52.585430 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 14 09:41:52.585430 osdx dnscrypt-proxy[13437]: [2025-05-14 09:41:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 14 09:41:48.274778 osdx systemd-journald[1753]: Runtime Journal (/run/log/journal/899392cd00944cdaa29aa3964bffbd0e) is 1.0M, max 7.2M, 6.2M free. May 14 09:41:48.277517 osdx systemd-journald[1753]: Received client request to rotate journal, rotating. May 14 09:41:48.277570 osdx systemd-journald[1753]: Vacuuming done, freed 0B of archived journals from /run/log/journal/899392cd00944cdaa29aa3964bffbd0e. May 14 09:41:48.284223 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal clear'. May 14 09:41:48.722427 osdx osdx-coredump[197160]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 14 09:41:48.729696 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system coredump delete all'. May 14 09:41:49.815547 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:49.896164 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 14 09:41:49.978161 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 14 09:41:50.035442 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service ssh'. May 14 09:41:50.152371 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:50.214466 osdx ubnt-cfgd[197179]: inactive May 14 09:41:50.238503 osdx INFO[197193]: FRR daemons did not change May 14 09:41:50.261524 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 14 09:41:50.409778 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 14 09:41:50.439972 osdx sshd[197307]: Server listening on 0.0.0.0 port 22. May 14 09:41:50.440154 osdx sshd[197307]: Server listening on :: port 22. May 14 09:41:50.440331 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 14 09:41:50.461243 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:50.475832 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:50.498107 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:50.644480 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 14 09:41:52.786435 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 11082df4c1e20f38c97e5ebdd232f8e58f97057a1458afb15397a7c7440d8438'. May 14 09:41:52.958141 osdx OSDxCLI[154664]: User 'admin' entered the configuration menu. May 14 09:41:53.017529 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 14 09:41:53.111130 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 14 09:41:53.174288 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 14 09:41:53.281836 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgEQgt9MHiDzjJfl690jL45Y-XBXoUWK-xU5enx0QNhDgNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 14 09:41:53.359414 osdx OSDxCLI[154664]: User 'admin' added a new cfg line: 'show working'. May 14 09:41:53.449149 osdx ubnt-cfgd[197362]: inactive May 14 09:41:53.467740 osdx INFO[197370]: FRR daemons did not change May 14 09:41:53.482014 osdx ca-certificates[197386]: Updating certificates in /etc/ssl/certs... May 14 09:41:53.971705 osdx ca-certificates[198391]: 1 added, 0 removed; done. May 14 09:41:53.974443 osdx ca-certificates[198396]: Running hooks in /etc/ca-certificates/update.d... May 14 09:41:53.977015 osdx ca-certificates[198398]: done. May 14 09:41:54.053781 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 14 09:41:54.055603 osdx cfgd[1455]: [154664]Completed change to active configuration May 14 09:41:54.060122 osdx OSDxCLI[154664]: User 'admin' committed the configuration. May 14 09:41:54.076453 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] dnscrypt-proxy 2.0.45 May 14 09:41:54.076674 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Network connectivity detected May 14 09:41:54.076674 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Dropping privileges May 14 09:41:54.078900 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Network connectivity detected May 14 09:41:54.078900 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 14 09:41:54.078900 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 14 09:41:54.078900 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Firefox workaround initialized May 14 09:41:54.078900 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmptc2zd7s5] May 14 09:41:54.134390 osdx OSDxCLI[154664]: User 'admin' left the configuration menu. May 14 09:41:54.264970 osdx OSDxCLI[154664]: User 'admin' executed a new command: 'system journal show | cat'. May 14 09:41:54.768542 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] [DUT0] OK (DoH) - rtt: 115ms May 14 09:41:54.768542 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 115ms) May 14 09:41:54.768542 osdx dnscrypt-proxy[198405]: [2025-05-14 09:41:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13