Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:56:08.301024 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:56:08.304212 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:56:08.304285 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:56:08.310938 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:08.588512 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:08.869141 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:08.994997 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:56:09.074296 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:09.173592 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:09.327743 osdx ubnt-cfgd[281603]: inactive Jun 25 09:56:09.354344 osdx INFO[281611]: FRR daemons did not change Jun 25 09:56:09.380214 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:09.450152 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:09.463892 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:09.481880 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:09.702868 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:56:09.901301 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:09.979477 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:56:10.077428 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:56:10.150690 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:56:10.310685 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:56:10.430884 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:56:10.572595 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:56:10.664114 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:10.763224 osdx ubnt-cfgd[281765]: inactive Jun 25 09:56:10.785722 osdx INFO[281773]: FRR daemons did not change Jun 25 09:56:10.798167 osdx ca-certificates[281788]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:11.348941 osdx ubnt-cfgd[282787]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:11.357339 osdx ca-certificates[282792]: 1 added, 0 removed; done. Jun 25 09:56:11.361342 osdx ca-certificates[282799]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:11.364276 osdx ca-certificates[282801]: done. Jun 25 09:56:11.500717 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:11.502116 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:11.504217 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:11.528973 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:11.529251 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Network connectivity detected Jun 25 09:56:11.529278 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Dropping privileges Jun 25 09:56:11.530768 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:11.532693 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Network connectivity detected Jun 25 09:56:11.532798 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:11.532834 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:11.532876 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Firefox workaround initialized Jun 25 09:56:11.532901 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpe99h6r2d] Jun 25 09:56:11.697671 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:56:11.700982 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] [RD] OK (DoH) - rtt: 99ms Jun 25 09:56:11.700982 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 99ms) Jun 25 09:56:11.700982 osdx dnscrypt-proxy[282858]: [2025-06-25 09:56:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:56:19.296031 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:56:19.298860 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:56:19.298932 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:56:19.305957 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:19.520705 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:19.802787 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:19.882213 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:56:19.955124 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:20.064802 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:20.130458 osdx ubnt-cfgd[284562]: inactive Jun 25 09:56:20.153372 osdx INFO[284570]: FRR daemons did not change Jun 25 09:56:20.174858 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:20.246565 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:20.257926 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:20.274289 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:20.439598 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:56:20.607243 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:56:20.759951 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:20.822601 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:56:20.927743 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:56:20.990675 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 25 09:56:21.082569 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:56:21.176750 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:21.264587 osdx ubnt-cfgd[284723]: inactive Jun 25 09:56:21.282373 osdx INFO[284731]: FRR daemons did not change Jun 25 09:56:21.294549 osdx ca-certificates[284746]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:21.774689 osdx ubnt-cfgd[285745]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:21.782262 osdx ca-certificates[285751]: 1 added, 0 removed; done. Jun 25 09:56:21.785108 osdx ca-certificates[285757]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:21.787964 osdx ca-certificates[285759]: done. Jun 25 09:56:21.895135 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:21.896260 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:21.898921 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:21.921174 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:21.927492 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:21.927661 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Network connectivity detected Jun 25 09:56:21.927748 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Dropping privileges Jun 25 09:56:21.929666 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Network connectivity detected Jun 25 09:56:21.929709 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:21.929709 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:21.929709 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Firefox workaround initialized Jun 25 09:56:21.929709 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpenyb8q5k] Jun 25 09:56:22.054654 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:22] [NOTICE] [RD] OK (DoH) - rtt: 68ms Jun 25 09:56:22.054654 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:22] [NOTICE] Server with the lowest initial latency: RD (rtt: 68ms) Jun 25 09:56:22.054654 osdx dnscrypt-proxy[285816]: [2025-06-25 09:56:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 25 09:56:27.306061 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:56:27.309338 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:56:27.309399 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:56:27.318082 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:27.529276 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:27.753565 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:27.832131 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:56:27.944442 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:28.016811 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:28.117024 osdx ubnt-cfgd[287515]: inactive Jun 25 09:56:28.137791 osdx INFO[287523]: FRR daemons did not change Jun 25 09:56:28.157362 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:28.233069 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:28.245419 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:28.274857 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:28.430566 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:56:28.643821 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 25 09:56:28.795326 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:28.866281 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:56:28.967838 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:56:29.036159 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 25 09:56:29.135054 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 25 09:56:29.198852 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 25 09:56:29.324393 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 25 09:56:29.438984 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:56:29.571170 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:29.691485 osdx ubnt-cfgd[287678]: inactive Jun 25 09:56:29.713265 osdx INFO[287686]: FRR daemons did not change Jun 25 09:56:29.726457 osdx ca-certificates[287702]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:30.225416 osdx ubnt-cfgd[288700]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:30.233248 osdx ca-certificates[288706]: 1 added, 0 removed; done. Jun 25 09:56:30.237154 osdx ca-certificates[288712]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:30.239956 osdx ca-certificates[288714]: done. Jun 25 09:56:30.345585 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:30.346848 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:30.348962 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:30.377866 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:30.378142 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:30.378257 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Network connectivity detected Jun 25 09:56:30.378446 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Dropping privileges Jun 25 09:56:30.381144 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Network connectivity detected Jun 25 09:56:30.381178 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:30.381178 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:30.381211 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Firefox workaround initialized Jun 25 09:56:30.381211 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpqop23xuq] Jun 25 09:56:30.425904 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] [RD] OK (DNSCrypt) - rtt: 44ms Jun 25 09:56:30.425904 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] Server with the lowest initial latency: RD (rtt: 44ms) Jun 25 09:56:30.426019 osdx dnscrypt-proxy[288771]: [2025-06-25 09:56:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 25 09:56:35.380383 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:56:35.381879 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:56:35.381928 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:56:35.392598 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:35.612981 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:35.938341 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:36.028322 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:56:36.164780 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:36.263281 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:36.339470 osdx ubnt-cfgd[290470]: inactive Jun 25 09:56:36.360382 osdx INFO[290478]: FRR daemons did not change Jun 25 09:56:36.381889 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:36.457321 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:36.468070 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:36.485657 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:36.633650 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:56:36.798747 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 25 09:56:36.909718 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 25 09:56:37.079285 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:37.179773 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:56:37.280609 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:56:37.369731 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 25 09:56:37.467961 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:56:37.556173 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:37.684068 osdx ubnt-cfgd[290633]: inactive Jun 25 09:56:37.704897 osdx INFO[290641]: FRR daemons did not change Jun 25 09:56:37.718950 osdx ca-certificates[290657]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:38.237427 osdx ubnt-cfgd[291655]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:38.246099 osdx ca-certificates[291660]: 1 added, 0 removed; done. Jun 25 09:56:38.249515 osdx ca-certificates[291667]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:38.253633 osdx ca-certificates[291669]: done. Jun 25 09:56:38.350231 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:38.351466 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:38.353761 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:38.370685 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:38.382265 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:38.382481 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Network connectivity detected Jun 25 09:56:38.382547 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Dropping privileges Jun 25 09:56:38.385007 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Network connectivity detected Jun 25 09:56:38.385041 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:38.385041 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:38.385092 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Firefox workaround initialized Jun 25 09:56:38.385092 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4tdoltf5] Jun 25 09:56:38.385619 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 25 09:56:38.385619 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 25 09:56:38.385673 osdx dnscrypt-proxy[291726]: [2025-06-25 09:56:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16