Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:56:51.338427 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:56:51.341141 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:56:51.341195 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:56:51.349120 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:51.609878 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:51.860816 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:51.942810 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:56:52.031500 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:52.101771 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:52.202702 osdx ubnt-cfgd[293806]: inactive Jun 25 09:56:52.224695 osdx INFO[293814]: FRR daemons did not change Jun 25 09:56:52.249150 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:52.326670 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:52.337368 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:52.408488 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:52.492123 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:56:53.661784 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:56:53.777313 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:56:53.930314 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:56:54.007204 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:56:54.074110 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:56:54.181288 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:56:54.232988 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 25 09:56:54.347129 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 25 09:56:54.421124 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:56:54.493456 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 25 09:56:54.672328 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:54.783003 osdx ubnt-cfgd[293969]: inactive Jun 25 09:56:54.804780 osdx INFO[293977]: FRR daemons did not change Jun 25 09:56:54.817409 osdx ca-certificates[293992]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:55.317245 osdx ubnt-cfgd[294991]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:55.325913 osdx ca-certificates[294997]: 1 added, 0 removed; done. Jun 25 09:56:55.329006 osdx ca-certificates[295003]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:55.332148 osdx ca-certificates[295005]: done. Jun 25 09:56:55.449451 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:55.450733 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:56:55.452604 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:56:55.481600 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:56:55.482670 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:55.482841 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Network connectivity detected Jun 25 09:56:55.482982 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Dropping privileges Jun 25 09:56:55.485111 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Network connectivity detected Jun 25 09:56:55.485175 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:55.485175 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:55.485175 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 25 09:56:55.485175 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Firefox workaround initialized Jun 25 09:56:55.485175 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpty5206ur] Jun 25 09:56:55.639988 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:56:55.673995 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] [RD] OK (DoH) - rtt: 114ms Jun 25 09:56:55.673995 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] Server with the lowest initial latency: RD (rtt: 114ms) Jun 25 09:56:55.673995 osdx dnscrypt-proxy[295065]: [2025-06-25 09:56:55] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:56:51.320118 osdx systemd-journald[1559]: Runtime Journal (/run/log/journal/4da79601fcd1495d87d4eb077a64e8bc) is 1000.0K, max 7.2M, 6.3M free. Jun 25 09:56:51.323572 osdx systemd-journald[1559]: Received client request to rotate journal, rotating. Jun 25 09:56:51.323648 osdx systemd-journald[1559]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4da79601fcd1495d87d4eb077a64e8bc. Jun 25 09:56:51.329826 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:56:51.578476 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:56:52.528804 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:56:52.612471 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 25 09:56:52.695192 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:56:52.807061 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service ssh'. Jun 25 09:56:52.891731 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:52.989142 osdx ubnt-cfgd[152763]: inactive Jun 25 09:56:53.016977 osdx INFO[152777]: FRR daemons did not change Jun 25 09:56:53.035579 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:56:53.199842 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 25 09:56:53.211785 osdx sshd[152891]: Server listening on 0.0.0.0 port 22. Jun 25 09:56:53.212009 osdx sshd[152891]: Server listening on :: port 22. Jun 25 09:56:53.212121 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 25 09:56:53.235170 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:56:53.246867 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:56:53.264028 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:56:53.435864 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 25 09:56:57.800717 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:56:57.860920 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 25 09:56:57.960464 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 25 09:56:58.016404 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 25 09:56:58.127730 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 25 09:56:58.186178 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 25 09:56:58.284680 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 25 09:56:58.342410 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be'. Jun 25 09:56:58.457038 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:56:58.527870 osdx ubnt-cfgd[152948]: inactive Jun 25 09:56:58.549440 osdx INFO[152956]: FRR daemons did not change Jun 25 09:56:58.563302 osdx ca-certificates[152972]: Updating certificates in /etc/ssl/certs... Jun 25 09:56:59.053696 osdx ubnt-cfgd[153970]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:56:59.061382 osdx ca-certificates[153976]: 1 added, 0 removed; done. Jun 25 09:56:59.064522 osdx ca-certificates[153982]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:56:59.067438 osdx ca-certificates[153984]: done. Jun 25 09:56:59.160170 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:56:59.162854 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:56:59.166802 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:56:59.192132 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:56:59.192455 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Network connectivity detected Jun 25 09:56:59.192707 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Dropping privileges Jun 25 09:56:59.194864 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Network connectivity detected Jun 25 09:56:59.194964 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:56:59.194999 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:56:59.195048 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Firefox workaround initialized Jun 25 09:56:59.195073 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpt1qwfp0s] Jun 25 09:56:59.197668 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:56:59.370805 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:56:59.377286 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] [DUT0] OK (DoH) - rtt: 106ms Jun 25 09:56:59.377286 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 106ms) Jun 25 09:56:59.377286 osdx dnscrypt-proxy[153991]: [2025-06-25 09:56:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:57:07.297024 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:57:07.300321 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:57:07.300387 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:57:07.308224 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:07.529792 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:07.759421 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:07.840415 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:57:07.945312 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:08.030496 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:08.127521 osdx ubnt-cfgd[296771]: inactive Jun 25 09:57:08.148650 osdx INFO[296779]: FRR daemons did not change Jun 25 09:57:08.172313 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:08.251973 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:08.265976 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:08.287440 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:08.438619 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:57:09.668264 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:57:09.864081 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:09.962775 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:57:10.071654 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:57:10.146714 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 25 09:57:10.250807 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 25 09:57:10.310172 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 25 09:57:10.408517 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 25 09:57:10.466640 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:57:10.597445 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 25 09:57:10.700955 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:10.821367 osdx ubnt-cfgd[296936]: inactive Jun 25 09:57:10.840807 osdx INFO[296944]: FRR daemons did not change Jun 25 09:57:10.852799 osdx ca-certificates[296960]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:11.365803 osdx ubnt-cfgd[297958]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:11.375320 osdx ca-certificates[297963]: 1 added, 0 removed; done. Jun 25 09:57:11.378424 osdx ca-certificates[297970]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:11.381478 osdx ca-certificates[297972]: done. Jun 25 09:57:11.484585 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:11.485944 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:11.488152 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:11.507198 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:11.507404 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Network connectivity detected Jun 25 09:57:11.507474 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Dropping privileges Jun 25 09:57:11.509711 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Network connectivity detected Jun 25 09:57:11.509756 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:11.509756 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:11.509756 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 25 09:57:11.509794 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Firefox workaround initialized Jun 25 09:57:11.509794 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8k2krlj2] Jun 25 09:57:11.511839 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:11.693490 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] [RD] OK (DoH) - rtt: 111ms Jun 25 09:57:11.693490 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 111ms) Jun 25 09:57:11.693490 osdx dnscrypt-proxy[298032]: [2025-06-25 09:57:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:57:07.281043 osdx systemd-journald[1559]: Runtime Journal (/run/log/journal/4da79601fcd1495d87d4eb077a64e8bc) is 1.0M, max 7.2M, 6.2M free. Jun 25 09:57:07.284286 osdx systemd-journald[1559]: Received client request to rotate journal, rotating. Jun 25 09:57:07.284350 osdx systemd-journald[1559]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4da79601fcd1495d87d4eb077a64e8bc. Jun 25 09:57:07.294253 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:07.499163 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:08.552354 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:08.690448 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 25 09:57:08.756387 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:08.842058 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service ssh'. Jun 25 09:57:08.935602 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:09.044490 osdx ubnt-cfgd[155669]: inactive Jun 25 09:57:09.072956 osdx INFO[155683]: FRR daemons did not change Jun 25 09:57:09.096313 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:09.248594 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 25 09:57:09.262677 osdx sshd[155797]: Server listening on 0.0.0.0 port 22. Jun 25 09:57:09.262958 osdx sshd[155797]: Server listening on :: port 22. Jun 25 09:57:09.263094 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 25 09:57:09.286178 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:09.297862 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:09.328029 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:09.470917 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 25 09:57:11.774953 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be'. Jun 25 09:57:11.918429 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:11.984156 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 25 09:57:12.081027 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 25 09:57:12.134963 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 25 09:57:12.241969 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 25 09:57:12.309332 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:12.435258 osdx ubnt-cfgd[155852]: inactive Jun 25 09:57:12.455704 osdx INFO[155860]: FRR daemons did not change Jun 25 09:57:12.468464 osdx ca-certificates[155876]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:12.937460 osdx ubnt-cfgd[156874]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:12.946380 osdx ca-certificates[156881]: 1 added, 0 removed; done. Jun 25 09:57:12.949329 osdx ca-certificates[156886]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:12.953246 osdx ca-certificates[156888]: done. Jun 25 09:57:13.032764 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:13.034437 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:13.037262 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:13.054231 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:13.063043 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:13.063043 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Network connectivity detected Jun 25 09:57:13.063236 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Dropping privileges Jun 25 09:57:13.065034 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Network connectivity detected Jun 25 09:57:13.065059 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:13.065059 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:13.065089 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Firefox workaround initialized Jun 25 09:57:13.065089 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8ucxjp99] Jun 25 09:57:13.224718 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:57:13.351080 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Jun 25 09:57:13.351080 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Jun 25 09:57:13.351080 osdx dnscrypt-proxy[156895]: [2025-06-25 09:57:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 25 09:57:21.327992 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:57:21.328903 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:57:21.328944 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:57:21.337824 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:21.551923 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:21.776761 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:21.857518 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:57:21.943585 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:22.015393 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:22.094758 osdx ubnt-cfgd[299730]: inactive Jun 25 09:57:22.115844 osdx INFO[299738]: FRR daemons did not change Jun 25 09:57:22.136918 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:22.213711 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:22.224974 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:22.241540 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:22.380625 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:57:23.561520 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 25 09:57:23.724681 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:23.806970 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:57:23.918101 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:57:23.986759 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 25 09:57:24.086916 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 25 09:57:24.146379 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 25 09:57:24.250704 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 25 09:57:24.301498 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:57:24.393757 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 25 09:57:24.464003 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 25 09:57:24.562707 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 25 09:57:24.645039 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:24.765483 osdx ubnt-cfgd[299896]: inactive Jun 25 09:57:24.784855 osdx INFO[299904]: FRR daemons did not change Jun 25 09:57:24.797777 osdx ca-certificates[299920]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:25.311973 osdx ubnt-cfgd[300918]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:25.320043 osdx ca-certificates[300924]: 1 added, 0 removed; done. Jun 25 09:57:25.323990 osdx ca-certificates[300930]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:25.327092 osdx ca-certificates[300932]: done. Jun 25 09:57:25.453313 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:25.454752 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:25.457222 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:25.475501 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:25.476309 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:25.476490 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Network connectivity detected Jun 25 09:57:25.476610 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Dropping privileges Jun 25 09:57:25.478842 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Network connectivity detected Jun 25 09:57:25.478879 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:25.478879 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:25.478879 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 25 09:57:25.478920 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Firefox workaround initialized Jun 25 09:57:25.478920 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf_q5qumy] Jun 25 09:57:25.479592 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 25 09:57:25.479592 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 25 09:57:25.479592 osdx dnscrypt-proxy[300992]: [2025-06-25 09:57:25] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:57:21.301522 osdx systemd-journald[1559]: Runtime Journal (/run/log/journal/4da79601fcd1495d87d4eb077a64e8bc) is 1.0M, max 7.2M, 6.2M free. Jun 25 09:57:21.304075 osdx systemd-journald[1559]: Received client request to rotate journal, rotating. Jun 25 09:57:21.304122 osdx systemd-journald[1559]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4da79601fcd1495d87d4eb077a64e8bc. Jun 25 09:57:21.311052 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:21.507005 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:22.448667 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:22.526676 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 25 09:57:22.692785 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:22.789954 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service ssh'. Jun 25 09:57:22.895235 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:22.962278 osdx ubnt-cfgd[158571]: inactive Jun 25 09:57:22.989713 osdx INFO[158585]: FRR daemons did not change Jun 25 09:57:23.008074 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:23.156499 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 25 09:57:23.168339 osdx sshd[158699]: Server listening on 0.0.0.0 port 22. Jun 25 09:57:23.168561 osdx sshd[158699]: Server listening on :: port 22. Jun 25 09:57:23.168678 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 25 09:57:23.189993 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:23.200606 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:23.224191 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:23.372077 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 25 09:57:25.743063 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:25.854070 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 25 09:57:25.939042 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 25 09:57:26.023365 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 25 09:57:26.147753 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 25 09:57:26.208861 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 25 09:57:26.310244 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 25 09:57:26.390655 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be'. Jun 25 09:57:26.505600 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:26.580512 osdx ubnt-cfgd[158754]: inactive Jun 25 09:57:26.604595 osdx INFO[158762]: FRR daemons did not change Jun 25 09:57:26.620994 osdx ca-certificates[158778]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:27.122504 osdx ubnt-cfgd[159776]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:27.132671 osdx ca-certificates[159783]: 1 added, 0 removed; done. Jun 25 09:57:27.135750 osdx ca-certificates[159788]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:27.138643 osdx ca-certificates[159790]: done. Jun 25 09:57:27.224435 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:27.226379 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:27.229816 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:27.246040 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:27.250292 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:27.250292 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Network connectivity detected Jun 25 09:57:27.250292 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Dropping privileges Jun 25 09:57:27.252217 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Network connectivity detected Jun 25 09:57:27.252251 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:27.252251 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:27.252251 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Firefox workaround initialized Jun 25 09:57:27.252316 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxuf4i_ly] Jun 25 09:57:27.406576 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:57:27.463804 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] [DUT0] OK (DoH) - rtt: 120ms Jun 25 09:57:27.463804 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 120ms) Jun 25 09:57:27.463804 osdx dnscrypt-proxy[159797]: [2025-06-25 09:57:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 25 09:57:36.361078 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:57:36.364889 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:57:36.364937 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:57:36.373564 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:36.621348 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:36.879095 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:36.960617 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:57:37.042618 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:37.116307 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:37.233451 osdx ubnt-cfgd[302692]: inactive Jun 25 09:57:37.254015 osdx INFO[302700]: FRR daemons did not change Jun 25 09:57:37.276881 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:37.361469 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:37.374752 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:37.392632 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:37.544920 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:57:38.749133 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 25 09:57:38.858939 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 25 09:57:39.119109 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:57:39.219847 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:57:39.322850 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:57:39.424149 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 25 09:57:39.477932 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 25 09:57:39.609720 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 25 09:57:39.667836 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 25 09:57:39.762907 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 25 09:57:39.833666 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:39.936307 osdx ubnt-cfgd[302858]: inactive Jun 25 09:57:40.012153 osdx INFO[302866]: FRR daemons did not change Jun 25 09:57:40.024994 osdx ca-certificates[302882]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:40.530686 osdx ubnt-cfgd[303880]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:40.538412 osdx ca-certificates[303885]: 1 added, 0 removed; done. Jun 25 09:57:40.541438 osdx ca-certificates[303892]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:40.544278 osdx ca-certificates[303894]: done. Jun 25 09:57:40.657397 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:40.659115 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:57:40.661597 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:57:40.687037 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:40.687229 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Network connectivity detected Jun 25 09:57:40.687410 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Dropping privileges Jun 25 09:57:40.690266 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:57:40.690452 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Network connectivity detected Jun 25 09:57:40.690452 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:40.690452 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:40.690452 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 25 09:57:40.690511 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Firefox workaround initialized Jun 25 09:57:40.690511 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpz6z40qkq] Jun 25 09:57:40.691232 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 25 09:57:40.691232 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 25 09:57:40.691307 osdx dnscrypt-proxy[303954]: [2025-06-25 09:57:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 25 09:57:36.293821 osdx systemd-journald[1559]: Runtime Journal (/run/log/journal/4da79601fcd1495d87d4eb077a64e8bc) is 1.0M, max 7.2M, 6.2M free. Jun 25 09:57:36.296197 osdx systemd-journald[1559]: Received client request to rotate journal, rotating. Jun 25 09:57:36.296264 osdx systemd-journald[1559]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4da79601fcd1495d87d4eb077a64e8bc. Jun 25 09:57:36.304440 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:57:36.578572 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:57:37.593116 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:37.750905 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 25 09:57:37.832478 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:57:37.929359 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service ssh'. Jun 25 09:57:38.001152 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:38.108686 osdx ubnt-cfgd[161472]: inactive Jun 25 09:57:38.135509 osdx INFO[161486]: FRR daemons did not change Jun 25 09:57:38.156188 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:57:38.296661 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 25 09:57:38.308285 osdx sshd[161600]: Server listening on 0.0.0.0 port 22. Jun 25 09:57:38.308522 osdx sshd[161600]: Server listening on :: port 22. Jun 25 09:57:38.308677 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 25 09:57:38.331453 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:38.343470 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:38.361940 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:38.516312 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 25 09:57:40.826018 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 191f65cf1cdbacb72297ef5e370e64f61fd7dd559944985a0b3da60b4b1459be'. Jun 25 09:57:40.982516 osdx OSDxCLI[1830]: User 'admin' entered the configuration menu. Jun 25 09:57:41.050189 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 25 09:57:41.144643 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 25 09:57:41.209379 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 25 09:57:41.318746 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgGR9lzxzbrLcil-9eNw5k9h_X3VWZRJhaCz2mC0sUWb4NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 25 09:57:41.395452 osdx OSDxCLI[1830]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:57:41.476804 osdx ubnt-cfgd[161655]: inactive Jun 25 09:57:41.503462 osdx INFO[161663]: FRR daemons did not change Jun 25 09:57:41.519949 osdx ca-certificates[161679]: Updating certificates in /etc/ssl/certs... Jun 25 09:57:42.016045 osdx ubnt-cfgd[162677]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:57:42.024872 osdx ca-certificates[162684]: 1 added, 0 removed; done. Jun 25 09:57:42.027808 osdx ca-certificates[162689]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:57:42.030738 osdx ca-certificates[162691]: done. Jun 25 09:57:42.112752 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:57:42.115162 osdx cfgd[1261]: [1830]Completed change to active configuration Jun 25 09:57:42.122578 osdx OSDxCLI[1830]: User 'admin' committed the configuration. Jun 25 09:57:42.136974 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] dnscrypt-proxy 2.0.45 Jun 25 09:57:42.137297 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Network connectivity detected Jun 25 09:57:42.137513 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Dropping privileges Jun 25 09:57:42.139405 osdx OSDxCLI[1830]: User 'admin' left the configuration menu. Jun 25 09:57:42.141665 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Network connectivity detected Jun 25 09:57:42.141665 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 25 09:57:42.141665 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 25 09:57:42.141665 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Firefox workaround initialized Jun 25 09:57:42.141665 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpuevi4y8k] Jun 25 09:57:42.317336 osdx OSDxCLI[1830]: User 'admin' executed a new command: 'system journal show | cat'. Jun 25 09:57:42.328668 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] [DUT0] OK (DoH) - rtt: 110ms Jun 25 09:57:42.328668 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 110ms) Jun 25 09:57:42.328668 osdx dnscrypt-proxy[162698]: [2025-06-25 09:57:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13