Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 28 08:40:44.464927 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 08:40:44.467812 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:40:44.467911 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:40:44.483266 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:40:44.866080 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:40:45.485694 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:40:45.784893 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:40:45.965971 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:40:46.215958 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:40:46.514108 osdx ubnt-cfgd[130876]: inactive Jul 28 08:40:46.588668 osdx INFO[130884]: FRR daemons did not change Jul 28 08:40:46.639819 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:40:46.917350 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:40:46.941495 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:40:47.041916 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:40:47.283009 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:40:47.627714 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:40:47.729018 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:40:47.929932 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:40:48.071226 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:40:48.218940 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:40:48.400233 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:40:48.597274 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 28 08:40:48.801276 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:40:49.064665 osdx ubnt-cfgd[131036]: inactive Jul 28 08:40:49.184742 osdx INFO[131044]: FRR daemons did not change Jul 28 08:40:49.220215 osdx ca-certificates[131061]: Updating certificates in /etc/ssl/certs... Jul 28 08:40:50.501168 osdx ubnt-cfgd[132058]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:40:50.517946 osdx ca-certificates[132063]: 1 added, 0 removed; done. Jul 28 08:40:50.523695 osdx ca-certificates[132070]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:40:50.529995 osdx ca-certificates[132072]: done. Jul 28 08:40:50.733933 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:40:50.738791 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:40:50.742722 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:40:50.787612 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] dnscrypt-proxy 2.0.45 Jul 28 08:40:50.788002 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Network connectivity detected Jul 28 08:40:50.788184 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Dropping privileges Jul 28 08:40:50.788896 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:40:50.793417 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Network connectivity detected Jul 28 08:40:50.793557 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 28 08:40:50.793557 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 28 08:40:50.793557 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Firefox workaround initialized Jul 28 08:40:50.793557 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplwkkp37f] Jul 28 08:40:51.005969 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:51] [NOTICE] [RD] OK (DoH) - rtt: 114ms Jul 28 08:40:51.005969 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:51] [NOTICE] Server with the lowest initial latency: RD (rtt: 114ms) Jul 28 08:40:51.005969 osdx dnscrypt-proxy[132129]: [2025-07-28 08:40:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 28 08:40:51.045182 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSB6J27G8Bbwei2ScRRTDZOwGmzXkRSJkCjAzqNMfjI30QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSB6J27G8Bbwei2ScRRTDZOwGmzXkRSJkCjAzqNMfjI30QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jul 28 08:41:03.468124 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:41:03.471566 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:41:03.471668 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:41:03.500714 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:41:03.869031 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:41:04.432271 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:04.678651 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:41:04.814972 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:41:05.021311 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:05.215154 osdx ubnt-cfgd[133838]: inactive Jul 28 08:41:05.280519 osdx INFO[133846]: FRR daemons did not change Jul 28 08:41:05.331666 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:41:05.563712 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:05.594814 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:05.640527 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:41:05.952201 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:41:06.239622 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:41:06.458379 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:06.622761 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:41:06.769574 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:41:06.898202 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSB6J27G8Bbwei2ScRRTDZOwGmzXkRSJkCjAzqNMfjI30QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jul 28 08:41:07.001400 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 28 08:41:07.154363 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:07.280725 osdx ubnt-cfgd[133999]: inactive Jul 28 08:41:07.315405 osdx INFO[134007]: FRR daemons did not change Jul 28 08:41:07.339107 osdx ca-certificates[134023]: Updating certificates in /etc/ssl/certs... Jul 28 08:41:08.267598 osdx ubnt-cfgd[135021]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:41:08.283700 osdx ca-certificates[135027]: 1 added, 0 removed; done. Jul 28 08:41:08.290068 osdx ca-certificates[135033]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:41:08.297509 osdx ca-certificates[135035]: done. Jul 28 08:41:08.440260 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:41:08.442093 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:08.476403 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] dnscrypt-proxy 2.0.45 Jul 28 08:41:08.476764 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Network connectivity detected Jul 28 08:41:08.476814 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Dropping privileges Jul 28 08:41:08.479782 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Network connectivity detected Jul 28 08:41:08.479860 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 28 08:41:08.479860 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 28 08:41:08.479860 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Firefox workaround initialized Jul 28 08:41:08.479860 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppekewcwc] Jul 28 08:41:08.542595 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:08.574752 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:41:08.780634 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 08:41:08.791782 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] [RD] OK (DoH) - rtt: 159ms Jul 28 08:41:08.791782 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] Server with the lowest initial latency: RD (rtt: 159ms) Jul 28 08:41:08.791782 osdx dnscrypt-proxy[135092]: [2025-07-28 08:41:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 28 08:41:20.500384 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 08:41:20.501075 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:41:20.501125 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:41:20.523213 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:41:20.925962 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:41:21.469195 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:21.668518 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:41:21.776932 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:41:21.947682 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:22.147086 osdx ubnt-cfgd[136796]: inactive Jul 28 08:41:22.215317 osdx INFO[136804]: FRR daemons did not change Jul 28 08:41:22.267580 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:41:22.497658 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:22.537447 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:22.599251 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:41:22.868303 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:41:23.186749 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 28 08:41:23.514869 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:23.695469 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:41:23.885634 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:41:24.041538 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jul 28 08:41:24.192717 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jul 28 08:41:24.408769 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jul 28 08:41:24.533170 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc'. Jul 28 08:41:24.686438 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 28 08:41:24.911624 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:25.086745 osdx ubnt-cfgd[136959]: inactive Jul 28 08:41:25.132434 osdx INFO[136967]: FRR daemons did not change Jul 28 08:41:25.157697 osdx ca-certificates[136983]: Updating certificates in /etc/ssl/certs... Jul 28 08:41:26.002701 osdx ubnt-cfgd[137981]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:41:26.016437 osdx ca-certificates[137986]: 1 added, 0 removed; done. Jul 28 08:41:26.021177 osdx ca-certificates[137993]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:41:26.025721 osdx ca-certificates[137995]: done. Jul 28 08:41:26.222058 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:41:26.233656 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:26.239032 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:26.283430 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] dnscrypt-proxy 2.0.45 Jul 28 08:41:26.283757 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Network connectivity detected Jul 28 08:41:26.283865 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Dropping privileges Jul 28 08:41:26.286541 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:41:26.290769 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Network connectivity detected Jul 28 08:41:26.290870 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 28 08:41:26.290870 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 28 08:41:26.290870 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Firefox workaround initialized Jul 28 08:41:26.290870 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmplr89wlzz] Jul 28 08:41:26.299000 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] [RD] OK (DNSCrypt) - rtt: 6ms Jul 28 08:41:26.299119 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 6ms) Jul 28 08:41:26.299119 osdx dnscrypt-proxy[138052]: [2025-07-28 08:41:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZ5v71p66E7hzrY_PpLlJ-ebRAe5n_wchiGflQ9P0DMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZ5v71p66E7hzrY_PpLlJ-ebRAe5n_wchiGflQ9P0DMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jul 28 08:41:36.536602 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.2M, max 15.3M, 13.1M free. Jul 28 08:41:36.537725 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:41:36.537847 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:41:36.576378 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:41:36.993283 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:41:37.574823 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:37.772515 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:41:37.888036 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:41:38.081057 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:38.216958 osdx ubnt-cfgd[139751]: inactive Jul 28 08:41:38.262579 osdx INFO[139759]: FRR daemons did not change Jul 28 08:41:38.297814 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:41:38.453445 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:38.488995 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:38.536863 osdx OSDxCLI[70716]: User 'admin' left the configuration menu. Jul 28 08:41:38.811049 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:41:39.171671 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jul 28 08:41:39.392195 osdx OSDxCLI[70716]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:79:bf:bd:69:eb:a1:3b:87:3a:d8:fc:fa:4b:94:9f:9e:6d:10:1e:e6:7f:f0:72:18:86:7e:54:3d:3f:40:cc ip 10.215.168.1 port 8443'. Jul 28 08:41:39.656864 osdx OSDxCLI[70716]: User 'admin' entered the configuration menu. Jul 28 08:41:39.817368 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:41:40.005599 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:41:40.176297 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZ5v71p66E7hzrY_PpLlJ-ebRAe5n_wchiGflQ9P0DMGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jul 28 08:41:40.351506 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jul 28 08:41:40.544186 osdx OSDxCLI[70716]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:41:40.692341 osdx ubnt-cfgd[139915]: inactive Jul 28 08:41:40.768857 osdx INFO[139923]: FRR daemons did not change Jul 28 08:41:40.797395 osdx ca-certificates[139939]: Updating certificates in /etc/ssl/certs... Jul 28 08:41:42.397274 osdx ubnt-cfgd[140937]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:41:42.413888 osdx ca-certificates[140942]: 1 added, 0 removed; done. Jul 28 08:41:42.427398 osdx ca-certificates[140949]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:41:42.437392 osdx ca-certificates[140951]: done. Jul 28 08:41:42.682758 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:41:42.699460 osdx cfgd[1473]: [70716]Completed change to active configuration Jul 28 08:41:42.704157 osdx OSDxCLI[70716]: User 'admin' committed the configuration. Jul 28 08:41:42.746796 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] dnscrypt-proxy 2.0.45 Jul 28 08:41:42.746796 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Network connectivity detected Jul 28 08:41:42.746796 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Dropping privileges Jul 28 08:41:42.751174 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Network connectivity detected Jul 28 08:41:42.751174 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jul 28 08:41:42.751174 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jul 28 08:41:42.751174 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Firefox workaround initialized Jul 28 08:41:42.751174 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp58ksz0ll] Jul 28 08:41:42.752333 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jul 28 08:41:42.752333 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jul 28 08:41:42.752498 osdx dnscrypt-proxy[141008]: [2025-07-28 08:41:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jul 28 08:41:42.765392 osdx OSDxCLI[70716]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16