Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:07:27.360589 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free. Aug 20 10:07:27.361300 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:07:27.361343 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:07:27.370933 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:07:27.600763 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:07:27.907596 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:28.000443 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:07:28.093885 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:07:28.166047 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:28.260994 osdx ubnt-cfgd[43940]: inactive Aug 20 10:07:28.282917 osdx INFO[43948]: FRR daemons did not change Aug 20 10:07:28.301301 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:07:28.386420 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:28.400774 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:28.453927 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:28.568084 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:07:28.748853 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:28.819354 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:07:28.927464 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:07:29.006879 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Aug 20 10:07:29.112577 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Aug 20 10:07:29.224548 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Aug 20 10:07:29.283891 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:07:29.414245 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:29.532466 osdx ubnt-cfgd[44100]: inactive Aug 20 10:07:29.571762 osdx INFO[44108]: FRR daemons did not change Aug 20 10:07:29.584324 osdx ca-certificates[44124]: Updating certificates in /etc/ssl/certs... Aug 20 10:07:30.127211 osdx ubnt-cfgd[45122]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:07:30.138154 osdx ca-certificates[45128]: 1 added, 0 removed; done. Aug 20 10:07:30.142304 osdx ca-certificates[45134]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:07:30.146085 osdx ca-certificates[45136]: done. Aug 20 10:07:30.257687 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:07:30.259085 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:30.261435 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:30.279625 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:30.282212 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:07:30.282411 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Network connectivity detected Aug 20 10:07:30.282522 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Dropping privileges Aug 20 10:07:30.285451 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Network connectivity detected Aug 20 10:07:30.285502 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:07:30.285502 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:07:30.285502 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Firefox workaround initialized Aug 20 10:07:30.285502 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4xe4ulim] Aug 20 10:07:30.452796 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:07:30.471866 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] [RD] OK (DoH) - rtt: 124ms Aug 20 10:07:30.471866 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] Server with the lowest initial latency: RD (rtt: 124ms) Aug 20 10:07:30.471866 osdx dnscrypt-proxy[45193]: [2025-08-20 10:07:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:07:38.377311 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free. Aug 20 10:07:38.379868 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:07:38.379922 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:07:38.388645 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:07:38.635408 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:07:39.111734 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:39.191133 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:07:39.279292 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:07:39.353653 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:39.446844 osdx ubnt-cfgd[46897]: inactive Aug 20 10:07:39.465340 osdx INFO[46905]: FRR daemons did not change Aug 20 10:07:39.483871 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:07:39.553629 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:39.564091 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:40.404358 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:40.480429 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:07:40.646598 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Aug 20 10:07:40.790379 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:41.133099 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:07:41.200412 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:07:41.307980 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Aug 20 10:07:41.364182 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:07:41.493944 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:41.596063 osdx ubnt-cfgd[47058]: inactive Aug 20 10:07:41.616569 osdx INFO[47066]: FRR daemons did not change Aug 20 10:07:41.633223 osdx ca-certificates[47082]: Updating certificates in /etc/ssl/certs... Aug 20 10:07:42.173787 osdx ubnt-cfgd[48080]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:07:42.181405 osdx ca-certificates[48085]: 1 added, 0 removed; done. Aug 20 10:07:42.184355 osdx ca-certificates[48092]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:07:42.188122 osdx ca-certificates[48094]: done. Aug 20 10:07:42.304181 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:07:42.305271 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:42.307293 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:42.326711 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:07:42.326943 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Network connectivity detected Aug 20 10:07:42.326973 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Dropping privileges Aug 20 10:07:42.329399 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Network connectivity detected Aug 20 10:07:42.329449 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:07:42.329449 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:07:42.329449 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Firefox workaround initialized Aug 20 10:07:42.329449 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpq4aev8ra] Aug 20 10:07:42.352794 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:42.504781 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:07:42.523341 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] [RD] OK (DoH) - rtt: 115ms Aug 20 10:07:42.523341 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] Server with the lowest initial latency: RD (rtt: 115ms) Aug 20 10:07:42.523341 osdx dnscrypt-proxy[48151]: [2025-08-20 10:07:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Aug 20 10:07:54.303828 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free. Aug 20 10:07:54.307079 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:07:54.307129 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:07:54.313435 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:07:54.536163 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:07:54.765236 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:54.843439 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:07:54.928262 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:07:55.003917 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:55.094184 osdx ubnt-cfgd[49854]: inactive Aug 20 10:07:55.117394 osdx INFO[49862]: FRR daemons did not change Aug 20 10:07:55.139091 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:07:55.212900 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:55.224474 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:55.241880 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:55.392454 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:07:55.546418 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Aug 20 10:07:55.669035 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:55.732373 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:07:55.822756 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:07:55.888794 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Aug 20 10:07:55.989548 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Aug 20 10:07:56.090879 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Aug 20 10:07:56.219348 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Aug 20 10:07:56.280668 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:07:56.398171 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:56.479736 osdx ubnt-cfgd[50017]: inactive Aug 20 10:07:56.507501 osdx INFO[50025]: FRR daemons did not change Aug 20 10:07:56.521564 osdx ca-certificates[50041]: Updating certificates in /etc/ssl/certs... Aug 20 10:07:57.101517 osdx ubnt-cfgd[51039]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:07:57.111884 osdx ca-certificates[51045]: 1 added, 0 removed; done. Aug 20 10:07:57.114976 osdx ca-certificates[51051]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:07:57.118820 osdx ca-certificates[51053]: done. Aug 20 10:07:57.219350 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:07:57.220349 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:57.222179 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:57.240741 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:07:57.240988 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Network connectivity detected Aug 20 10:07:57.240988 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Dropping privileges Aug 20 10:07:57.243231 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Network connectivity detected Aug 20 10:07:57.243282 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:07:57.243282 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:07:57.243282 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Firefox workaround initialized Aug 20 10:07:57.243282 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpuqfqlaw8] Aug 20 10:07:57.243787 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Aug 20 10:07:57.243820 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Aug 20 10:07:57.243820 osdx dnscrypt-proxy[51110]: [2025-08-20 10:07:57] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Aug 20 10:07:57.252811 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Aug 20 10:08:02.329820 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free. Aug 20 10:08:02.332772 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:08:02.332819 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:08:02.339074 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:08:02.556664 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:08:02.785873 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:08:02.867508 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:08:02.958218 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:08:03.024666 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:08:03.122024 osdx ubnt-cfgd[52813]: inactive Aug 20 10:08:03.141215 osdx INFO[52821]: FRR daemons did not change Aug 20 10:08:03.164774 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:08:03.239675 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:08:03.253444 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:08:03.271825 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:08:03.406897 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:08:03.508345 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Aug 20 10:08:03.621377 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Aug 20 10:08:03.763296 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:08:03.832353 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:08:03.947253 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:08:04.023998 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Aug 20 10:08:04.116312 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:08:04.254182 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:08:04.329963 osdx ubnt-cfgd[52976]: inactive Aug 20 10:08:04.347522 osdx INFO[52984]: FRR daemons did not change Aug 20 10:08:04.359557 osdx ca-certificates[53000]: Updating certificates in /etc/ssl/certs... Aug 20 10:08:04.860925 osdx ubnt-cfgd[53998]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:08:04.869805 osdx ca-certificates[54004]: 1 added, 0 removed; done. Aug 20 10:08:04.872849 osdx ca-certificates[54010]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:08:04.875848 osdx ca-certificates[54012]: done. Aug 20 10:08:04.985091 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:08:04.986181 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:08:04.988059 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:08:05.004341 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:08:05.010176 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:08:05.010343 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Network connectivity detected Aug 20 10:08:05.010482 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Dropping privileges Aug 20 10:08:05.012948 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Network connectivity detected Aug 20 10:08:05.012977 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:08:05.012977 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:08:05.013016 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Firefox workaround initialized Aug 20 10:08:05.013016 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpnwrl78k7] Aug 20 10:08:05.013468 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Aug 20 10:08:05.013484 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Aug 20 10:08:05.013484 osdx dnscrypt-proxy[54069]: [2025-08-20 10:08:05] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16