Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:06:20.318549 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.1M, max 15.3M, 13.2M free. Aug 20 10:06:20.321514 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:06:20.321572 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:06:20.327739 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:20.541005 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:20.831105 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:20.908629 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:06:21.019819 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:21.096090 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:21.188658 osdx ubnt-cfgd[31748]: inactive Aug 20 10:06:21.214615 osdx INFO[31756]: FRR daemons did not change Aug 20 10:06:21.237522 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:21.308338 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:21.319416 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:21.336879 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:06:21.496314 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:06:22.586184 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:22.646658 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:06:22.749760 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:06:22.812914 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Aug 20 10:06:22.930927 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Aug 20 10:06:22.997730 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Aug 20 10:06:23.095091 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Aug 20 10:06:23.154968 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Aug 20 10:06:23.254398 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:06:23.315253 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Aug 20 10:06:23.428346 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:23.512031 osdx ubnt-cfgd[31911]: inactive Aug 20 10:06:23.534268 osdx INFO[31919]: FRR daemons did not change Aug 20 10:06:23.555630 osdx ca-certificates[31935]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:24.074102 osdx ubnt-cfgd[32933]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:24.085632 osdx ca-certificates[32937]: 1 added, 0 removed; done. Aug 20 10:06:24.089393 osdx ca-certificates[32945]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:24.092486 osdx ca-certificates[32947]: done. Aug 20 10:06:24.225784 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:24.225987 osdx systemd[1]: Reached target nss-lookup.target - Host and Network Name Lookups. Aug 20 10:06:24.227447 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:24.229600 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:24.246302 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:06:24.421220 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:24.421547 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Network connectivity detected Aug 20 10:06:24.421853 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Dropping privileges Aug 20 10:06:24.438170 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:06:24.439772 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Network connectivity detected Aug 20 10:06:24.439835 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:24.439835 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:24.439835 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Aug 20 10:06:24.439891 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Firefox workaround initialized Aug 20 10:06:24.439891 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyr66utpl] Aug 20 10:06:24.715742 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] [RD] OK (DoH) - rtt: 125ms Aug 20 10:06:24.715864 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] Server with the lowest initial latency: RD (rtt: 125ms) Aug 20 10:06:24.715897 osdx dnscrypt-proxy[33004]: [2025-08-20 10:06:24] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:06:20.277361 osdx systemd-journald[1745]: Runtime Journal (/run/log/journal/f1f2085982c441e58ba58c498ad9816b) is 1.0M, max 7.2M, 6.2M free. Aug 20 10:06:20.278016 osdx systemd-journald[1745]: Received client request to rotate journal, rotating. Aug 20 10:06:20.278068 osdx systemd-journald[1745]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f1f2085982c441e58ba58c498ad9816b. Aug 20 10:06:20.289122 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:20.489867 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:21.575473 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:21.663126 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Aug 20 10:06:21.747084 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:21.799915 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service ssh'. Aug 20 10:06:21.908502 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:21.969735 osdx ubnt-cfgd[24083]: inactive Aug 20 10:06:21.998263 osdx INFO[24097]: FRR daemons did not change Aug 20 10:06:22.018027 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:22.162374 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Aug 20 10:06:22.174077 osdx sshd[24211]: Server listening on 0.0.0.0 port 22. Aug 20 10:06:22.174292 osdx sshd[24211]: Server listening on :: port 22. Aug 20 10:06:22.174402 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Aug 20 10:06:22.194565 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:22.207049 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:22.223027 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:22.371323 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Aug 20 10:06:26.542643 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:26.602976 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Aug 20 10:06:26.698643 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Aug 20 10:06:26.762464 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Aug 20 10:06:26.875413 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Aug 20 10:06:26.934696 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Aug 20 10:06:27.052387 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Aug 20 10:06:27.138145 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03'. Aug 20 10:06:27.211627 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:27.307900 osdx ubnt-cfgd[24266]: inactive Aug 20 10:06:27.330934 osdx INFO[24274]: FRR daemons did not change Aug 20 10:06:27.364302 osdx ca-certificates[24290]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:27.914002 osdx ubnt-cfgd[25288]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:27.928596 osdx ca-certificates[25292]: 1 added, 0 removed; done. Aug 20 10:06:27.931708 osdx ca-certificates[25300]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:27.934704 osdx ca-certificates[25302]: done. Aug 20 10:06:28.010536 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:28.011030 osdx systemd[1]: Reached target nss-lookup.target - Host and Network Name Lookups. Aug 20 10:06:28.012607 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:28.015505 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:28.044670 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:28.244748 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:06:28.288024 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:28.288457 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Network connectivity detected Aug 20 10:06:28.288751 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Dropping privileges Aug 20 10:06:28.291209 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Network connectivity detected Aug 20 10:06:28.291336 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:28.291387 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:28.291454 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Firefox workaround initialized Aug 20 10:06:28.291494 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9jlof8w_] Aug 20 10:06:28.854240 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] [DUT0] OK (DoH) - rtt: 119ms Aug 20 10:06:28.854240 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 119ms) Aug 20 10:06:28.854240 osdx dnscrypt-proxy[25309]: [2025-08-20 10:06:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:06:36.325541 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free. Aug 20 10:06:36.326641 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:06:36.326691 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:06:36.334712 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:36.570587 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:36.833474 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:36.910292 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:06:36.999175 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:37.080270 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:37.152549 osdx ubnt-cfgd[34709]: inactive Aug 20 10:06:37.173411 osdx INFO[34717]: FRR daemons did not change Aug 20 10:06:37.190648 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:37.269790 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:37.283079 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:37.300493 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:06:37.452247 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:06:38.601103 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Aug 20 10:06:38.748977 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:38.817620 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:06:38.924601 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:06:38.990624 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Aug 20 10:06:39.091481 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Aug 20 10:06:39.153173 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Aug 20 10:06:39.259008 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Aug 20 10:06:39.317913 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:06:39.453202 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Aug 20 10:06:39.545992 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:39.657464 osdx ubnt-cfgd[34874]: inactive Aug 20 10:06:39.678512 osdx INFO[34882]: FRR daemons did not change Aug 20 10:06:39.693069 osdx ca-certificates[34898]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:40.203933 osdx ubnt-cfgd[35896]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:40.211968 osdx ca-certificates[35901]: 1 added, 0 removed; done. Aug 20 10:06:40.215088 osdx ca-certificates[35908]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:40.218817 osdx ca-certificates[35910]: done. Aug 20 10:06:40.323020 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:40.324523 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:40.326800 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:40.346339 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:40.346554 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Network connectivity detected Aug 20 10:06:40.346725 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Dropping privileges Aug 20 10:06:40.349518 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Network connectivity detected Aug 20 10:06:40.349585 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:40.349585 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:40.349585 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Aug 20 10:06:40.349585 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Firefox workaround initialized Aug 20 10:06:40.349585 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3yumuq4g] Aug 20 10:06:40.356673 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:06:40.533146 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] [RD] OK (DoH) - rtt: 106ms Aug 20 10:06:40.533146 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] Server with the lowest initial latency: RD (rtt: 106ms) Aug 20 10:06:40.533146 osdx dnscrypt-proxy[35970]: [2025-08-20 10:06:40] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Aug 20 10:06:40.540985 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:06:36.300616 osdx systemd-journald[1745]: Runtime Journal (/run/log/journal/f1f2085982c441e58ba58c498ad9816b) is 1020.0K, max 7.2M, 6.2M free. Aug 20 10:06:36.303446 osdx systemd-journald[1745]: Received client request to rotate journal, rotating. Aug 20 10:06:36.303525 osdx systemd-journald[1745]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f1f2085982c441e58ba58c498ad9816b. Aug 20 10:06:36.310030 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:36.532816 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:37.537016 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:37.621103 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Aug 20 10:06:37.706859 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:37.810263 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service ssh'. Aug 20 10:06:37.884199 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:37.979501 osdx ubnt-cfgd[26984]: inactive Aug 20 10:06:38.004635 osdx INFO[26998]: FRR daemons did not change Aug 20 10:06:38.023438 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:38.163811 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Aug 20 10:06:38.175705 osdx sshd[27112]: Server listening on 0.0.0.0 port 22. Aug 20 10:06:38.175927 osdx sshd[27112]: Server listening on :: port 22. Aug 20 10:06:38.176067 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Aug 20 10:06:38.195292 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:38.206450 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:38.222923 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:38.379145 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Aug 20 10:06:42.677376 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03'. Aug 20 10:06:42.820299 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:42.878919 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Aug 20 10:06:42.980565 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Aug 20 10:06:43.041466 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Aug 20 10:06:43.136834 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Aug 20 10:06:43.216249 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:43.311397 osdx ubnt-cfgd[27167]: inactive Aug 20 10:06:43.333508 osdx INFO[27175]: FRR daemons did not change Aug 20 10:06:43.348944 osdx ca-certificates[27190]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:43.803553 osdx ubnt-cfgd[28189]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:43.811857 osdx ca-certificates[28196]: 1 added, 0 removed; done. Aug 20 10:06:43.814604 osdx ca-certificates[28201]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:43.817199 osdx ca-certificates[28203]: done. Aug 20 10:06:43.911849 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:43.913694 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:43.917165 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:43.943596 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:43.943817 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Network connectivity detected Aug 20 10:06:43.943885 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Dropping privileges Aug 20 10:06:43.946211 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Network connectivity detected Aug 20 10:06:43.946211 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:43.946211 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:43.946211 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Firefox workaround initialized Aug 20 10:06:43.946211 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpf63fek4f] Aug 20 10:06:43.947953 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:44.118866 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:06:44.251373 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:44] [NOTICE] [DUT0] OK (DoH) - rtt: 128ms Aug 20 10:06:44.251373 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:44] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 128ms) Aug 20 10:06:44.251373 osdx dnscrypt-proxy[28210]: [2025-08-20 10:06:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Aug 20 10:06:52.305129 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free. Aug 20 10:06:52.307993 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:06:52.308047 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:06:52.315606 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:52.529492 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:52.751074 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:52.827968 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:06:52.915347 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:52.983304 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:53.083828 osdx ubnt-cfgd[37672]: inactive Aug 20 10:06:53.103783 osdx INFO[37680]: FRR daemons did not change Aug 20 10:06:53.123997 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:53.198580 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:53.212600 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:53.231827 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:06:53.380886 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:06:54.633593 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Aug 20 10:06:54.834499 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:06:54.897771 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:06:54.997334 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:06:55.065908 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Aug 20 10:06:55.165567 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Aug 20 10:06:55.235316 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Aug 20 10:06:55.340468 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Aug 20 10:06:55.407695 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:06:55.511141 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Aug 20 10:06:55.569683 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Aug 20 10:06:55.673643 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Aug 20 10:06:55.767243 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:55.864180 osdx ubnt-cfgd[37838]: inactive Aug 20 10:06:55.883469 osdx INFO[37846]: FRR daemons did not change Aug 20 10:06:55.909155 osdx ca-certificates[37862]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:56.441562 osdx ubnt-cfgd[38860]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:56.451447 osdx ca-certificates[38865]: 1 added, 0 removed; done. Aug 20 10:06:56.455289 osdx ca-certificates[38872]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:56.458309 osdx ca-certificates[38874]: done. Aug 20 10:06:56.580314 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:56.581765 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:06:56.584026 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:06:56.612369 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:56.612644 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Network connectivity detected Aug 20 10:06:56.612758 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Dropping privileges Aug 20 10:06:56.615408 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Network connectivity detected Aug 20 10:06:56.615500 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:56.615558 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:56.615618 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Aug 20 10:06:56.615670 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Firefox workaround initialized Aug 20 10:06:56.615718 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkt2v57ov] Aug 20 10:06:56.616494 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Aug 20 10:06:56.616494 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Aug 20 10:06:56.616572 osdx dnscrypt-proxy[38934]: [2025-08-20 10:06:56] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Aug 20 10:06:56.624738 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:06:52.278008 osdx systemd-journald[1745]: Runtime Journal (/run/log/journal/f1f2085982c441e58ba58c498ad9816b) is 1.0M, max 7.2M, 6.2M free. Aug 20 10:06:52.280649 osdx systemd-journald[1745]: Received client request to rotate journal, rotating. Aug 20 10:06:52.280705 osdx systemd-journald[1745]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f1f2085982c441e58ba58c498ad9816b. Aug 20 10:06:52.288030 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:06:52.490798 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:06:53.496639 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:53.603741 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Aug 20 10:06:53.675400 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:06:53.774802 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service ssh'. Aug 20 10:06:53.868521 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:53.960042 osdx ubnt-cfgd[29888]: inactive Aug 20 10:06:53.987268 osdx INFO[29902]: FRR daemons did not change Aug 20 10:06:54.004635 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:06:54.168897 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Aug 20 10:06:54.185389 osdx sshd[30016]: Server listening on 0.0.0.0 port 22. Aug 20 10:06:54.185624 osdx sshd[30016]: Server listening on :: port 22. Aug 20 10:06:54.185742 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Aug 20 10:06:54.206931 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:54.220044 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:54.251673 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:54.417604 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Aug 20 10:06:56.853709 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:06:56.922189 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Aug 20 10:06:57.010203 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Aug 20 10:06:57.068834 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Aug 20 10:06:57.182715 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Aug 20 10:06:57.240661 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Aug 20 10:06:57.342341 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Aug 20 10:06:57.418387 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03'. Aug 20 10:06:57.547047 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:06:57.652660 osdx ubnt-cfgd[30071]: inactive Aug 20 10:06:57.672635 osdx INFO[30079]: FRR daemons did not change Aug 20 10:06:57.687199 osdx ca-certificates[30095]: Updating certificates in /etc/ssl/certs... Aug 20 10:06:58.203658 osdx ubnt-cfgd[31093]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:06:58.212015 osdx ca-certificates[31100]: 1 added, 0 removed; done. Aug 20 10:06:58.215010 osdx ca-certificates[31105]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:06:58.217728 osdx ca-certificates[31107]: done. Aug 20 10:06:58.297035 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:06:58.298665 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:06:58.301152 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:06:58.325122 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:06:58.325330 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Network connectivity detected Aug 20 10:06:58.325354 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Dropping privileges Aug 20 10:06:58.327144 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Network connectivity detected Aug 20 10:06:58.327235 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:06:58.327282 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:06:58.327339 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Firefox workaround initialized Aug 20 10:06:58.327377 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpl_3w8o58] Aug 20 10:06:58.338068 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:06:58.498807 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:06:58.694367 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] [DUT0] OK (DoH) - rtt: 131ms Aug 20 10:06:58.694367 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 131ms) Aug 20 10:06:58.694367 osdx dnscrypt-proxy[31114]: [2025-08-20 10:06:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Aug 20 10:07:07.335613 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free. Aug 20 10:07:07.337478 osdx systemd-journald[1956]: Received client request to rotate journal, rotating. Aug 20 10:07:07.337526 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec. Aug 20 10:07:07.345687 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:07:07.598620 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:07:07.862192 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:07.946294 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Aug 20 10:07:08.036667 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:07:08.114685 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:08.228121 osdx ubnt-cfgd[40636]: inactive Aug 20 10:07:08.249605 osdx INFO[40644]: FRR daemons did not change Aug 20 10:07:08.273488 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:07:08.350141 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:08.361468 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:08.384608 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:08.539155 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 10:07:09.714135 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Aug 20 10:07:09.858122 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Aug 20 10:07:10.011524 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu. Aug 20 10:07:10.074437 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Aug 20 10:07:10.173568 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Aug 20 10:07:10.237563 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Aug 20 10:07:10.330220 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns resolver local'. Aug 20 10:07:10.424317 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Aug 20 10:07:10.494488 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Aug 20 10:07:10.619860 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Aug 20 10:07:10.713362 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:10.811503 osdx ubnt-cfgd[40804]: inactive Aug 20 10:07:10.830672 osdx INFO[40812]: FRR daemons did not change Aug 20 10:07:10.845870 osdx ca-certificates[40827]: Updating certificates in /etc/ssl/certs... Aug 20 10:07:11.330134 osdx ubnt-cfgd[41826]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:07:11.337912 osdx ca-certificates[41832]: 1 added, 0 removed; done. Aug 20 10:07:11.340914 osdx ca-certificates[41838]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:07:11.343665 osdx ca-certificates[41840]: done. Aug 20 10:07:11.461801 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:07:11.463103 osdx cfgd[1656]: [2227]Completed change to active configuration Aug 20 10:07:11.465045 osdx OSDxCLI[2227]: User 'admin' committed the configuration. Aug 20 10:07:11.490414 osdx OSDxCLI[2227]: User 'admin' left the configuration menu. Aug 20 10:07:11.490765 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:07:11.490923 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Network connectivity detected Aug 20 10:07:11.491051 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Dropping privileges Aug 20 10:07:11.493081 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Network connectivity detected Aug 20 10:07:11.493130 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:07:11.493130 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:07:11.493130 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Aug 20 10:07:11.493130 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Firefox workaround initialized Aug 20 10:07:11.493130 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpb6lpyh1e] Aug 20 10:07:11.493737 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Aug 20 10:07:11.493737 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Aug 20 10:07:11.493737 osdx dnscrypt-proxy[41900]: [2025-08-20 10:07:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Aug 20 10:07:07.311891 osdx systemd-journald[1745]: Runtime Journal (/run/log/journal/f1f2085982c441e58ba58c498ad9816b) is 1.0M, max 7.2M, 6.2M free. Aug 20 10:07:07.312398 osdx systemd-journald[1745]: Received client request to rotate journal, rotating. Aug 20 10:07:07.312435 osdx systemd-journald[1745]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f1f2085982c441e58ba58c498ad9816b. Aug 20 10:07:07.321232 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal clear'. Aug 20 10:07:07.565872 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 10:07:08.566425 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:07:08.647318 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Aug 20 10:07:08.731724 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Aug 20 10:07:08.820645 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service ssh'. Aug 20 10:07:08.911982 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:09.059391 osdx ubnt-cfgd[32792]: inactive Aug 20 10:07:09.087447 osdx INFO[32806]: FRR daemons did not change Aug 20 10:07:09.108400 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 10:07:09.256767 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Aug 20 10:07:09.272958 osdx sshd[32920]: Server listening on 0.0.0.0 port 22. Aug 20 10:07:09.273271 osdx sshd[32920]: Server listening on :: port 22. Aug 20 10:07:09.273432 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Aug 20 10:07:09.295860 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:07:09.311316 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:07:09.330562 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:07:09.502782 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Aug 20 10:07:11.685220 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 3cc94f17dd2c8ba8015d3d2734b4dfe4480403ddd6c6a94b72fca89f2039fc03'. Aug 20 10:07:11.849945 osdx OSDxCLI[2016]: User 'admin' entered the configuration menu. Aug 20 10:07:11.942801 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Aug 20 10:07:12.037731 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Aug 20 10:07:12.100615 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Aug 20 10:07:12.208686 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgPMlPF90si6gBXT0nNLTf5EgEA93WxqlLcvyonyA5_AMNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Aug 20 10:07:12.288681 osdx OSDxCLI[2016]: User 'admin' added a new cfg line: 'show working'. Aug 20 10:07:12.388010 osdx ubnt-cfgd[32975]: inactive Aug 20 10:07:12.406822 osdx INFO[32983]: FRR daemons did not change Aug 20 10:07:12.419453 osdx ca-certificates[32999]: Updating certificates in /etc/ssl/certs... Aug 20 10:07:12.892351 osdx ubnt-cfgd[33997]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Aug 20 10:07:12.900414 osdx ca-certificates[34004]: 1 added, 0 removed; done. Aug 20 10:07:12.903499 osdx ca-certificates[34009]: Running hooks in /etc/ca-certificates/update.d... Aug 20 10:07:12.906889 osdx ca-certificates[34011]: done. Aug 20 10:07:12.988759 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Aug 20 10:07:12.990481 osdx cfgd[1447]: [2016]Completed change to active configuration Aug 20 10:07:12.992995 osdx OSDxCLI[2016]: User 'admin' committed the configuration. Aug 20 10:07:13.010835 osdx OSDxCLI[2016]: User 'admin' left the configuration menu. Aug 20 10:07:13.014075 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] dnscrypt-proxy 2.0.45 Aug 20 10:07:13.014271 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Network connectivity detected Aug 20 10:07:13.014350 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Dropping privileges Aug 20 10:07:13.016463 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Network connectivity detected Aug 20 10:07:13.016494 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Aug 20 10:07:13.016494 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Aug 20 10:07:13.016523 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Firefox workaround initialized Aug 20 10:07:13.016523 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxkne15wy] Aug 20 10:07:13.188244 osdx OSDxCLI[2016]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 10:07:13.342957 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] [DUT0] OK (DoH) - rtt: 122ms Aug 20 10:07:13.342957 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 122ms) Aug 20 10:07:13.342957 osdx dnscrypt-proxy[34018]: [2025-08-20 10:07:13] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13