Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:55:45.320097 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:55:45.322324 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:55:45.322375 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:55:45.331184 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:55:45.560616 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:55:45.873452 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:55:45.966058 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:55:46.049549 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:55:46.116015 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:55:46.213866 osdx ubnt-cfgd[222124]: inactive Nov 25 10:55:46.280337 osdx INFO[222132]: FRR daemons did not change Nov 25 10:55:46.302274 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:55:46.388334 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:55:46.400292 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:55:46.417426 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:55:46.568998 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:55:46.696177 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:55:46.783326 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:55:46.905713 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:55:46.985907 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:55:47.084070 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:55:47.225132 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:55:47.297048 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:55:47.459432 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:55:47.572173 osdx ubnt-cfgd[222284]: inactive Nov 25 10:55:47.596084 osdx INFO[222292]: FRR daemons did not change Nov 25 10:55:47.608309 osdx ca-certificates[222308]: Updating certificates in /etc/ssl/certs... Nov 25 10:55:48.088761 osdx ubnt-cfgd[223306]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:55:48.096806 osdx ca-certificates[223311]: 1 added, 0 removed; done. Nov 25 10:55:48.099981 osdx ca-certificates[223318]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:55:48.102940 osdx ca-certificates[223320]: done. Nov 25 10:55:48.206603 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:55:48.207940 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:55:48.210275 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:55:48.238988 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:55:48.239213 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Network connectivity detected Nov 25 10:55:48.239301 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Dropping privileges Nov 25 10:55:48.242017 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Network connectivity detected Nov 25 10:55:48.242084 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:55:48.242084 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:55:48.242084 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Firefox workaround initialized Nov 25 10:55:48.242084 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpj2ygjgpx] Nov 25 10:55:48.249654 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:55:48.413053 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] [RD] OK (DoH) - rtt: 106ms Nov 25 10:55:48.413053 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 106ms) Nov 25 10:55:48.413053 osdx dnscrypt-proxy[223377]: [2025-11-25 10:55:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 25 10:55:48.418810 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:55:56.329693 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:55:56.333264 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:55:56.333330 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:55:56.341310 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:55:56.561128 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:55:56.804476 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:55:56.879742 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:55:56.966034 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:55:57.033878 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:55:57.128911 osdx ubnt-cfgd[225082]: inactive Nov 25 10:55:57.149453 osdx INFO[225090]: FRR daemons did not change Nov 25 10:55:57.169270 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:55:57.248945 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:55:57.259752 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:55:57.296569 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:55:57.444070 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:55:57.568824 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:55:57.742377 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:55:57.806297 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:55:57.906924 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:55:57.971475 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Nov 25 10:55:58.065358 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:55:58.140146 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:55:58.266504 osdx ubnt-cfgd[225243]: inactive Nov 25 10:55:58.285819 osdx INFO[225251]: FRR daemons did not change Nov 25 10:55:58.298397 osdx ca-certificates[225267]: Updating certificates in /etc/ssl/certs... Nov 25 10:55:58.795017 osdx ubnt-cfgd[226265]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:55:58.805071 osdx ca-certificates[226271]: 1 added, 0 removed; done. Nov 25 10:55:58.807887 osdx ca-certificates[226277]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:55:58.810642 osdx ca-certificates[226279]: done. Nov 25 10:55:58.921619 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:55:58.923140 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:55:58.925428 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:55:58.948678 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:55:58.952728 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:55:58.952905 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Network connectivity detected Nov 25 10:55:58.953006 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Dropping privileges Nov 25 10:55:58.956275 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Network connectivity detected Nov 25 10:55:58.956413 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:55:58.956469 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:55:58.956541 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Firefox workaround initialized Nov 25 10:55:58.956586 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfcahnhdr] Nov 25 10:55:59.107142 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:55:59.176377 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:59] [NOTICE] [RD] OK (DoH) - rtt: 134ms Nov 25 10:55:59.176377 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:59] [NOTICE] Server with the lowest initial latency: RD (rtt: 134ms) Nov 25 10:55:59.176377 osdx dnscrypt-proxy[226336]: [2025-11-25 10:55:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 25 10:56:06.348986 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:56:06.349405 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:56:06.349435 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:56:06.360477 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:06.600415 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:06.823001 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:06.905559 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:56:06.985004 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:07.047006 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:07.141300 osdx ubnt-cfgd[228042]: inactive Nov 25 10:56:07.216528 osdx INFO[228050]: FRR daemons did not change Nov 25 10:56:07.237131 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:07.302870 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:07.313584 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:07.329489 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:07.500901 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:56:07.716859 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 25 10:56:07.878810 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:07.956377 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:56:08.068104 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:56:08.123788 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Nov 25 10:56:08.220877 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Nov 25 10:56:08.281849 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Nov 25 10:56:08.389344 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Nov 25 10:56:08.452845 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:56:08.575333 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:08.679576 osdx ubnt-cfgd[228205]: inactive Nov 25 10:56:08.700072 osdx INFO[228213]: FRR daemons did not change Nov 25 10:56:08.715602 osdx ca-certificates[228229]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:09.187329 osdx ubnt-cfgd[229227]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:09.194839 osdx ca-certificates[229233]: 1 added, 0 removed; done. Nov 25 10:56:09.198472 osdx ca-certificates[229239]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:09.201340 osdx ca-certificates[229241]: done. Nov 25 10:56:09.293394 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:09.294672 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:09.297976 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:09.335528 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:09.335719 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Network connectivity detected Nov 25 10:56:09.335765 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Dropping privileges Nov 25 10:56:09.337802 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Network connectivity detected Nov 25 10:56:09.337829 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:09.337829 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:09.337863 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Firefox workaround initialized Nov 25 10:56:09.337863 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppezlec1u] Nov 25 10:56:09.338387 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 25 10:56:09.338387 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 25 10:56:09.338433 osdx dnscrypt-proxy[229298]: [2025-11-25 10:56:09] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 25 10:56:09.344626 osdx OSDxCLI[17193]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 25 10:56:14.301456 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:56:14.305056 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:56:14.305125 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:56:14.311770 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:14.626917 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:14.905607 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:14.989662 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:56:15.078767 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:15.144042 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:15.279667 osdx ubnt-cfgd[230997]: inactive Nov 25 10:56:15.300099 osdx INFO[231005]: FRR daemons did not change Nov 25 10:56:15.317056 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:15.387451 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:15.398320 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:15.416610 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:15.564862 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:56:15.744686 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 25 10:56:15.849451 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Nov 25 10:56:16.015370 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:16.089088 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:56:16.183657 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:56:16.247551 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Nov 25 10:56:16.348021 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:56:16.447132 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:16.520913 osdx ubnt-cfgd[231160]: inactive Nov 25 10:56:16.544651 osdx INFO[231168]: FRR daemons did not change Nov 25 10:56:16.557127 osdx ca-certificates[231184]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:17.077672 osdx ubnt-cfgd[232182]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:17.085303 osdx ca-certificates[232188]: 1 added, 0 removed; done. Nov 25 10:56:17.088359 osdx ca-certificates[232194]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:17.090966 osdx ca-certificates[232196]: done. Nov 25 10:56:17.201536 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:17.203276 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:17.205802 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:17.224730 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:17.226068 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:17.226237 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Network connectivity detected Nov 25 10:56:17.226324 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Dropping privileges Nov 25 10:56:17.228424 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Network connectivity detected Nov 25 10:56:17.228466 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:17.228466 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:17.228499 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Firefox workaround initialized Nov 25 10:56:17.228499 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5ejsumj_] Nov 25 10:56:17.229063 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 25 10:56:17.229063 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 25 10:56:17.229063 osdx dnscrypt-proxy[232253]: [2025-11-25 10:56:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16