Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:56:30.299380 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:56:30.302341 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:56:30.302404 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:56:30.311142 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:30.525425 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:30.747450 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:30.826989 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:56:30.913450 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:30.976867 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:31.071792 osdx ubnt-cfgd[234334]: inactive Nov 25 10:56:31.091471 osdx INFO[234342]: FRR daemons did not change Nov 25 10:56:31.110321 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:31.180426 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:31.191181 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:31.212538 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:31.361331 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:56:32.399936 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:32.461732 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:56:32.565226 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:56:32.627666 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:56:32.725731 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:56:32.788014 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:56:32.882983 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 25 10:56:32.948351 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 25 10:56:33.048820 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:56:33.116976 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 25 10:56:33.229480 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:33.298538 osdx ubnt-cfgd[234497]: inactive Nov 25 10:56:33.317736 osdx INFO[234505]: FRR daemons did not change Nov 25 10:56:33.330812 osdx ca-certificates[234521]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:33.808246 osdx ubnt-cfgd[235519]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:33.816124 osdx ca-certificates[235524]: 1 added, 0 removed; done. Nov 25 10:56:33.820018 osdx ca-certificates[235531]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:33.823714 osdx ca-certificates[235533]: done. Nov 25 10:56:33.942683 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:33.944063 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:33.946189 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:33.965880 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:33.966120 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Network connectivity detected Nov 25 10:56:33.966229 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Dropping privileges Nov 25 10:56:33.967060 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:33.968731 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Network connectivity detected Nov 25 10:56:33.968789 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:33.968789 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:33.968789 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 25 10:56:33.968789 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Firefox workaround initialized Nov 25 10:56:33.968880 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprb24x3ke] Nov 25 10:56:34.121905 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:56:34.380771 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:34] [NOTICE] [RD] OK (DoH) - rtt: 298ms Nov 25 10:56:34.380771 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 298ms) Nov 25 10:56:34.380771 osdx dnscrypt-proxy[235593]: [2025-11-25 10:56:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:56:30.281548 osdx systemd-journald[1748]: Runtime Journal (/run/log/journal/c23349e7d2664277b4fe16aa8bcc979f) is 900.0K, max 6.5M, 5.6M free. Nov 25 10:56:30.282637 osdx systemd-journald[1748]: Received client request to rotate journal, rotating. Nov 25 10:56:30.282702 osdx systemd-journald[1748]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c23349e7d2664277b4fe16aa8bcc979f. Nov 25 10:56:30.294832 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:30.491942 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:31.388540 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:56:31.471218 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 25 10:56:31.553553 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:31.609565 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service ssh'. Nov 25 10:56:31.738205 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:31.798910 osdx ubnt-cfgd[77301]: inactive Nov 25 10:56:31.822842 osdx INFO[77315]: FRR daemons did not change Nov 25 10:56:31.842622 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:31.986879 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 25 10:56:31.998205 osdx sshd[77429]: Server listening on 0.0.0.0 port 22. Nov 25 10:56:31.998413 osdx sshd[77429]: Server listening on :: port 22. Nov 25 10:56:31.998531 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 25 10:56:32.021869 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:56:32.032893 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:56:32.049390 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:56:32.200198 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 25 10:56:36.287924 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:56:36.361678 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 25 10:56:36.462893 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 25 10:56:36.519047 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 25 10:56:36.642486 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 25 10:56:36.715823 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 25 10:56:36.827784 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Nov 25 10:56:36.898241 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced'. Nov 25 10:56:37.016562 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:37.139295 osdx ubnt-cfgd[77484]: inactive Nov 25 10:56:37.182961 osdx INFO[77492]: FRR daemons did not change Nov 25 10:56:37.196267 osdx ca-certificates[77507]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:37.672092 osdx ubnt-cfgd[78506]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:37.681529 osdx ca-certificates[78513]: 1 added, 0 removed; done. Nov 25 10:56:37.686221 osdx ca-certificates[78518]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:37.690521 osdx ca-certificates[78520]: done. Nov 25 10:56:37.775091 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:37.776871 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:56:37.780455 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:56:37.800811 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:56:37.821386 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:37.821386 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Network connectivity detected Nov 25 10:56:37.821386 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Dropping privileges Nov 25 10:56:37.823242 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Network connectivity detected Nov 25 10:56:37.823284 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:37.823284 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:37.823284 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Firefox workaround initialized Nov 25 10:56:37.823284 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp9xh0qhuj] Nov 25 10:56:38.001948 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:56:38.082021 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:38] [NOTICE] [DUT0] OK (DoH) - rtt: 110ms Nov 25 10:56:38.082021 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:38] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 110ms) Nov 25 10:56:38.082021 osdx dnscrypt-proxy[78527]: [2025-11-25 10:56:38] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:56:46.297754 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:56:46.298337 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:56:46.298380 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:56:46.310590 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:46.541687 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:46.770163 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:46.845964 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:56:46.931242 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:46.996238 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:47.092426 osdx ubnt-cfgd[237297]: inactive Nov 25 10:56:47.113301 osdx INFO[237305]: FRR daemons did not change Nov 25 10:56:47.134281 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:47.207583 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:47.219297 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:47.242858 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:47.386093 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:56:48.535411 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:56:48.685798 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:56:48.755797 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:56:48.923444 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:56:49.008215 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Nov 25 10:56:49.102616 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 25 10:56:49.165180 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 25 10:56:49.280690 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 25 10:56:49.361123 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:56:49.471982 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 25 10:56:49.600531 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:49.664428 osdx ubnt-cfgd[237462]: inactive Nov 25 10:56:49.685028 osdx INFO[237470]: FRR daemons did not change Nov 25 10:56:49.697792 osdx ca-certificates[237486]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:50.235903 osdx ubnt-cfgd[238484]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:50.244529 osdx ca-certificates[238490]: 1 added, 0 removed; done. Nov 25 10:56:50.248298 osdx ca-certificates[238496]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:50.251164 osdx ca-certificates[238498]: done. Nov 25 10:56:50.366702 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:50.368246 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:56:50.370746 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:56:50.397006 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:56:50.399175 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:50.399340 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Network connectivity detected Nov 25 10:56:50.399486 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Dropping privileges Nov 25 10:56:50.401469 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Network connectivity detected Nov 25 10:56:50.401508 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:50.401508 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:50.401534 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 25 10:56:50.401534 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Firefox workaround initialized Nov 25 10:56:50.401534 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprlj5ime4] Nov 25 10:56:50.578383 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:56:50.598557 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] [RD] OK (DoH) - rtt: 127ms Nov 25 10:56:50.598557 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] Server with the lowest initial latency: RD (rtt: 127ms) Nov 25 10:56:50.598557 osdx dnscrypt-proxy[238558]: [2025-11-25 10:56:50] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:56:46.272806 osdx systemd-journald[1748]: Runtime Journal (/run/log/journal/c23349e7d2664277b4fe16aa8bcc979f) is 928.0K, max 6.5M, 5.6M free. Nov 25 10:56:46.273368 osdx systemd-journald[1748]: Received client request to rotate journal, rotating. Nov 25 10:56:46.273415 osdx systemd-journald[1748]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c23349e7d2664277b4fe16aa8bcc979f. Nov 25 10:56:46.284668 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:56:46.504405 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:56:47.454551 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:56:47.544041 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 25 10:56:47.630277 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:56:47.705264 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service ssh'. Nov 25 10:56:47.816851 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:47.900065 osdx ubnt-cfgd[80202]: inactive Nov 25 10:56:47.930521 osdx INFO[80216]: FRR daemons did not change Nov 25 10:56:47.949383 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:56:48.089894 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 25 10:56:48.105390 osdx sshd[80330]: Server listening on 0.0.0.0 port 22. Nov 25 10:56:48.105753 osdx sshd[80330]: Server listening on :: port 22. Nov 25 10:56:48.105922 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 25 10:56:48.129030 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:56:48.141300 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:56:48.170375 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:56:48.331523 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 25 10:56:52.764030 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced'. Nov 25 10:56:52.966088 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:56:53.027746 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 25 10:56:53.157871 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 25 10:56:53.220368 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 25 10:56:53.328672 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Nov 25 10:56:53.394938 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:56:53.497199 osdx ubnt-cfgd[80385]: inactive Nov 25 10:56:53.517394 osdx INFO[80393]: FRR daemons did not change Nov 25 10:56:53.531627 osdx ca-certificates[80409]: Updating certificates in /etc/ssl/certs... Nov 25 10:56:54.038008 osdx ubnt-cfgd[81407]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:56:54.045976 osdx ca-certificates[81413]: 1 added, 0 removed; done. Nov 25 10:56:54.049088 osdx ca-certificates[81418]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:56:54.051793 osdx ca-certificates[81421]: done. Nov 25 10:56:54.165957 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:56:54.168407 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:56:54.170904 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:56:54.187989 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:56:54.188562 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:56:54.188689 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Network connectivity detected Nov 25 10:56:54.188855 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Dropping privileges Nov 25 10:56:54.191512 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Network connectivity detected Nov 25 10:56:54.191512 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:56:54.191512 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:56:54.191512 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Firefox workaround initialized Nov 25 10:56:54.191512 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpw6alrzgt] Nov 25 10:56:54.347589 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:56:54.418100 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] [DUT0] OK (DoH) - rtt: 116ms Nov 25 10:56:54.418100 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 116ms) Nov 25 10:56:54.418100 osdx dnscrypt-proxy[81428]: [2025-11-25 10:56:54] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 25 10:57:02.314339 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:57:02.317749 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:57:02.317816 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:57:02.325757 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:57:02.614227 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:57:02.858727 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:57:02.938988 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:57:03.024773 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:57:03.098857 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:03.234044 osdx ubnt-cfgd[240264]: inactive Nov 25 10:57:03.259829 osdx INFO[240272]: FRR daemons did not change Nov 25 10:57:03.277757 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:57:03.354882 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:57:03.367991 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:57:03.386442 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:57:03.570407 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:57:04.789836 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 25 10:57:04.931403 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:57:05.004760 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:57:05.122432 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:57:05.209590 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Nov 25 10:57:05.319390 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Nov 25 10:57:05.389533 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Nov 25 10:57:05.510174 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Nov 25 10:57:05.591141 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:57:05.651642 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 25 10:57:05.752328 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 25 10:57:05.813597 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 25 10:57:05.936092 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:06.001990 osdx ubnt-cfgd[240430]: inactive Nov 25 10:57:06.023830 osdx INFO[240438]: FRR daemons did not change Nov 25 10:57:06.040048 osdx ca-certificates[240454]: Updating certificates in /etc/ssl/certs... Nov 25 10:57:06.565071 osdx ubnt-cfgd[241452]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:57:06.573183 osdx ca-certificates[241457]: 1 added, 0 removed; done. Nov 25 10:57:06.575996 osdx ca-certificates[241464]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:57:06.578831 osdx ca-certificates[241466]: done. Nov 25 10:57:06.698043 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:57:06.699880 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:57:06.702120 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:57:06.721500 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:57:06.723647 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:57:06.723820 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Network connectivity detected Nov 25 10:57:06.723949 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Dropping privileges Nov 25 10:57:06.726239 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Network connectivity detected Nov 25 10:57:06.726268 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:57:06.726283 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:57:06.726309 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 25 10:57:06.726323 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Firefox workaround initialized Nov 25 10:57:06.726323 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpxolwz675] Nov 25 10:57:06.727000 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 25 10:57:06.727039 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 25 10:57:06.727039 osdx dnscrypt-proxy[241526]: [2025-11-25 10:57:06] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:57:02.289621 osdx systemd-journald[1748]: Runtime Journal (/run/log/journal/c23349e7d2664277b4fe16aa8bcc979f) is 948.0K, max 6.5M, 5.5M free. Nov 25 10:57:02.291134 osdx systemd-journald[1748]: Received client request to rotate journal, rotating. Nov 25 10:57:02.291183 osdx systemd-journald[1748]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c23349e7d2664277b4fe16aa8bcc979f. Nov 25 10:57:02.300547 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:57:02.577912 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:57:03.678801 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:57:03.771811 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 25 10:57:03.844414 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:57:03.987218 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service ssh'. Nov 25 10:57:04.051266 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:04.154264 osdx ubnt-cfgd[83107]: inactive Nov 25 10:57:04.177974 osdx INFO[83121]: FRR daemons did not change Nov 25 10:57:04.199135 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:57:04.343532 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 25 10:57:04.354978 osdx sshd[83235]: Server listening on 0.0.0.0 port 22. Nov 25 10:57:04.355209 osdx sshd[83235]: Server listening on :: port 22. Nov 25 10:57:04.355333 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 25 10:57:04.376425 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:57:04.388205 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:57:04.404914 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:57:04.584072 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 25 10:57:06.929751 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:57:06.995648 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 25 10:57:07.094702 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 25 10:57:07.186356 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 25 10:57:07.268046 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 25 10:57:07.363886 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 25 10:57:07.433536 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Nov 25 10:57:07.542892 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced'. Nov 25 10:57:07.616644 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:07.715780 osdx ubnt-cfgd[83290]: inactive Nov 25 10:57:07.738996 osdx INFO[83298]: FRR daemons did not change Nov 25 10:57:07.753019 osdx ca-certificates[83314]: Updating certificates in /etc/ssl/certs... Nov 25 10:57:08.243488 osdx ubnt-cfgd[84312]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:57:08.251513 osdx ca-certificates[84319]: 1 added, 0 removed; done. Nov 25 10:57:08.254828 osdx ca-certificates[84324]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:57:08.258056 osdx ca-certificates[84326]: done. Nov 25 10:57:08.359537 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:57:08.361322 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:57:08.364910 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:57:08.381880 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:57:08.381880 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Network connectivity detected Nov 25 10:57:08.381880 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Dropping privileges Nov 25 10:57:08.381748 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:57:08.384055 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Network connectivity detected Nov 25 10:57:08.384090 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:57:08.384090 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:57:08.384124 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Firefox workaround initialized Nov 25 10:57:08.384124 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpvaoy7pqp] Nov 25 10:57:08.553342 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:10.671656 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:12.774768 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:13.479404 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:13] [ERROR] Post "https://dns.dut0:3000/dns-query?body_hash=b634adb25875521ac1bb68d86eeb1fa19c367d338e7e4f398cb872301ac5f02a": net/http: request canceled (Client.Timeout exceeded while awaiting headers) Nov 25 10:57:13.479404 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:13] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable Nov 25 10:57:14.896159 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:17.032979 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:19.160168 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:21.326266 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:23.448151 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:23.645640 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:23] [NOTICE] [DUT0] OK (DoH) - rtt: 104ms Nov 25 10:57:23.645640 osdx dnscrypt-proxy[84333]: [2025-11-25 10:57:23] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 104ms)
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 25 10:57:31.315898 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:57:31.316667 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:57:31.316714 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:57:31.326038 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:57:31.542680 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:57:31.763955 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:57:31.841697 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:57:31.924370 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:57:31.987526 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:32.082379 osdx ubnt-cfgd[243225]: inactive Nov 25 10:57:32.103929 osdx INFO[243233]: FRR daemons did not change Nov 25 10:57:32.124703 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:57:32.191787 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:57:32.202884 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:57:32.239406 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:57:32.402409 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:57:33.481214 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 25 10:57:33.617539 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Nov 25 10:57:33.781145 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:57:33.841754 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:57:33.943021 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:57:34.006010 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Nov 25 10:57:34.098517 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 25 10:57:34.159041 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 25 10:57:34.258821 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 25 10:57:34.314105 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 25 10:57:34.424895 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:34.485738 osdx ubnt-cfgd[243391]: inactive Nov 25 10:57:34.504811 osdx INFO[243399]: FRR daemons did not change Nov 25 10:57:34.516615 osdx ca-certificates[243415]: Updating certificates in /etc/ssl/certs... Nov 25 10:57:34.995001 osdx ubnt-cfgd[244413]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:57:35.002597 osdx ca-certificates[244420]: 1 added, 0 removed; done. Nov 25 10:57:35.005629 osdx ca-certificates[244425]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:57:35.009283 osdx ca-certificates[244427]: done. Nov 25 10:57:35.116964 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:57:35.118210 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:57:35.122359 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:57:35.147630 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:57:35.147822 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Network connectivity detected Nov 25 10:57:35.147903 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Dropping privileges Nov 25 10:57:35.149799 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Network connectivity detected Nov 25 10:57:35.149799 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:57:35.149799 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:57:35.149799 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 25 10:57:35.149898 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Firefox workaround initialized Nov 25 10:57:35.149898 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmped6dn8e1] Nov 25 10:57:35.150382 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 25 10:57:35.150417 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 25 10:57:35.150417 osdx dnscrypt-proxy[244487]: [2025-11-25 10:57:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 25 10:57:35.161538 osdx OSDxCLI[17193]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 25 10:57:32.279658 osdx systemd-journald[1748]: Runtime Journal (/run/log/journal/c23349e7d2664277b4fe16aa8bcc979f) is 948.0K, max 6.5M, 5.5M free. Nov 25 10:57:32.281320 osdx systemd-journald[1748]: Received client request to rotate journal, rotating. Nov 25 10:57:32.281367 osdx systemd-journald[1748]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c23349e7d2664277b4fe16aa8bcc979f. Nov 25 10:57:32.288942 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:57:32.494132 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:57:33.466802 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:57:33.544575 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 25 10:57:33.629242 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:57:33.682642 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service ssh'. Nov 25 10:57:33.792301 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:33.865981 osdx ubnt-cfgd[86046]: inactive Nov 25 10:57:33.895243 osdx INFO[86060]: FRR daemons did not change Nov 25 10:57:33.917342 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:57:34.053673 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 25 10:57:34.065972 osdx sshd[86174]: Server listening on 0.0.0.0 port 22. Nov 25 10:57:34.066161 osdx sshd[86174]: Server listening on :: port 22. Nov 25 10:57:34.066273 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 25 10:57:34.090052 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:57:34.101688 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:57:34.119664 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:57:34.276963 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 25 10:57:36.344838 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 05ca5ccf17c71e07a4c66581a8fa628032320226fc65d3bb1a619d1c8dad3ced'. Nov 25 10:57:36.494315 osdx OSDxCLI[2045]: User 'admin' entered the configuration menu. Nov 25 10:57:36.590966 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 25 10:57:36.665748 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 25 10:57:36.783720 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 25 10:57:36.856609 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgBcpczxfHHgekxmWBqPpigDIyAib8ZdO7GmGdHI2tPO0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Nov 25 10:57:36.966894 osdx OSDxCLI[2045]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:57:37.046944 osdx ubnt-cfgd[86229]: inactive Nov 25 10:57:37.065726 osdx INFO[86237]: FRR daemons did not change Nov 25 10:57:37.077345 osdx ca-certificates[86253]: Updating certificates in /etc/ssl/certs... Nov 25 10:57:37.526333 osdx ubnt-cfgd[87251]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:57:37.533873 osdx ca-certificates[87258]: 1 added, 0 removed; done. Nov 25 10:57:37.536923 osdx ca-certificates[87263]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:57:37.539781 osdx ca-certificates[87265]: done. Nov 25 10:57:37.597641 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:57:37.599332 osdx cfgd[1449]: [2045]Completed change to active configuration Nov 25 10:57:37.603085 osdx OSDxCLI[2045]: User 'admin' committed the configuration. Nov 25 10:57:37.619497 osdx OSDxCLI[2045]: User 'admin' left the configuration menu. Nov 25 10:57:37.633273 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] dnscrypt-proxy 2.0.45 Nov 25 10:57:37.633444 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Network connectivity detected Nov 25 10:57:37.633508 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Dropping privileges Nov 25 10:57:37.635605 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Network connectivity detected Nov 25 10:57:37.635605 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 25 10:57:37.635605 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 25 10:57:37.635605 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Firefox workaround initialized Nov 25 10:57:37.635605 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp48o78nyn] Nov 25 10:57:37.779111 osdx OSDxCLI[2045]: User 'admin' executed a new command: 'system journal show | cat'. Nov 25 10:57:37.858904 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] [DUT0] OK (DoH) - rtt: 122ms Nov 25 10:57:37.858904 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 122ms) Nov 25 10:57:37.858904 osdx dnscrypt-proxy[87272]: [2025-11-25 10:57:37] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13