Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:09:00.334885 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:09:00.337890 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:09:00.337952 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:09:00.346420 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:09:00.556029 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:09:00.811355 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:00.889847 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:09:00.994562 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:09:01.071883 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:01.182192 osdx ubnt-cfgd[124362]: inactive Mar 24 12:09:01.206483 osdx INFO[124370]: FRR daemons did not change Mar 24 12:09:01.225882 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:09:01.305723 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:01.316967 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:01.335107 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:01.485619 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:09:01.683326 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:01.752844 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:09:01.856745 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:09:01.928106 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:09:02.036717 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:09:02.166072 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:09:02.222291 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:09:02.370955 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:02.432614 osdx ubnt-cfgd[124525]: inactive Mar 24 12:09:02.452281 osdx INFO[124533]: FRR daemons did not change Mar 24 12:09:02.467501 osdx ca-certificates[124549]: Updating certificates in /etc/ssl/certs... Mar 24 12:09:02.958763 osdx ubnt-cfgd[125547]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:09:02.967484 osdx ca-certificates[125553]: 1 added, 0 removed; done. Mar 24 12:09:02.970696 osdx ca-certificates[125559]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:09:02.974255 osdx ca-certificates[125561]: done. Mar 24 12:09:03.094201 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:09:03.095598 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:03.099387 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:03.131788 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:09:03.132024 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Network connectivity detected Mar 24 12:09:03.132186 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Dropping privileges Mar 24 12:09:03.135013 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Network connectivity detected Mar 24 12:09:03.135056 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:09:03.135056 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:09:03.135056 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Firefox workaround initialized Mar 24 12:09:03.135095 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp6xf86uai] Mar 24 12:09:03.148661 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:03.180384 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] [RD] OK (DoH) - rtt: 18ms Mar 24 12:09:03.180384 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] Server with the lowest initial latency: RD (rtt: 18ms) Mar 24 12:09:03.180384 osdx dnscrypt-proxy[125618]: [2026-03-24 12:09:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:09:08.349253 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:09:08.353230 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:09:08.353294 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:09:08.359855 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:09:08.583919 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:09:08.834408 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:08.917061 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:09:09.023149 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:09:09.087711 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:09.188646 osdx ubnt-cfgd[127317]: inactive Mar 24 12:09:09.222682 osdx INFO[127325]: FRR daemons did not change Mar 24 12:09:09.253225 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:09:09.349181 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:09.361653 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:09.379597 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:09.541394 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:09:09.681462 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:09:09.839138 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:09.918540 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:09:09.982592 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:09:10.087962 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 24 12:09:10.138747 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:09:10.248645 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:10.313062 osdx ubnt-cfgd[127478]: inactive Mar 24 12:09:10.336079 osdx INFO[127486]: FRR daemons did not change Mar 24 12:09:10.349590 osdx ca-certificates[127502]: Updating certificates in /etc/ssl/certs... Mar 24 12:09:10.841390 osdx ubnt-cfgd[128500]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:09:10.848782 osdx ca-certificates[128506]: 1 added, 0 removed; done. Mar 24 12:09:10.851620 osdx ca-certificates[128512]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:09:10.854488 osdx ca-certificates[128514]: done. Mar 24 12:09:10.953504 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:09:10.955053 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:10.957323 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:10.975331 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:10.986004 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:09:10.986166 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Network connectivity detected Mar 24 12:09:10.986231 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Dropping privileges Mar 24 12:09:10.988882 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Network connectivity detected Mar 24 12:09:10.988942 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:09:10.988942 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:09:10.988942 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Firefox workaround initialized Mar 24 12:09:10.989007 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:10] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7cxsho9_] Mar 24 12:09:11.033604 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:11] [NOTICE] [RD] OK (DoH) - rtt: 12ms Mar 24 12:09:11.033774 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:11] [NOTICE] Server with the lowest initial latency: RD (rtt: 12ms) Mar 24 12:09:11.033845 osdx dnscrypt-proxy[128571]: [2026-03-24 12:09:11] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 24 12:09:16.291384 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:09:16.295350 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:09:16.295416 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:09:16.301018 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:09:16.511753 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:09:16.770215 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:16.845842 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:09:16.932534 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:09:16.995066 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:17.093772 osdx ubnt-cfgd[130271]: inactive Mar 24 12:09:17.118991 osdx INFO[130279]: FRR daemons did not change Mar 24 12:09:17.139355 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:09:17.206746 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:17.217579 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:17.242221 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:17.386865 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:09:17.482960 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 24 12:09:17.653042 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:17.715011 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:09:17.833857 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:09:17.892814 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 24 12:09:17.994491 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 24 12:09:18.060360 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 24 12:09:18.154813 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Mar 24 12:09:18.207562 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:09:18.318351 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:18.407777 osdx ubnt-cfgd[130434]: inactive Mar 24 12:09:18.428781 osdx INFO[130442]: FRR daemons did not change Mar 24 12:09:18.441432 osdx ca-certificates[130458]: Updating certificates in /etc/ssl/certs... Mar 24 12:09:18.940922 osdx ubnt-cfgd[131456]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:09:18.949529 osdx ca-certificates[131462]: 1 added, 0 removed; done. Mar 24 12:09:18.952707 osdx ca-certificates[131468]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:09:18.955369 osdx ca-certificates[131470]: done. Mar 24 12:09:19.051641 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:09:19.052710 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:19.055439 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:19.074385 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:09:19.074551 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Network connectivity detected Mar 24 12:09:19.074616 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Dropping privileges Mar 24 12:09:19.076926 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Network connectivity detected Mar 24 12:09:19.076966 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:09:19.076966 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:09:19.076994 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Firefox workaround initialized Mar 24 12:09:19.076994 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpux4s5o8n] Mar 24 12:09:19.077488 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 24 12:09:19.077534 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 24 12:09:19.077560 osdx dnscrypt-proxy[131527]: [2026-03-24 12:09:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 24 12:09:19.086015 osdx OSDxCLI[2595]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 24 12:09:24.348031 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:09:24.351763 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:09:24.351839 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:09:24.358811 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:09:24.578290 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:09:24.813702 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:24.904582 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:09:24.960757 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:09:25.074707 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:25.133585 osdx ubnt-cfgd[133226]: inactive Mar 24 12:09:25.154866 osdx INFO[133234]: FRR daemons did not change Mar 24 12:09:25.171738 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:09:25.240782 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:25.252034 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:25.275781 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:25.419433 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:09:25.533305 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 24 12:09:25.670622 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Mar 24 12:09:25.800659 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:09:25.863643 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:09:25.964168 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:09:26.028304 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 24 12:09:26.117235 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:09:26.189659 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:09:26.283601 osdx ubnt-cfgd[133389]: inactive Mar 24 12:09:26.301553 osdx INFO[133397]: FRR daemons did not change Mar 24 12:09:26.314443 osdx ca-certificates[133413]: Updating certificates in /etc/ssl/certs... Mar 24 12:09:26.801293 osdx ubnt-cfgd[134411]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:09:26.808593 osdx ca-certificates[134416]: 1 added, 0 removed; done. Mar 24 12:09:26.811342 osdx ca-certificates[134423]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:09:26.813922 osdx ca-certificates[134425]: done. Mar 24 12:09:26.908078 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:09:26.909459 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:09:26.911444 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:09:26.927459 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:09:26.931863 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:09:26.932061 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Network connectivity detected Mar 24 12:09:26.932167 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Dropping privileges Mar 24 12:09:26.934887 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Network connectivity detected Mar 24 12:09:26.934992 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:09:26.935036 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:09:26.935093 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Firefox workaround initialized Mar 24 12:09:26.935140 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp77alvs63] Mar 24 12:09:26.935689 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 24 12:09:26.935689 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 24 12:09:26.935689 osdx dnscrypt-proxy[134482]: [2026-03-24 12:09:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16