Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:03.295105 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:08:03.295626 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:08:03.295671 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:08:03.307278 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:03.529840 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:03.752533 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:03.830505 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:08:04.134985 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:04.230811 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:04.299679 osdx ubnt-cfgd[112182]: inactive Mar 24 12:08:04.321541 osdx INFO[112190]: FRR daemons did not change Mar 24 12:08:04.343352 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:04.418593 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:04.430988 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:04.459688 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:04.605592 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:08:05.895280 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:05.957161 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:08:06.056173 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:08:06.119951 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:08:06.221798 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:08:06.298947 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:08:06.395218 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 24 12:08:06.454860 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 24 12:08:06.552760 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:08:06.613551 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 24 12:08:06.725968 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:06.794768 osdx ubnt-cfgd[112345]: inactive Mar 24 12:08:06.814710 osdx INFO[112353]: FRR daemons did not change Mar 24 12:08:06.826400 osdx ca-certificates[112369]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:07.327748 osdx ubnt-cfgd[113367]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:07.336645 osdx ca-certificates[113373]: 1 added, 0 removed; done. Mar 24 12:08:07.340644 osdx ca-certificates[113379]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:07.343362 osdx ca-certificates[113381]: done. Mar 24 12:08:07.475650 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:07.476795 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:07.478749 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:07.494131 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:07.498220 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:07.498367 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Network connectivity detected Mar 24 12:08:07.498512 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Dropping privileges Mar 24 12:08:07.500509 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Network connectivity detected Mar 24 12:08:07.500551 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:07.500551 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:07.500551 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 24 12:08:07.500614 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Firefox workaround initialized Mar 24 12:08:07.500614 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpd21a14pa] Mar 24 12:08:07.537925 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] [RD] OK (DoH) - rtt: 11ms Mar 24 12:08:07.537925 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:08:07.537925 osdx dnscrypt-proxy[113441]: [2026-03-24 12:08:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:03.268490 osdx systemd-journald[1562]: Runtime Journal (/run/log/journal/4697983b28394fbab81ced9284dd096a) is 912.0K, max 6.5M, 5.6M free. Mar 24 12:08:03.271658 osdx systemd-journald[1562]: Received client request to rotate journal, rotating. Mar 24 12:08:03.271727 osdx systemd-journald[1562]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4697983b28394fbab81ced9284dd096a. Mar 24 12:08:03.282097 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:03.487486 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:04.656461 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:04.745388 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 24 12:08:04.851551 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:04.923170 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service ssh'. Mar 24 12:08:05.206514 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:05.295417 osdx ubnt-cfgd[244817]: inactive Mar 24 12:08:05.320658 osdx INFO[244831]: FRR daemons did not change Mar 24 12:08:05.339675 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:05.479903 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 24 12:08:05.494129 osdx sshd[244945]: Server listening on 0.0.0.0 port 22. Mar 24 12:08:05.494341 osdx sshd[244945]: Server listening on :: port 22. Mar 24 12:08:05.494462 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 24 12:08:05.515600 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:05.527530 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:05.553409 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:05.685724 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 24 12:08:07.673486 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:07.738096 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 24 12:08:07.835273 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 24 12:08:07.893360 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 24 12:08:08.002258 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 24 12:08:08.063477 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 24 12:08:08.162023 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 24 12:08:08.230984 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b'. Mar 24 12:08:08.337549 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:08.412463 osdx ubnt-cfgd[245000]: inactive Mar 24 12:08:08.437416 osdx INFO[245008]: FRR daemons did not change Mar 24 12:08:08.450257 osdx ca-certificates[245023]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:08.928089 osdx ubnt-cfgd[246022]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:08.938980 osdx ca-certificates[246029]: 1 added, 0 removed; done. Mar 24 12:08:08.942112 osdx ca-certificates[246034]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:08.946170 osdx ca-certificates[246036]: done. Mar 24 12:08:09.032128 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:09.034081 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:09.036718 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:09.054202 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:09.054202 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Network connectivity detected Mar 24 12:08:09.054202 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Dropping privileges Mar 24 12:08:09.054823 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:09.072818 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Network connectivity detected Mar 24 12:08:09.072951 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:09.072981 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:09.073023 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Firefox workaround initialized Mar 24 12:08:09.073047 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpyk7l4716] Mar 24 12:08:09.215401 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 12:08:09.477880 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] [DUT0] OK (DoH) - rtt: 13ms Mar 24 12:08:09.478004 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 13ms) Mar 24 12:08:09.478037 osdx dnscrypt-proxy[246043]: [2026-03-24 12:08:09] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:17.307397 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:08:17.310441 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:08:17.310515 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:08:17.317910 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:17.534228 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:17.784055 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:17.874357 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:08:17.927773 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:18.040793 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:18.108000 osdx ubnt-cfgd[115138]: inactive Mar 24 12:08:18.134312 osdx INFO[115146]: FRR daemons did not change Mar 24 12:08:18.154392 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:18.229467 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:18.240922 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:18.258837 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:18.416444 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:08:19.618104 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:08:19.772439 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:19.838010 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:08:19.928650 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:08:19.991146 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Mar 24 12:08:20.088453 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 24 12:08:20.147720 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 24 12:08:20.237516 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 24 12:08:20.294006 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:08:20.393947 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 24 12:08:20.461316 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:20.557645 osdx ubnt-cfgd[115303]: inactive Mar 24 12:08:20.576679 osdx INFO[115311]: FRR daemons did not change Mar 24 12:08:20.589464 osdx ca-certificates[115327]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:21.069243 osdx ubnt-cfgd[116325]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:21.076809 osdx ca-certificates[116331]: 1 added, 0 removed; done. Mar 24 12:08:21.079809 osdx ca-certificates[116337]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:21.082461 osdx ca-certificates[116339]: done. Mar 24 12:08:21.186663 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:21.187865 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:21.190004 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:21.205454 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:21.209932 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:21.210168 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Network connectivity detected Mar 24 12:08:21.210353 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Dropping privileges Mar 24 12:08:21.212284 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Network connectivity detected Mar 24 12:08:21.212331 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:21.212331 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:21.212331 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 24 12:08:21.212371 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Firefox workaround initialized Mar 24 12:08:21.212371 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpfvf6hksz] Mar 24 12:08:21.251906 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] [RD] OK (DoH) - rtt: 11ms Mar 24 12:08:21.251906 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:08:21.251906 osdx dnscrypt-proxy[116399]: [2026-03-24 12:08:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:17.275383 osdx systemd-journald[1562]: Runtime Journal (/run/log/journal/4697983b28394fbab81ced9284dd096a) is 928.0K, max 6.5M, 5.6M free. Mar 24 12:08:17.278462 osdx systemd-journald[1562]: Received client request to rotate journal, rotating. Mar 24 12:08:17.278518 osdx systemd-journald[1562]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4697983b28394fbab81ced9284dd096a. Mar 24 12:08:17.284883 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:17.491379 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:18.463701 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:18.563875 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 24 12:08:18.642884 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:18.722454 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service ssh'. Mar 24 12:08:18.852116 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:18.944298 osdx ubnt-cfgd[247718]: inactive Mar 24 12:08:18.974664 osdx INFO[247732]: FRR daemons did not change Mar 24 12:08:18.998487 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:19.162858 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 24 12:08:19.178110 osdx sshd[247846]: Server listening on 0.0.0.0 port 22. Mar 24 12:08:19.178140 osdx sshd[247846]: Server listening on :: port 22. Mar 24 12:08:19.178260 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 24 12:08:19.199740 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:19.210759 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:19.236919 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:19.395135 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 24 12:08:21.406188 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b'. Mar 24 12:08:21.561657 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:21.652508 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 24 12:08:21.760149 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 24 12:08:21.829781 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 24 12:08:21.934771 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 24 12:08:22.002379 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:22.123372 osdx ubnt-cfgd[247901]: inactive Mar 24 12:08:22.143303 osdx INFO[247909]: FRR daemons did not change Mar 24 12:08:22.155681 osdx ca-certificates[247924]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:22.607295 osdx ubnt-cfgd[248923]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:22.615472 osdx ca-certificates[248930]: 1 added, 0 removed; done. Mar 24 12:08:22.618352 osdx ca-certificates[248935]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:22.621046 osdx ca-certificates[248937]: done. Mar 24 12:08:22.686810 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:22.688515 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:22.691185 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:22.712797 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:22.712976 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Network connectivity detected Mar 24 12:08:22.713033 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Dropping privileges Mar 24 12:08:22.715513 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Network connectivity detected Mar 24 12:08:22.715513 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:22.715513 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:22.715513 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Firefox workaround initialized Mar 24 12:08:22.715513 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprhxxjlt9] Mar 24 12:08:22.716020 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:22.809062 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] [DUT0] OK (DoH) - rtt: 11ms Mar 24 12:08:22.809167 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 11ms) Mar 24 12:08:22.809195 osdx dnscrypt-proxy[248944]: [2026-03-24 12:08:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 24 12:08:29.287301 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:08:29.289428 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:08:29.289489 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:08:29.298754 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:29.512945 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:29.753718 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:29.833928 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:08:29.913964 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:29.978708 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:30.068418 osdx ubnt-cfgd[118100]: inactive Mar 24 12:08:30.092104 osdx INFO[118108]: FRR daemons did not change Mar 24 12:08:30.113435 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:30.190965 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:30.205479 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:30.224542 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:30.381519 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:08:31.515671 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 24 12:08:31.755247 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:31.870836 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:08:31.933124 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:08:32.050747 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Mar 24 12:08:32.121934 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Mar 24 12:08:32.231643 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Mar 24 12:08:32.301611 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Mar 24 12:08:32.394895 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:08:32.455981 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 24 12:08:32.564150 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 24 12:08:32.641843 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 24 12:08:32.756721 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:32.894461 osdx ubnt-cfgd[118266]: inactive Mar 24 12:08:32.921485 osdx INFO[118274]: FRR daemons did not change Mar 24 12:08:32.935612 osdx ca-certificates[118290]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:33.511426 osdx ubnt-cfgd[119288]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:33.519788 osdx ca-certificates[119293]: 1 added, 0 removed; done. Mar 24 12:08:33.523824 osdx ca-certificates[119300]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:33.527028 osdx ca-certificates[119302]: done. Mar 24 12:08:33.661822 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:33.663190 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:33.665704 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:33.686109 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:33.693230 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:33.693480 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Network connectivity detected Mar 24 12:08:33.693777 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Dropping privileges Mar 24 12:08:33.697588 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Network connectivity detected Mar 24 12:08:33.697666 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:33.697666 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:33.697666 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 24 12:08:33.697749 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Firefox workaround initialized Mar 24 12:08:33.697749 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_d5go6p1] Mar 24 12:08:33.698878 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 24 12:08:33.698878 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 24 12:08:33.698878 osdx dnscrypt-proxy[119362]: [2026-03-24 12:08:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:29.261897 osdx systemd-journald[1562]: Runtime Journal (/run/log/journal/4697983b28394fbab81ced9284dd096a) is 952.0K, max 6.5M, 5.5M free. Mar 24 12:08:29.262364 osdx systemd-journald[1562]: Received client request to rotate journal, rotating. Mar 24 12:08:29.262408 osdx systemd-journald[1562]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4697983b28394fbab81ced9284dd096a. Mar 24 12:08:29.271348 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:29.490209 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:30.405674 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:30.489542 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 24 12:08:30.566769 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:30.619485 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service ssh'. Mar 24 12:08:30.776334 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:30.861754 osdx ubnt-cfgd[250615]: inactive Mar 24 12:08:30.887562 osdx INFO[250629]: FRR daemons did not change Mar 24 12:08:30.906382 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:31.066736 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 24 12:08:31.084327 osdx sshd[250743]: Server listening on 0.0.0.0 port 22. Mar 24 12:08:31.084601 osdx sshd[250743]: Server listening on :: port 22. Mar 24 12:08:31.084760 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 24 12:08:31.109288 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:31.124027 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:31.142176 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:31.284618 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 24 12:08:33.944311 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:34.026391 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 24 12:08:34.188158 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 24 12:08:34.315786 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 24 12:08:34.446161 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Mar 24 12:08:34.524142 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Mar 24 12:08:34.604659 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Mar 24 12:08:34.704452 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b'. Mar 24 12:08:34.795605 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:34.903824 osdx ubnt-cfgd[250798]: inactive Mar 24 12:08:34.928205 osdx INFO[250806]: FRR daemons did not change Mar 24 12:08:34.944751 osdx ca-certificates[250822]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:35.494364 osdx ubnt-cfgd[251820]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:35.502748 osdx ca-certificates[251827]: 1 added, 0 removed; done. Mar 24 12:08:35.505996 osdx ca-certificates[251832]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:35.509012 osdx ca-certificates[251834]: done. Mar 24 12:08:35.590868 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:35.593390 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:35.596132 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:35.621104 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:35.623213 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:35.623414 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Network connectivity detected Mar 24 12:08:35.623514 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Dropping privileges Mar 24 12:08:35.626456 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Network connectivity detected Mar 24 12:08:35.626503 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:35.626503 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:35.626535 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Firefox workaround initialized Mar 24 12:08:35.626535 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmph6teuez6] Mar 24 12:08:35.728605 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] [DUT0] OK (DoH) - rtt: 11ms Mar 24 12:08:35.728762 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 11ms) Mar 24 12:08:35.728814 osdx dnscrypt-proxy[251841]: [2026-03-24 12:08:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Mar 24 12:08:42.304571 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:08:42.307291 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:08:42.307340 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:08:42.313976 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:42.538457 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:42.812039 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:42.923247 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:08:43.010711 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:43.084304 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:43.182491 osdx ubnt-cfgd[121059]: inactive Mar 24 12:08:43.202456 osdx INFO[121067]: FRR daemons did not change Mar 24 12:08:43.223306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:43.297923 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:43.310108 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:43.332149 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:08:43.467344 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:08:44.540937 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Mar 24 12:08:44.651486 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Mar 24 12:08:44.809813 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:08:44.879691 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:08:44.997487 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:08:45.085484 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Mar 24 12:08:45.190503 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns resolver local'. Mar 24 12:08:45.248367 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Mar 24 12:08:45.352146 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Mar 24 12:08:45.411996 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Mar 24 12:08:45.526284 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:45.594253 osdx ubnt-cfgd[121225]: inactive Mar 24 12:08:45.617705 osdx INFO[121233]: FRR daemons did not change Mar 24 12:08:45.631535 osdx ca-certificates[121248]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:46.150175 osdx ubnt-cfgd[122247]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:46.159679 osdx ca-certificates[122252]: 1 added, 0 removed; done. Mar 24 12:08:46.162824 osdx ca-certificates[122259]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:46.166425 osdx ca-certificates[122261]: done. Mar 24 12:08:46.303697 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:46.304968 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:08:46.307072 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:08:46.330595 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:46.330785 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Network connectivity detected Mar 24 12:08:46.330949 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Dropping privileges Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Network connectivity detected Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Firefox workaround initialized Mar 24 12:08:46.334922 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp__e1d_lf] Mar 24 12:08:46.335254 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Mar 24 12:08:46.335271 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Mar 24 12:08:46.335271 osdx dnscrypt-proxy[122321]: [2026-03-24 12:08:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Mar 24 12:08:46.335334 osdx OSDxCLI[2595]: User 'admin' left the configuration menu.
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 24 12:08:42.283888 osdx systemd-journald[1562]: Runtime Journal (/run/log/journal/4697983b28394fbab81ced9284dd096a) is 948.0K, max 6.5M, 5.5M free. Mar 24 12:08:42.285531 osdx systemd-journald[1562]: Received client request to rotate journal, rotating. Mar 24 12:08:42.285596 osdx systemd-journald[1562]: Vacuuming done, freed 0B of archived journals from /run/log/journal/4697983b28394fbab81ced9284dd096a. Mar 24 12:08:42.293959 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:08:42.515959 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:08:43.492004 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:43.569192 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Mar 24 12:08:43.644804 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:08:43.743853 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service ssh'. Mar 24 12:08:43.821066 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:43.905206 osdx ubnt-cfgd[253512]: inactive Mar 24 12:08:43.934829 osdx INFO[253526]: FRR daemons did not change Mar 24 12:08:43.957529 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:08:44.105895 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 24 12:08:44.122074 osdx sshd[253640]: Server listening on 0.0.0.0 port 22. Mar 24 12:08:44.122326 osdx sshd[253640]: Server listening on :: port 22. Mar 24 12:08:44.122468 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 24 12:08:44.142792 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:44.156877 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:44.190880 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:44.348421 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Mar 24 12:08:46.550786 osdx OSDxCLI[198564]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 1ef3e32243bb7c721717cfc80a127709af25cef8671cff325d7b2b5620b8d02b'. Mar 24 12:08:46.731304 osdx OSDxCLI[198564]: User 'admin' entered the configuration menu. Mar 24 12:08:46.797551 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Mar 24 12:08:46.932942 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Mar 24 12:08:47.006267 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Mar 24 12:08:47.110569 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgHvPjIkO7fHIXF8_IChJ3Ca8lzvhnHP8yXXsrViC40CsNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Mar 24 12:08:47.181640 osdx OSDxCLI[198564]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:08:47.266547 osdx ubnt-cfgd[253695]: inactive Mar 24 12:08:47.311188 osdx INFO[253703]: FRR daemons did not change Mar 24 12:08:47.324938 osdx ca-certificates[253719]: Updating certificates in /etc/ssl/certs... Mar 24 12:08:47.798472 osdx ubnt-cfgd[254717]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:08:47.808309 osdx ca-certificates[254724]: 1 added, 0 removed; done. Mar 24 12:08:47.811372 osdx ca-certificates[254729]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:08:47.814263 osdx ca-certificates[254731]: done. Mar 24 12:08:47.881933 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:08:47.883360 osdx cfgd[1263]: [198564]Completed change to active configuration Mar 24 12:08:47.889340 osdx OSDxCLI[198564]: User 'admin' committed the configuration. Mar 24 12:08:47.917271 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] dnscrypt-proxy 2.0.45 Mar 24 12:08:47.917642 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Network connectivity detected Mar 24 12:08:47.917935 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Dropping privileges Mar 24 12:08:47.920557 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Network connectivity detected Mar 24 12:08:47.920610 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 24 12:08:47.920610 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 24 12:08:47.920610 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Firefox workaround initialized Mar 24 12:08:47.920610 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpazpyn4rx] Mar 24 12:08:47.925564 osdx OSDxCLI[198564]: User 'admin' left the configuration menu. Mar 24 12:08:48.018336 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:48] [NOTICE] [DUT0] OK (DoH) - rtt: 10ms Mar 24 12:08:48.018468 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:48] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 10ms) Mar 24 12:08:48.018503 osdx dnscrypt-proxy[254738]: [2026-03-24 12:08:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13