Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:22:15.320022 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.2M free. May 13 16:22:15.322808 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:22:15.322856 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:22:15.329384 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:22:15.681493 osdx osdx-coredump[81298]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:22:15.689614 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:22:16.186340 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:16.275735 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:22:16.365207 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:22:16.509188 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:16.585623 osdx ubnt-cfgd[81316]: inactive May 13 16:22:16.607525 osdx INFO[81324]: FRR daemons did not change May 13 16:22:16.711050 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:16.723738 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:16.748807 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:16.893620 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:22:17.121047 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:17.181003 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:22:17.284347 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:22:17.359653 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 13 16:22:17.462419 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 13 16:22:17.531770 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 13 16:22:17.613861 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:22:17.702670 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:17.801158 osdx ubnt-cfgd[81476]: inactive May 13 16:22:17.822169 osdx INFO[81484]: FRR daemons did not change May 13 16:22:17.836939 osdx ca-certificates[81500]: Updating certificates in /etc/ssl/certs... May 13 16:22:18.336804 osdx ca-certificates[82504]: 1 added, 0 removed; done. May 13 16:22:18.339913 osdx ca-certificates[82510]: Running hooks in /etc/ca-certificates/update.d... May 13 16:22:18.343687 osdx ca-certificates[82512]: done. May 13 16:22:18.455349 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:22:18.456745 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:18.459124 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:18.477531 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:18.480126 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:22:18.480269 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Network connectivity detected May 13 16:22:18.480412 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Dropping privileges May 13 16:22:18.483079 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Network connectivity detected May 13 16:22:18.483112 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:22:18.483112 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:22:18.483142 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Firefox workaround initialized May 13 16:22:18.483156 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphgxlgzk0] May 13 16:22:18.633144 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] [RD] OK (DoH) - rtt: 122ms May 13 16:22:18.633144 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) May 13 16:22:18.633144 osdx dnscrypt-proxy[82569]: [2025-05-13 16:22:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 13 16:22:18.636273 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:22:26.366270 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.3M free. May 13 16:22:26.367202 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:22:26.367253 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:22:26.377898 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:22:26.711472 osdx osdx-coredump[84268]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:22:26.719459 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:22:27.182603 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:27.260634 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:22:27.348450 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:22:27.421466 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:27.531579 osdx ubnt-cfgd[84286]: inactive May 13 16:22:27.552267 osdx INFO[84294]: FRR daemons did not change May 13 16:22:27.653881 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:27.665279 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:27.682029 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:27.863146 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:22:27.991671 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 13 16:22:28.139689 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:28.212269 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:22:28.310842 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:22:28.375211 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 13 16:22:28.469057 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:22:28.594900 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:28.668514 osdx ubnt-cfgd[84447]: inactive May 13 16:22:28.689906 osdx INFO[84455]: FRR daemons did not change May 13 16:22:28.704405 osdx ca-certificates[84470]: Updating certificates in /etc/ssl/certs... May 13 16:22:29.210427 osdx ca-certificates[85475]: 1 added, 0 removed; done. May 13 16:22:29.213355 osdx ca-certificates[85481]: Running hooks in /etc/ca-certificates/update.d... May 13 16:22:29.216137 osdx ca-certificates[85483]: done. May 13 16:22:29.319555 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:22:29.321354 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:29.324316 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:29.343010 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:29.344308 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:22:29.344521 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Network connectivity detected May 13 16:22:29.344717 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Dropping privileges May 13 16:22:29.346899 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Network connectivity detected May 13 16:22:29.346939 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:22:29.346939 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:22:29.346966 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Firefox workaround initialized May 13 16:22:29.346966 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpsgqeyafz] May 13 16:22:29.493983 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] [RD] OK (DoH) - rtt: 118ms May 13 16:22:29.493983 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] Server with the lowest initial latency: RD (rtt: 118ms) May 13 16:22:29.493983 osdx dnscrypt-proxy[85540]: [2025-05-13 16:22:29] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 13 16:22:29.494401 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 13 16:22:36.000178 osdx systemd-timedated[43145]: Changed local time to Tue 2025-05-13 16:22:36 UTC May 13 16:22:36.001679 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'set date 2025-05-13 16:22:36'. May 13 16:22:36.002333 osdx systemd-journald[27261]: Time jumped backwards, rotating. May 13 16:22:36.304384 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.3M free. May 13 16:22:36.306334 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:22:36.306387 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:22:36.314107 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:22:36.691315 osdx osdx-coredump[87238]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:22:36.699282 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:22:37.214738 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:37.301278 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:22:37.415495 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:22:37.521838 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:37.589253 osdx ubnt-cfgd[87256]: inactive May 13 16:22:37.615612 osdx INFO[87264]: FRR daemons did not change May 13 16:22:37.724674 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:37.736097 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:37.755718 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:37.916463 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:22:38.079090 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 13 16:22:38.219918 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:38.284424 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:22:38.386689 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:22:38.470819 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 13 16:22:38.510714 osdx systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories... May 13 16:22:38.519061 osdx systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully. May 13 16:22:38.519190 osdx systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories. May 13 16:22:38.520606 osdx systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully. May 13 16:22:38.529932 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 13 16:22:38.641704 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 13 16:22:38.702453 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7'. May 13 16:22:38.796961 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:22:38.885468 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:38.975036 osdx ubnt-cfgd[87422]: inactive May 13 16:22:38.996189 osdx INFO[87430]: FRR daemons did not change May 13 16:22:39.009500 osdx ca-certificates[87446]: Updating certificates in /etc/ssl/certs... May 13 16:22:39.493208 osdx ca-certificates[88450]: 1 added, 0 removed; done. May 13 16:22:39.496187 osdx ca-certificates[88456]: Running hooks in /etc/ca-certificates/update.d... May 13 16:22:39.498911 osdx ca-certificates[88458]: done. May 13 16:22:39.590639 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:22:39.591896 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:39.597040 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:39.632176 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:22:39.632176 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Network connectivity detected May 13 16:22:39.632176 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Dropping privileges May 13 16:22:39.633108 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:39.636041 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Network connectivity detected May 13 16:22:39.636083 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:22:39.636083 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:22:39.636083 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Firefox workaround initialized May 13 16:22:39.636083 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpj8juxd1n] May 13 16:22:39.636613 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 13 16:22:39.636666 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 13 16:22:39.636705 osdx dnscrypt-proxy[88515]: [2025-05-13 16:22:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 13 16:22:45.349247 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.1M, max 15.3M, 13.2M free. May 13 16:22:45.350362 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:22:45.350408 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:22:45.359517 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:22:45.707248 osdx osdx-coredump[90208]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:22:45.715066 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:22:46.196032 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:46.270767 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:22:46.354501 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:22:46.421602 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:46.510339 osdx ubnt-cfgd[90226]: inactive May 13 16:22:46.532520 osdx INFO[90234]: FRR daemons did not change May 13 16:22:46.635993 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:46.646916 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:46.663716 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:46.826028 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:22:46.997486 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 13 16:22:47.099285 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443'. May 13 16:22:47.280039 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:22:47.360238 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:22:47.475032 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:22:47.542755 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 13 16:22:47.632187 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:22:47.713731 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:22:47.814857 osdx ubnt-cfgd[90389]: inactive May 13 16:22:47.834167 osdx INFO[90397]: FRR daemons did not change May 13 16:22:47.846847 osdx ca-certificates[90413]: Updating certificates in /etc/ssl/certs... May 13 16:22:48.335621 osdx ca-certificates[91416]: 1 added, 0 removed; done. May 13 16:22:48.339419 osdx ca-certificates[91423]: Running hooks in /etc/ca-certificates/update.d... May 13 16:22:48.343073 osdx ca-certificates[91425]: done. May 13 16:22:48.470705 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:22:48.471863 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:22:48.475108 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:22:48.493501 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:22:48.500032 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:22:48.500261 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Network connectivity detected May 13 16:22:48.500484 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Dropping privileges May 13 16:22:48.502592 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Network connectivity detected May 13 16:22:48.502629 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:22:48.502629 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:22:48.502629 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Firefox workaround initialized May 13 16:22:48.502677 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjsl7samu] May 13 16:22:48.503108 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 13 16:22:48.503132 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 13 16:22:48.503132 osdx dnscrypt-proxy[91482]: [2025-05-13 16:22:48] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16