Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:08.349245 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.2M free. May 13 16:21:08.349653 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:21:08.349683 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:21:08.358667 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:08.686202 osdx osdx-coredump[69054]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:08.693633 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:09.163567 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:09.241203 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:21:09.329766 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:09.405887 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:09.487252 osdx ubnt-cfgd[69072]: inactive May 13 16:21:09.508147 osdx INFO[69080]: FRR daemons did not change May 13 16:21:09.611484 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:09.626054 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:09.643377 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:09.792823 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:21:10.902568 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:10.984920 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:21:11.084391 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:21:11.150853 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 13 16:21:11.242636 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 13 16:21:11.304081 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 13 16:21:11.399923 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 13 16:21:11.455964 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 13 16:21:11.552864 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:21:11.613405 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 13 16:21:11.735805 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:11.814296 osdx ubnt-cfgd[69235]: inactive May 13 16:21:11.837522 osdx INFO[69243]: FRR daemons did not change May 13 16:21:11.850312 osdx ca-certificates[69259]: Updating certificates in /etc/ssl/certs... May 13 16:21:12.344507 osdx ca-certificates[70263]: 1 added, 0 removed; done. May 13 16:21:12.347534 osdx ca-certificates[70269]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:12.350231 osdx ca-certificates[70271]: done. May 13 16:21:12.481569 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:12.482926 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:12.487180 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:12.509624 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:12.514154 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:12.514309 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Network connectivity detected May 13 16:21:12.514445 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Dropping privileges May 13 16:21:12.516407 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Network connectivity detected May 13 16:21:12.516429 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:12.516443 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:12.516443 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 13 16:21:12.516471 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Firefox workaround initialized May 13 16:21:12.516471 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8plydjzo] May 13 16:21:12.646136 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] [RD] OK (DoH) - rtt: 108ms May 13 16:21:12.646136 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 108ms) May 13 16:21:12.646136 osdx dnscrypt-proxy[70331]: [2025-05-13 16:21:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:08.310076 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/40d471a1719548efa28850ccdbbdff9f) is 992.0K, max 7.2M, 6.2M free. May 13 16:21:08.312356 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. May 13 16:21:08.312402 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/40d471a1719548efa28850ccdbbdff9f. May 13 16:21:08.321464 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:08.746945 osdx osdx-coredump[197116]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:08.754848 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:09.814331 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:09.905290 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 13 16:21:09.982937 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:10.109272 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service ssh'. May 13 16:21:10.186429 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:10.273778 osdx ubnt-cfgd[197135]: inactive May 13 16:21:10.303455 osdx INFO[197149]: FRR daemons did not change May 13 16:21:10.324359 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 13 16:21:10.464580 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 13 16:21:10.478896 osdx sshd[197263]: Server listening on 0.0.0.0 port 22. May 13 16:21:10.479106 osdx sshd[197263]: Server listening on :: port 22. May 13 16:21:10.479221 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 13 16:21:10.500222 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:10.512069 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:10.539669 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:10.686312 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 13 16:21:12.685774 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:12.753284 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 13 16:21:12.845010 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 13 16:21:12.904202 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 13 16:21:13.002072 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 13 16:21:13.058205 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 13 16:21:13.158037 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 13 16:21:13.223663 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad'. May 13 16:21:13.348884 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:13.425299 osdx ubnt-cfgd[197318]: inactive May 13 16:21:13.457658 osdx INFO[197326]: FRR daemons did not change May 13 16:21:13.518863 osdx ca-certificates[197341]: Updating certificates in /etc/ssl/certs... May 13 16:21:14.094213 osdx ca-certificates[198344]: 1 added, 0 removed; done. May 13 16:21:14.097353 osdx ca-certificates[198352]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:14.100203 osdx ca-certificates[198354]: done. May 13 16:21:14.176759 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:14.178625 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:14.181351 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:14.210665 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:14.361234 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal show | cat'. May 13 16:21:14.390451 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:14.390694 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Network connectivity detected May 13 16:21:14.390764 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Dropping privileges May 13 16:21:14.393166 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Network connectivity detected May 13 16:21:14.393166 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:14.393166 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:14.393166 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Firefox workaround initialized May 13 16:21:14.393166 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpgwm35shf] May 13 16:21:14.582283 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] [DUT0] OK (DoH) - rtt: 121ms May 13 16:21:14.582283 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 121ms) May 13 16:21:14.582283 osdx dnscrypt-proxy[198361]: [2025-05-13 16:21:14] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:23.306780 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.3M free. May 13 16:21:23.310118 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:21:23.310184 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:21:23.316959 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:23.645813 osdx osdx-coredump[72022]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:23.653621 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:24.122730 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:24.206490 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:21:24.310351 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:24.381191 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:24.474267 osdx ubnt-cfgd[72040]: inactive May 13 16:21:24.497205 osdx INFO[72048]: FRR daemons did not change May 13 16:21:24.595937 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:24.607340 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:24.624893 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:24.791906 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:21:25.957392 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 2bf8e614357d7ffe91a319d2d25e8046a64f2d349a757e66b5e8c8ccea2231f5'. May 13 16:21:26.129616 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:26.188902 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:21:26.287082 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:21:26.361713 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSAr-OYUNX1__pGjGdLSXoBGpk8tNJp1fma16MjM6iIx9QpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. May 13 16:21:26.459929 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 13 16:21:26.518316 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 13 16:21:26.617317 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 13 16:21:26.672105 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:21:26.774553 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 13 16:21:26.860576 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:26.955163 osdx ubnt-cfgd[72205]: inactive May 13 16:21:26.974163 osdx INFO[72213]: FRR daemons did not change May 13 16:21:26.986840 osdx ca-certificates[72229]: Updating certificates in /etc/ssl/certs... May 13 16:21:27.503246 osdx ca-certificates[73233]: 1 added, 0 removed; done. May 13 16:21:27.506365 osdx ca-certificates[73239]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:27.509071 osdx ca-certificates[73241]: done. May 13 16:21:27.630575 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:27.632176 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:27.634854 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:27.652290 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:27.652488 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Network connectivity detected May 13 16:21:27.652596 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Dropping privileges May 13 16:21:27.653098 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:27.655514 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Network connectivity detected May 13 16:21:27.655545 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:27.655545 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:27.655571 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 13 16:21:27.655585 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Firefox workaround initialized May 13 16:21:27.655585 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpbyy7y_vh] May 13 16:21:27.804749 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] [RD] OK (DoH) - rtt: 123ms May 13 16:21:27.804749 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] Server with the lowest initial latency: RD (rtt: 123ms) May 13 16:21:27.804749 osdx dnscrypt-proxy[73301]: [2025-05-13 16:21:27] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 13 16:21:27.811318 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:23.284950 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/40d471a1719548efa28850ccdbbdff9f) is 1020.0K, max 7.2M, 6.2M free. May 13 16:21:23.288016 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. May 13 16:21:23.288073 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/40d471a1719548efa28850ccdbbdff9f. May 13 16:21:23.294265 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:23.717718 osdx osdx-coredump[200030]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:23.725267 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:24.872486 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:24.987300 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 13 16:21:25.040933 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:25.148916 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service ssh'. May 13 16:21:25.232250 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:25.322796 osdx ubnt-cfgd[200049]: inactive May 13 16:21:25.345947 osdx INFO[200063]: FRR daemons did not change May 13 16:21:25.364019 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 13 16:21:25.504240 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 13 16:21:25.516160 osdx sshd[200177]: Server listening on 0.0.0.0 port 22. May 13 16:21:25.516377 osdx sshd[200177]: Server listening on :: port 22. May 13 16:21:25.516480 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 13 16:21:25.552348 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:25.568508 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:25.584758 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:25.740321 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 13 16:21:29.939764 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad'. May 13 16:21:30.086262 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:30.151811 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 13 16:21:30.263282 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 13 16:21:30.322582 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 13 16:21:30.428852 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 13 16:21:30.501230 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:30.593510 osdx ubnt-cfgd[200232]: inactive May 13 16:21:30.611972 osdx INFO[200240]: FRR daemons did not change May 13 16:21:30.624235 osdx ca-certificates[200256]: Updating certificates in /etc/ssl/certs... May 13 16:21:31.132833 osdx ca-certificates[201260]: 1 added, 0 removed; done. May 13 16:21:31.137241 osdx ca-certificates[201266]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:31.141323 osdx ca-certificates[201268]: done. May 13 16:21:31.228315 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:31.229884 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:31.235294 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:31.264285 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:31.274432 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:31.274811 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Network connectivity detected May 13 16:21:31.275186 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Dropping privileges May 13 16:21:31.277819 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Network connectivity detected May 13 16:21:31.277888 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:31.277888 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:31.277888 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Firefox workaround initialized May 13 16:21:31.277888 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpzbhfzxey] May 13 16:21:31.441239 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal show | cat'. May 13 16:21:31.446326 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] [DUT0] OK (DoH) - rtt: 116ms May 13 16:21:31.446326 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 116ms) May 13 16:21:31.446326 osdx dnscrypt-proxy[201275]: [2025-05-13 16:21:31] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key 'b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 13 16:21:40.300854 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.2M free. May 13 16:21:40.303800 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:21:40.303852 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:21:40.310133 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:40.667454 osdx osdx-coredump[74998]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:40.675015 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:41.198113 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:41.279266 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:21:41.363600 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:41.429714 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:41.528780 osdx ubnt-cfgd[75016]: inactive May 13 16:21:41.548390 osdx INFO[75024]: FRR daemons did not change May 13 16:21:41.644467 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:41.655665 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:41.673864 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:41.817211 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:21:42.917236 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 13 16:21:43.057466 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:43.118120 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:21:43.217396 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:21:43.280731 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. May 13 16:21:43.379354 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. May 13 16:21:43.441557 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. May 13 16:21:43.544711 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7'. May 13 16:21:43.597682 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:21:43.698050 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 13 16:21:43.760921 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 13 16:21:43.857321 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 13 16:21:43.930401 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:44.055614 osdx ubnt-cfgd[75182]: inactive May 13 16:21:44.074763 osdx INFO[75190]: FRR daemons did not change May 13 16:21:44.088761 osdx ca-certificates[75206]: Updating certificates in /etc/ssl/certs... May 13 16:21:44.563731 osdx ca-certificates[76209]: 1 added, 0 removed; done. May 13 16:21:44.566701 osdx ca-certificates[76216]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:44.569484 osdx ca-certificates[76218]: done. May 13 16:21:44.692167 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:44.693571 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:44.696693 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:44.724376 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:44.724637 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Network connectivity detected May 13 16:21:44.724729 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Dropping privileges May 13 16:21:44.726544 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:44.727521 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Network connectivity detected May 13 16:21:44.727591 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:44.727620 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:44.727658 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 13 16:21:44.727695 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Firefox workaround initialized May 13 16:21:44.727718 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1cnyo3bz] May 13 16:21:44.750661 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] [RD] OK (DNSCrypt) - rtt: 22ms May 13 16:21:44.750661 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] Server with the lowest initial latency: RD (rtt: 22ms) May 13 16:21:44.750661 osdx dnscrypt-proxy[76278]: [2025-05-13 16:21:44] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:40.279440 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/40d471a1719548efa28850ccdbbdff9f) is 1.0M, max 7.2M, 6.2M free. May 13 16:21:40.282798 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. May 13 16:21:40.282851 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/40d471a1719548efa28850ccdbbdff9f. May 13 16:21:40.288974 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:40.765835 osdx osdx-coredump[202943]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:40.774656 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:41.849766 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:41.977884 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 13 16:21:42.035136 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:42.134135 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service ssh'. May 13 16:21:42.203246 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:42.287738 osdx ubnt-cfgd[202962]: inactive May 13 16:21:42.313528 osdx INFO[202976]: FRR daemons did not change May 13 16:21:42.334801 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 13 16:21:42.487148 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 13 16:21:42.501442 osdx sshd[203090]: Server listening on 0.0.0.0 port 22. May 13 16:21:42.501726 osdx sshd[203090]: Server listening on :: port 22. May 13 16:21:42.501898 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 13 16:21:42.526252 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:42.539837 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:42.558906 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:42.693338 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 13 16:21:44.931100 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:44.996049 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 13 16:21:45.091730 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 13 16:21:45.149512 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 13 16:21:45.253020 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. May 13 16:21:45.313924 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. May 13 16:21:45.419110 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. May 13 16:21:45.480818 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad'. May 13 16:21:45.588156 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:45.665310 osdx ubnt-cfgd[203145]: inactive May 13 16:21:45.685040 osdx INFO[203153]: FRR daemons did not change May 13 16:21:45.700113 osdx ca-certificates[203169]: Updating certificates in /etc/ssl/certs... May 13 16:21:46.175293 osdx ca-certificates[204174]: 1 added, 0 removed; done. May 13 16:21:46.179136 osdx ca-certificates[204179]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:46.182843 osdx ca-certificates[204181]: done. May 13 16:21:46.275081 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:46.276900 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:46.281689 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:46.298151 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:46.298317 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Network connectivity detected May 13 16:21:46.298484 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Dropping privileges May 13 16:21:46.301161 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Network connectivity detected May 13 16:21:46.301161 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:46.301161 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:46.301161 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Firefox workaround initialized May 13 16:21:46.301161 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpw0noqjoo] May 13 16:21:46.309554 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:46.474241 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] [DUT0] OK (DoH) - rtt: 102ms May 13 16:21:46.474241 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 102ms) May 13 16:21:46.474241 osdx dnscrypt-proxy[204188]: [2025-05-13 16:21:46] [NOTICE] dnscrypt-proxy is ready - live servers: 1 May 13 16:21:46.476393 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
May 13 16:21:54.332714 osdx systemd-journald[27261]: Runtime Journal (/run/log/journal/29acf74054db4c3a94b562797c4c13a9) is 2.0M, max 15.3M, 13.2M free. May 13 16:21:54.335570 osdx systemd-journald[27261]: Received client request to rotate journal, rotating. May 13 16:21:54.335616 osdx systemd-journald[27261]: Vacuuming done, freed 0B of archived journals from /run/log/journal/29acf74054db4c3a94b562797c4c13a9. May 13 16:21:54.341945 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:54.667964 osdx osdx-coredump[77970]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:54.675362 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:55.139442 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:55.221440 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 13 16:21:55.297933 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:55.413136 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:55.476575 osdx ubnt-cfgd[77988]: inactive May 13 16:21:55.500689 osdx INFO[77996]: FRR daemons did not change May 13 16:21:55.610864 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:55.623532 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:55.640356 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:55.785014 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 13 16:21:56.841554 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. May 13 16:21:56.957889 osdx OSDxCLI[30995]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key b3:af:08:23:fb:c0:61:b4:2a:7e:86:6e:36:54:8a:11:7d:f0:b0:07:0f:22:b1:5c:98:f6:e8:28:cb:95:d1:e7 ip 10.215.168.1 port 8443'. May 13 16:21:57.102210 osdx OSDxCLI[30995]: User 'admin' entered the configuration menu. May 13 16:21:57.163774 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 13 16:21:57.261948 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 13 16:21:57.327231 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzILOvCCP7wGG0Kn6GbjZUihF98LAHDyKxXJj26CjLldHnGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. May 13 16:21:57.415893 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns resolver local'. May 13 16:21:57.473945 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. May 13 16:21:57.593534 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. May 13 16:21:57.652046 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. May 13 16:21:57.791474 osdx OSDxCLI[30995]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:57.858819 osdx ubnt-cfgd[78154]: inactive May 13 16:21:57.887362 osdx INFO[78162]: FRR daemons did not change May 13 16:21:57.900454 osdx ca-certificates[78177]: Updating certificates in /etc/ssl/certs... May 13 16:21:58.422093 osdx ca-certificates[79182]: 1 added, 0 removed; done. May 13 16:21:58.425232 osdx ca-certificates[79188]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:58.427903 osdx ca-certificates[79190]: done. May 13 16:21:58.543814 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:21:58.544932 osdx cfgd[1470]: [30995]Completed change to active configuration May 13 16:21:58.547508 osdx OSDxCLI[30995]: User 'admin' committed the configuration. May 13 16:21:58.566329 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:21:58.566569 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Network connectivity detected May 13 16:21:58.566624 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Dropping privileges May 13 16:21:58.568855 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Network connectivity detected May 13 16:21:58.568917 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:21:58.568917 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:21:58.568917 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] May 13 16:21:58.568917 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Firefox workaround initialized May 13 16:21:58.568917 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_a8poqgs] May 13 16:21:58.569678 osdx OSDxCLI[30995]: User 'admin' left the configuration menu. May 13 16:21:58.570000 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms May 13 16:21:58.570000 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) May 13 16:21:58.570000 osdx dnscrypt-proxy[79250]: [2025-05-13 16:21:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
May 13 16:21:54.294990 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/40d471a1719548efa28850ccdbbdff9f) is 1.0M, max 7.2M, 6.2M free. May 13 16:21:54.296929 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. May 13 16:21:54.296995 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/40d471a1719548efa28850ccdbbdff9f. May 13 16:21:54.305425 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal clear'. May 13 16:21:54.727702 osdx osdx-coredump[205859]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 13 16:21:54.735481 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system coredump delete all'. May 13 16:21:55.841746 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:55.930501 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. May 13 16:21:56.017823 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 13 16:21:56.073677 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service ssh'. May 13 16:21:56.185953 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:56.246452 osdx ubnt-cfgd[205878]: inactive May 13 16:21:56.272250 osdx INFO[205892]: FRR daemons did not change May 13 16:21:56.292910 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 13 16:21:56.429291 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 13 16:21:56.440331 osdx sshd[206006]: Server listening on 0.0.0.0 port 22. May 13 16:21:56.440354 osdx sshd[206006]: Server listening on :: port 22. May 13 16:21:56.440667 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 13 16:21:56.460149 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:21:56.471563 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:21:56.493617 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:21:56.645961 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. May 13 16:21:58.772853 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 69db1eac09bc045d134ebe27290fe6e75ef260891f7a6cd3320d8cc93664fcad'. May 13 16:21:58.926309 osdx OSDxCLI[163437]: User 'admin' entered the configuration menu. May 13 16:21:59.010885 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. May 13 16:21:59.118486 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. May 13 16:21:59.174690 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. May 13 16:21:59.279084 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgadserAm8BF0TTr4nKQ_m517yYIkfemzTMg2MyTZk_K0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. May 13 16:21:59.351971 osdx OSDxCLI[163437]: User 'admin' added a new cfg line: 'show working'. May 13 16:21:59.443668 osdx ubnt-cfgd[206061]: inactive May 13 16:21:59.468307 osdx INFO[206069]: FRR daemons did not change May 13 16:21:59.485305 osdx ca-certificates[206085]: Updating certificates in /etc/ssl/certs... May 13 16:21:59.943084 osdx ca-certificates[207088]: 1 added, 0 removed; done. May 13 16:21:59.946074 osdx ca-certificates[207095]: Running hooks in /etc/ca-certificates/update.d... May 13 16:21:59.948827 osdx ca-certificates[207097]: done. May 13 16:22:00.021302 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. May 13 16:22:00.022690 osdx cfgd[1253]: [163437]Completed change to active configuration May 13 16:22:00.025631 osdx OSDxCLI[163437]: User 'admin' committed the configuration. May 13 16:22:00.045758 osdx OSDxCLI[163437]: User 'admin' left the configuration menu. May 13 16:22:00.052725 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] dnscrypt-proxy 2.0.45 May 13 16:22:00.052978 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Network connectivity detected May 13 16:22:00.053210 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Dropping privileges May 13 16:22:00.055042 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Network connectivity detected May 13 16:22:00.055122 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Now listening to 127.0.0.1:53 [UDP] May 13 16:22:00.055153 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Now listening to 127.0.0.1:53 [TCP] May 13 16:22:00.055206 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Firefox workaround initialized May 13 16:22:00.055231 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk07ovw2k] May 13 16:22:00.188967 osdx OSDxCLI[163437]: User 'admin' executed a new command: 'system journal show | cat'. May 13 16:22:00.220710 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms May 13 16:22:00.220710 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) May 13 16:22:00.220710 osdx dnscrypt-proxy[207104]: [2025-05-13 16:22:00] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13