Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:45:31.341343 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.2M free. Jun 20 15:45:31.342033 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:45:31.342080 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:45:31.345682 osdx sudo[517686]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:31.352180 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:45:31.582392 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:45:32.020749 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:32.154750 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:45:32.257247 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:45:32.330253 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:32.417409 osdx ubnt-cfgd[517711]: inactive Jun 20 15:45:32.438432 osdx INFO[517719]: FRR daemons did not change Jun 20 15:45:32.458042 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:45:32.541418 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:32.553709 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:32.571378 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:32.741363 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:45:32.934647 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:33.008465 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:45:33.130569 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:45:33.218717 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 15:45:33.317737 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 15:45:33.434613 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 20 15:45:33.503978 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:45:33.659797 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:33.730819 osdx ubnt-cfgd[517871]: inactive Jun 20 15:45:33.749849 osdx INFO[517879]: FRR daemons did not change Jun 20 15:45:33.753618 osdx sudo[517882]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:33.763386 osdx ca-certificates[517895]: Updating certificates in /etc/ssl/certs... Jun 20 15:45:34.262777 osdx ubnt-cfgd[518893]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:45:34.270228 osdx ca-certificates[518899]: 1 added, 0 removed; done. Jun 20 15:45:34.274095 osdx ca-certificates[518905]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:45:34.276833 osdx ca-certificates[518907]: done. Jun 20 15:45:34.378400 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:45:34.379728 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:34.382043 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:34.404471 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:45:34.404654 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Network connectivity detected Jun 20 15:45:34.404775 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Dropping privileges Jun 20 15:45:34.407304 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Network connectivity detected Jun 20 15:45:34.407304 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:45:34.407304 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:45:34.407398 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Firefox workaround initialized Jun 20 15:45:34.407398 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpsiu3qcv2] Jun 20 15:45:34.409478 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:34.540208 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] [RD] OK (DoH) - rtt: 107ms Jun 20 15:45:34.540208 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] Server with the lowest initial latency: RD (rtt: 107ms) Jun 20 15:45:34.540301 osdx dnscrypt-proxy[518964]: [2025-06-20 15:45:34] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:45:39.000172 osdx systemd-timedated[474723]: Changed local time to Fri 2025-06-20 15:45:39 UTC Jun 20 15:45:39.001846 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:45:39'. Jun 20 15:45:39.003990 osdx systemd-journald[210303]: Time jumped backwards, rotating. Jun 20 15:45:39.318548 osdx sudo[520642]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:39.322376 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free. Jun 20 15:45:39.323984 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:45:39.324042 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:45:39.327358 osdx sudo[520641]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:39.333946 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:45:39.568779 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:45:39.803274 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:39.894557 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:45:39.981070 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:45:40.046605 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:40.156620 osdx ubnt-cfgd[520666]: inactive Jun 20 15:45:40.176797 osdx INFO[520674]: FRR daemons did not change Jun 20 15:45:40.196001 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:45:40.272423 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:40.284446 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:40.308248 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:40.467309 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:45:40.612560 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 20 15:45:40.758284 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:40.847390 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:45:40.959371 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:45:41.059243 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 20 15:45:41.150189 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:45:41.329351 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:41.453033 osdx ubnt-cfgd[520827]: inactive Jun 20 15:45:41.474147 osdx INFO[520835]: FRR daemons did not change Jun 20 15:45:41.478103 osdx sudo[520838]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:41.487637 osdx ca-certificates[520851]: Updating certificates in /etc/ssl/certs... Jun 20 15:45:41.989382 osdx ubnt-cfgd[521849]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:45:41.998637 osdx ca-certificates[521855]: 1 added, 0 removed; done. Jun 20 15:45:42.001470 osdx ca-certificates[521861]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:45:42.004613 osdx ca-certificates[521863]: done. Jun 20 15:45:42.104277 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:45:42.105381 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:42.108994 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:42.131844 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:42.136943 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:45:42.137137 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Network connectivity detected Jun 20 15:45:42.137240 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Dropping privileges Jun 20 15:45:42.139421 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Network connectivity detected Jun 20 15:45:42.139463 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:45:42.139463 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:45:42.139492 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Firefox workaround initialized Jun 20 15:45:42.139492 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpob5xokqk] Jun 20 15:45:42.267569 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] [RD] OK (DoH) - rtt: 105ms Jun 20 15:45:42.267569 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] Server with the lowest initial latency: RD (rtt: 105ms) Jun 20 15:45:42.267569 osdx dnscrypt-proxy[521920]: [2025-06-20 15:45:42] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 15:45:42.286491 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 20 15:45:50.351057 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.2M free. Jun 20 15:45:50.354463 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:45:50.354525 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:45:50.355484 osdx sudo[523600]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:50.362165 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:45:50.578636 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:45:50.813108 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:50.894353 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:45:50.982122 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:45:51.056370 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:51.152178 osdx ubnt-cfgd[523625]: inactive Jun 20 15:45:51.172989 osdx INFO[523633]: FRR daemons did not change Jun 20 15:45:51.194454 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:45:51.272396 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:51.287151 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:51.309941 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:51.459731 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:45:51.566782 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 15:45:51.711853 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:51.789650 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:45:51.930798 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:45:51.993183 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 20 15:45:52.095514 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 20 15:45:52.159397 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 20 15:45:52.285094 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 20 15:45:52.347850 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:45:52.487628 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:52.581918 osdx ubnt-cfgd[523788]: inactive Jun 20 15:45:52.601311 osdx INFO[523796]: FRR daemons did not change Jun 20 15:45:52.605997 osdx sudo[523799]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:52.614749 osdx ca-certificates[523812]: Updating certificates in /etc/ssl/certs... Jun 20 15:45:53.099501 osdx ubnt-cfgd[524810]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:45:53.107612 osdx ca-certificates[524816]: 1 added, 0 removed; done. Jun 20 15:45:53.110485 osdx ca-certificates[524822]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:45:53.113221 osdx ca-certificates[524824]: done. Jun 20 15:45:53.214751 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:45:53.215957 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:53.218702 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:53.237913 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:53.239287 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:45:53.239485 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Network connectivity detected Jun 20 15:45:53.239590 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Dropping privileges Jun 20 15:45:53.242165 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Network connectivity detected Jun 20 15:45:53.242223 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:45:53.242223 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:45:53.242223 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Firefox workaround initialized Jun 20 15:45:53.242223 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpq8j4zq9v] Jun 20 15:45:53.243172 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 15:45:53.243172 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 15:45:53.243240 osdx dnscrypt-proxy[524881]: [2025-06-20 15:45:53] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 20 15:45:58.000161 osdx systemd-timedated[474723]: Changed local time to Fri 2025-06-20 15:45:58 UTC Jun 20 15:45:58.001372 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:45:58'. Jun 20 15:45:58.003701 osdx systemd-journald[210303]: Time jumped backwards, rotating. Jun 20 15:45:58.339360 osdx sudo[526558]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:58.342707 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free. Jun 20 15:45:58.343697 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:45:58.343746 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:45:58.347174 osdx sudo[526557]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:45:58.353519 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:45:58.635825 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:45:58.876295 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:58.971073 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:45:59.047261 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:45:59.191745 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:45:59.263691 osdx ubnt-cfgd[526582]: inactive Jun 20 15:45:59.300513 osdx INFO[526590]: FRR daemons did not change Jun 20 15:45:59.319709 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:45:59.394567 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:45:59.405712 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:45:59.423576 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:45:59.564414 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:45:59.659489 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 15:45:59.754713 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 20 15:45:59.911907 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:45:59.972835 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:46:00.073157 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:46:00.139113 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 20 15:46:00.233316 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:46:00.320918 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:00.406946 osdx ubnt-cfgd[526745]: inactive Jun 20 15:46:00.435432 osdx INFO[526753]: FRR daemons did not change Jun 20 15:46:00.442724 osdx sudo[526756]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:00.457929 osdx ca-certificates[526769]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:00.989613 osdx ubnt-cfgd[527767]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:00.998491 osdx ca-certificates[527773]: 1 added, 0 removed; done. Jun 20 15:46:01.001438 osdx ca-certificates[527779]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:01.005412 osdx ca-certificates[527781]: done. Jun 20 15:46:01.104184 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:01.105426 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:01.107971 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:01.134475 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:01.139248 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:01.139519 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Network connectivity detected Jun 20 15:46:01.139602 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Dropping privileges Jun 20 15:46:01.142594 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Network connectivity detected Jun 20 15:46:01.142726 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:01.142780 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:01.142846 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Firefox workaround initialized Jun 20 15:46:01.142891 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1u2vbvhp] Jun 20 15:46:01.143584 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 15:46:01.143584 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 15:46:01.143584 osdx dnscrypt-proxy[527838]: [2025-06-20 15:46:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16