Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:14.346077 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.1M free. Jun 20 15:46:14.347319 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:46:14.347378 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:46:14.351602 osdx sudo[529903]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:14.359578 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:14.595768 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:14.892716 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:15.016504 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:46:15.109037 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:15.220242 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:15.289641 osdx ubnt-cfgd[529928]: inactive Jun 20 15:46:15.319068 osdx INFO[529936]: FRR daemons did not change Jun 20 15:46:15.343307 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:15.430580 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:15.442886 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:15.466905 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:15.655038 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:46:16.931593 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:17.004280 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:46:17.162638 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:46:17.261047 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 15:46:17.369271 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 15:46:17.477379 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 20 15:46:17.593063 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 20 15:46:17.715943 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 20 15:46:17.856657 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:46:17.944777 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 15:46:18.069809 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:18.185583 osdx ubnt-cfgd[530091]: inactive Jun 20 15:46:18.207357 osdx INFO[530099]: FRR daemons did not change Jun 20 15:46:18.211147 osdx sudo[530102]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:18.221300 osdx ca-certificates[530115]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:18.731677 osdx ubnt-cfgd[531113]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:18.740141 osdx ca-certificates[531119]: 1 added, 0 removed; done. Jun 20 15:46:18.744308 osdx ca-certificates[531125]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:18.747444 osdx ca-certificates[531127]: done. Jun 20 15:46:18.879784 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:18.882518 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:18.885397 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:18.909308 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:18.909678 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Network connectivity detected Jun 20 15:46:18.909990 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Dropping privileges Jun 20 15:46:18.913028 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Network connectivity detected Jun 20 15:46:18.913028 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:18.913791 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:18.913791 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 15:46:18.913791 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Firefox workaround initialized Jun 20 15:46:18.913791 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:18] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpztfen7a7] Jun 20 15:46:18.920153 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:19.060781 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:19] [NOTICE] [RD] OK (DoH) - rtt: 121ms Jun 20 15:46:19.060781 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:19] [NOTICE] Server with the lowest initial latency: RD (rtt: 121ms) Jun 20 15:46:19.060781 osdx dnscrypt-proxy[531187]: [2025-06-20 15:46:19] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:14.309768 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/6007ddf378ad466885280cbf52ccf316) is 1000.0K, max 7.2M, 6.3M free. Jun 20 15:46:14.310254 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 20 15:46:14.310299 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6007ddf378ad466885280cbf52ccf316. Jun 20 15:46:14.320503 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:14.560787 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:15.700751 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:15.825731 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 15:46:15.899916 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:16.043106 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 15:46:16.181067 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:16.278145 osdx ubnt-cfgd[259906]: inactive Jun 20 15:46:16.305598 osdx INFO[259920]: FRR daemons did not change Jun 20 15:46:16.326142 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:16.482390 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 20 15:46:16.497717 osdx sshd[260034]: Server listening on 0.0.0.0 port 22. Jun 20 15:46:16.498020 osdx sshd[260034]: Server listening on :: port 22. Jun 20 15:46:16.498219 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 20 15:46:16.519455 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:16.531017 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:16.547702 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:16.707812 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 15:46:19.179204 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:19.307917 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 15:46:19.405057 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 15:46:19.461783 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 15:46:19.580147 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 20 15:46:19.663968 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 20 15:46:19.762820 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 20 15:46:19.899388 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f'. Jun 20 15:46:20.006810 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:20.151559 osdx ubnt-cfgd[260089]: inactive Jun 20 15:46:20.176050 osdx INFO[260097]: FRR daemons did not change Jun 20 15:46:20.188182 osdx ca-certificates[260113]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:20.654784 osdx ubnt-cfgd[261111]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:20.663875 osdx ca-certificates[261116]: 1 added, 0 removed; done. Jun 20 15:46:20.667672 osdx ca-certificates[261123]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:20.671264 osdx ca-certificates[261125]: done. Jun 20 15:46:20.754815 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:20.757367 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:20.763275 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:20.783424 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:20.783681 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Network connectivity detected Jun 20 15:46:20.783681 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Dropping privileges Jun 20 15:46:20.785542 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Network connectivity detected Jun 20 15:46:20.785574 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:20.785574 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:20.785646 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Firefox workaround initialized Jun 20 15:46:20.785646 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpu3w_0ct7] Jun 20 15:46:20.791966 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:20.932471 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] [DUT0] OK (DoH) - rtt: 100ms Jun 20 15:46:20.932471 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 100ms) Jun 20 15:46:20.932471 osdx dnscrypt-proxy[261132]: [2025-06-20 15:46:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:26.000179 osdx systemd-timedated[474723]: Changed local time to Fri 2025-06-20 15:46:26 UTC Jun 20 15:46:26.000943 osdx systemd-journald[210303]: Time jumped backwards, rotating. Jun 20 15:46:26.001865 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:46:26'. Jun 20 15:46:26.348095 osdx sudo[532864]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:26.351046 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free. Jun 20 15:46:26.352940 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:46:26.352998 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:46:26.355118 osdx sudo[532863]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:26.361832 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:26.734866 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:27.058876 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:27.145029 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:46:27.234315 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:27.302320 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:27.410796 osdx ubnt-cfgd[532888]: inactive Jun 20 15:46:27.433815 osdx INFO[532896]: FRR daemons did not change Jun 20 15:46:27.456952 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:27.525238 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:27.535944 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:27.579658 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:27.722153 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:46:28.822393 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 20 15:46:28.986226 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:29.058931 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:46:29.164302 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:46:29.228127 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 20 15:46:29.325173 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 20 15:46:29.391054 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 20 15:46:29.480901 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 15:46:29.541406 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:46:29.655810 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 15:46:29.785774 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:29.904032 osdx ubnt-cfgd[533055]: inactive Jun 20 15:46:29.925648 osdx INFO[533063]: FRR daemons did not change Jun 20 15:46:29.929689 osdx sudo[533066]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:29.939113 osdx ca-certificates[533078]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:30.440438 osdx ubnt-cfgd[534077]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:30.448558 osdx ca-certificates[534082]: 1 added, 0 removed; done. Jun 20 15:46:30.451422 osdx ca-certificates[534089]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:30.454279 osdx ca-certificates[534091]: done. Jun 20 15:46:30.585256 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:30.586675 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:30.588754 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:30.611375 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:30.612254 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:30.612481 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Network connectivity detected Jun 20 15:46:30.612719 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Dropping privileges Jun 20 15:46:30.614817 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Network connectivity detected Jun 20 15:46:30.614895 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:30.614922 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:30.614954 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 15:46:30.614991 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Firefox workaround initialized Jun 20 15:46:30.615013 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpeik9f366] Jun 20 15:46:30.738469 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] [RD] OK (DoH) - rtt: 98ms Jun 20 15:46:30.738469 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] Server with the lowest initial latency: RD (rtt: 98ms) Jun 20 15:46:30.738469 osdx dnscrypt-proxy[534151]: [2025-06-20 15:46:30] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:26.000163 osdx systemd-timedated[242751]: Changed local time to Fri 2025-06-20 15:46:26 UTC Jun 20 15:46:26.001245 osdx systemd-journald[1554]: Time jumped backwards, rotating. Jun 20 15:46:26.001624 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'set date 2025-06-20 15:46:26'. Jun 20 15:46:26.352643 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/6007ddf378ad466885280cbf52ccf316) is 1.0M, max 7.2M, 6.2M free. Jun 20 15:46:26.353584 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 20 15:46:26.353632 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6007ddf378ad466885280cbf52ccf316. Jun 20 15:46:26.362180 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:26.706221 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:27.726919 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:27.803089 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 15:46:27.905560 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:27.978372 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 15:46:28.098343 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:28.177141 osdx ubnt-cfgd[262805]: inactive Jun 20 15:46:28.201586 osdx INFO[262819]: FRR daemons did not change Jun 20 15:46:28.225244 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:28.357498 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 20 15:46:28.369055 osdx sshd[262933]: Server listening on 0.0.0.0 port 22. Jun 20 15:46:28.369254 osdx sshd[262933]: Server listening on :: port 22. Jun 20 15:46:28.369351 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 20 15:46:28.406214 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:28.419709 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:28.467800 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:28.587748 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 15:46:30.915167 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f'. Jun 20 15:46:31.100445 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:31.178903 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 15:46:31.248682 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 15:46:31.340058 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 15:46:31.409251 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 20 15:46:31.549729 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:31.616783 osdx ubnt-cfgd[262988]: inactive Jun 20 15:46:31.637163 osdx INFO[262996]: FRR daemons did not change Jun 20 15:46:31.651296 osdx ca-certificates[263012]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:32.182766 osdx ubnt-cfgd[264010]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:32.193925 osdx ca-certificates[264016]: 1 added, 0 removed; done. Jun 20 15:46:32.198148 osdx ca-certificates[264022]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:32.202125 osdx ca-certificates[264024]: done. Jun 20 15:46:32.281916 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:32.284522 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:32.287734 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:32.308804 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:32.310104 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:32.310279 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Network connectivity detected Jun 20 15:46:32.310448 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Dropping privileges Jun 20 15:46:32.313176 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Network connectivity detected Jun 20 15:46:32.313176 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:32.313176 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:32.313176 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Firefox workaround initialized Jun 20 15:46:32.313176 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp651t79bh] Jun 20 15:46:32.464743 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms Jun 20 15:46:32.464743 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) Jun 20 15:46:32.464743 osdx dnscrypt-proxy[264031]: [2025-06-20 15:46:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 15:46:32.479125 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 20 15:46:41.319689 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.2M free. Jun 20 15:46:41.320275 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:46:41.320318 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:46:41.324307 osdx sudo[535827]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:41.330398 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:41.636723 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:41.860035 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:41.941447 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:46:42.025435 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:42.092607 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:42.192586 osdx ubnt-cfgd[535852]: inactive Jun 20 15:46:42.216888 osdx INFO[535860]: FRR daemons did not change Jun 20 15:46:42.239893 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:42.310404 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:42.324024 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:42.356730 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:42.512967 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:46:43.708346 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 15:46:43.866746 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:43.950854 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:46:44.020407 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:46:44.144557 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 20 15:46:44.214657 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 20 15:46:44.329041 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 20 15:46:44.414908 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 20 15:46:44.536938 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:46:44.594575 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 20 15:46:44.697258 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 20 15:46:44.756175 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 15:46:44.876803 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:44.958665 osdx ubnt-cfgd[536018]: inactive Jun 20 15:46:44.980431 osdx INFO[536026]: FRR daemons did not change Jun 20 15:46:44.985303 osdx sudo[536029]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:44.998953 osdx ca-certificates[536042]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:45.497743 osdx ubnt-cfgd[537040]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:45.505078 osdx ca-certificates[537046]: 1 added, 0 removed; done. Jun 20 15:46:45.507872 osdx ca-certificates[537052]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:45.510706 osdx ca-certificates[537054]: done. Jun 20 15:46:45.640277 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:45.642029 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:45.644394 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:45.668385 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:45.668595 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Network connectivity detected Jun 20 15:46:45.668725 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Dropping privileges Jun 20 15:46:45.671388 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Network connectivity detected Jun 20 15:46:45.671424 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:45.671424 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:45.671451 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 15:46:45.671489 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Firefox workaround initialized Jun 20 15:46:45.671489 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1getqx8k] Jun 20 15:46:45.672023 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 15:46:45.672038 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:45.672358 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 15:46:45.672386 osdx dnscrypt-proxy[537114]: [2025-06-20 15:46:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:41.305335 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/6007ddf378ad466885280cbf52ccf316) is 1.0M, max 7.2M, 6.2M free. Jun 20 15:46:41.306223 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 20 15:46:41.306276 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6007ddf378ad466885280cbf52ccf316. Jun 20 15:46:41.316708 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:41.596278 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:42.591263 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:42.680295 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 15:46:42.783411 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:42.859403 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 15:46:42.983568 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:43.046351 osdx ubnt-cfgd[265709]: inactive Jun 20 15:46:43.074986 osdx INFO[265723]: FRR daemons did not change Jun 20 15:46:43.094070 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:43.254287 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 20 15:46:43.266018 osdx sshd[265837]: Server listening on 0.0.0.0 port 22. Jun 20 15:46:43.266209 osdx sshd[265837]: Server listening on :: port 22. Jun 20 15:46:43.266304 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 20 15:46:43.285826 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:43.296999 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:43.346364 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:43.519184 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 15:46:45.881001 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:45.941407 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 15:46:46.060276 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 15:46:46.177447 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 15:46:46.299053 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 20 15:46:46.373394 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 20 15:46:46.488877 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 20 15:46:46.569899 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f'. Jun 20 15:46:46.651692 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:46.751059 osdx ubnt-cfgd[265892]: inactive Jun 20 15:46:46.770819 osdx INFO[265900]: FRR daemons did not change Jun 20 15:46:46.785499 osdx ca-certificates[265916]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:47.252154 osdx ubnt-cfgd[266914]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:47.259836 osdx ca-certificates[266919]: 1 added, 0 removed; done. Jun 20 15:46:47.262833 osdx ca-certificates[266926]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:47.265651 osdx ca-certificates[266928]: done. Jun 20 15:46:47.346316 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:47.347497 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:47.349486 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:47.367511 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:47.372406 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:47.372656 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Network connectivity detected Jun 20 15:46:47.372878 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Dropping privileges Jun 20 15:46:47.374969 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Network connectivity detected Jun 20 15:46:47.375011 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:47.375011 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:47.375039 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Firefox workaround initialized Jun 20 15:46:47.375039 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp7u8q3u09] Jun 20 15:46:47.527748 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] [DUT0] OK (DoH) - rtt: 107ms Jun 20 15:46:47.527748 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 107ms) Jun 20 15:46:47.527748 osdx dnscrypt-proxy[266935]: [2025-06-20 15:46:47] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 20 15:46:47.552477 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 20 15:46:55.000402 osdx systemd-timedated[474723]: Changed local time to Fri 2025-06-20 15:46:55 UTC Jun 20 15:46:55.003218 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:46:55'. Jun 20 15:46:55.004207 osdx systemd-journald[210303]: Time jumped backwards, rotating. Jun 20 15:46:55.311613 osdx sudo[538792]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:55.315532 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free. Jun 20 15:46:55.316170 osdx systemd-journald[210303]: Received client request to rotate journal, rotating. Jun 20 15:46:55.316216 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8. Jun 20 15:46:55.319973 osdx sudo[538791]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:55.326341 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:55.540858 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:55.986604 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:56.104625 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 15:46:56.198207 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:56.357742 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:56.425941 osdx ubnt-cfgd[538816]: inactive Jun 20 15:46:56.448527 osdx INFO[538824]: FRR daemons did not change Jun 20 15:46:56.468181 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:56.540383 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:56.552680 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:56.569026 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:56.706316 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 15:46:57.960953 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 20 15:46:58.048180 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 20 15:46:58.251425 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu. Jun 20 15:46:58.356987 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 15:46:58.454378 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 15:46:58.562968 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 20 15:46:58.636116 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 20 15:46:58.752338 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 20 15:46:58.864118 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 20 15:46:58.921718 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 20 15:46:59.034458 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:59.108020 osdx ubnt-cfgd[538982]: inactive Jun 20 15:46:59.132297 osdx INFO[538990]: FRR daemons did not change Jun 20 15:46:59.136258 osdx sudo[538993]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 20 15:46:59.147513 osdx ca-certificates[539006]: Updating certificates in /etc/ssl/certs... Jun 20 15:46:59.725740 osdx ubnt-cfgd[540004]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:46:59.737017 osdx ca-certificates[540010]: 1 added, 0 removed; done. Jun 20 15:46:59.741275 osdx ca-certificates[540016]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:46:59.745215 osdx ca-certificates[540018]: done. Jun 20 15:46:59.868636 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:46:59.870191 osdx cfgd[1460]: [389379]Completed change to active configuration Jun 20 15:46:59.872686 osdx OSDxCLI[389379]: User 'admin' committed the configuration. Jun 20 15:46:59.889873 osdx OSDxCLI[389379]: User 'admin' left the configuration menu. Jun 20 15:46:59.890371 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:46:59.890496 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Network connectivity detected Jun 20 15:46:59.890720 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Dropping privileges Jun 20 15:46:59.893391 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Network connectivity detected Jun 20 15:46:59.893423 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:46:59.893423 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:46:59.893453 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 20 15:46:59.893467 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Firefox workaround initialized Jun 20 15:46:59.893467 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpajjk1w37] Jun 20 15:46:59.894042 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 20 15:46:59.894042 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 20 15:46:59.894104 osdx dnscrypt-proxy[540078]: [2025-06-20 15:46:59] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 20 15:46:55.297558 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/6007ddf378ad466885280cbf52ccf316) is 1.0M, max 7.2M, 6.2M free. Jun 20 15:46:55.301455 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 20 15:46:55.301524 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6007ddf378ad466885280cbf52ccf316. Jun 20 15:46:55.307380 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal clear'. Jun 20 15:46:55.543432 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 15:46:56.765354 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:46:56.905909 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 20 15:46:56.966651 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 15:46:57.092294 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service ssh'. Jun 20 15:46:57.182606 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:46:57.296161 osdx ubnt-cfgd[268614]: inactive Jun 20 15:46:57.324850 osdx INFO[268628]: FRR daemons did not change Jun 20 15:46:57.349447 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 15:46:57.533846 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 20 15:46:57.551423 osdx sshd[268742]: Server listening on 0.0.0.0 port 22. Jun 20 15:46:57.551693 osdx sshd[268742]: Server listening on :: port 22. Jun 20 15:46:57.551858 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 20 15:46:57.577996 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:46:57.593752 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:46:57.618176 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:46:57.775423 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 20 15:47:00.093722 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash cd34f1a2b05a22041849c149e2422d4ecfcea07d0ce9952cf886099c6b2f6a1f'. Jun 20 15:47:00.244240 osdx OSDxCLI[170436]: User 'admin' entered the configuration menu. Jun 20 15:47:00.335576 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 20 15:47:00.448477 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 20 15:47:00.544513 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 20 15:47:00.643856 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgzTTxorBaIgQYScFJ4kItTs_OoH0M6ZUs-IYJnGsvah8NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 20 15:47:00.754528 osdx OSDxCLI[170436]: User 'admin' added a new cfg line: 'show working'. Jun 20 15:47:00.837809 osdx ubnt-cfgd[268797]: inactive Jun 20 15:47:00.860422 osdx INFO[268805]: FRR daemons did not change Jun 20 15:47:00.873348 osdx ca-certificates[268820]: Updating certificates in /etc/ssl/certs... Jun 20 15:47:01.469109 osdx ubnt-cfgd[269819]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 20 15:47:01.481999 osdx ca-certificates[269826]: 1 added, 0 removed; done. Jun 20 15:47:01.486959 osdx ca-certificates[269831]: Running hooks in /etc/ca-certificates/update.d... Jun 20 15:47:01.491832 osdx ca-certificates[269833]: done. Jun 20 15:47:01.585963 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 20 15:47:01.588061 osdx cfgd[1254]: [170436]Completed change to active configuration Jun 20 15:47:01.591318 osdx OSDxCLI[170436]: User 'admin' committed the configuration. Jun 20 15:47:01.608201 osdx OSDxCLI[170436]: User 'admin' left the configuration menu. Jun 20 15:47:01.609906 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] dnscrypt-proxy 2.0.45 Jun 20 15:47:01.610190 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Network connectivity detected Jun 20 15:47:01.610397 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Dropping privileges Jun 20 15:47:01.612505 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Network connectivity detected Jun 20 15:47:01.612505 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 20 15:47:01.612505 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 20 15:47:01.612505 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Firefox workaround initialized Jun 20 15:47:01.612505 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp5tzc93vz] Jun 20 15:47:01.780142 osdx OSDxCLI[170436]: User 'admin' executed a new command: 'system journal show | cat'. Jun 20 15:47:01.780645 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] [DUT0] OK (DoH) - rtt: 105ms Jun 20 15:47:01.780645 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 105ms) Jun 20 15:47:01.780645 osdx dnscrypt-proxy[269840]: [2025-06-20 15:47:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13