Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Sep 05 09:43:09.311769 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.9M, max 13.8M, 11.8M free. Sep 05 09:43:09.314201 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:43:09.314267 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:43:09.323642 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:43:09.542312 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:43:09.772586 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:09.849691 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:43:09.928687 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:43:10.043224 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:10.110394 osdx ubnt-cfgd[21163]: inactive Sep 05 09:43:10.131209 osdx INFO[21171]: FRR daemons did not change Sep 05 09:43:10.221140 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:10.233785 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:10.256635 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:10.404729 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:43:10.576241 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:10.651812 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:43:10.761455 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:43:10.839256 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:43:10.939253 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:43:11.038923 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:43:11.096513 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns resolver local'. Sep 05 09:43:11.207602 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:11.281746 osdx ubnt-cfgd[21323]: inactive Sep 05 09:43:11.309735 osdx INFO[21331]: FRR daemons did not change Sep 05 09:43:11.334538 osdx ca-certificates[21347]: Updating certificates in /etc/ssl/certs... Sep 05 09:43:11.855852 osdx ubnt-cfgd[22345]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:43:11.866936 osdx ca-certificates[22349]: 1 added, 0 removed; done. Sep 05 09:43:11.869684 osdx ca-certificates[22357]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:43:11.872458 osdx ca-certificates[22359]: done. Sep 05 09:43:11.978687 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:43:11.980458 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:11.984180 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:12.028084 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:12.144979 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal show | cat'. Sep 05 09:43:12.199880 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] dnscrypt-proxy 2.0.45 Sep 05 09:43:12.200145 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Network connectivity detected Sep 05 09:43:12.200229 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Dropping privileges Sep 05 09:43:12.202506 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Network connectivity detected Sep 05 09:43:12.202602 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Sep 05 09:43:12.202635 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Sep 05 09:43:12.202689 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Firefox workaround initialized Sep 05 09:43:12.202723 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpifri3bch] Sep 05 09:43:12.411776 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] [RD] OK (DoH) - rtt: 119ms Sep 05 09:43:12.411776 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] Server with the lowest initial latency: RD (rtt: 119ms) Sep 05 09:43:12.411776 osdx dnscrypt-proxy[22416]: [2025-09-05 09:43:12] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Sep 05 09:43:19.354673 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:43:19.355288 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:43:19.355329 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:43:19.366583 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:43:19.577749 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:43:19.794431 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:19.868542 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:43:19.953399 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:43:20.018437 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:20.119433 osdx ubnt-cfgd[24123]: inactive Sep 05 09:43:20.140310 osdx INFO[24131]: FRR daemons did not change Sep 05 09:43:20.239012 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:20.252635 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:20.272508 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:20.409287 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:43:20.555712 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:43:20.698600 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:20.760192 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:43:20.862240 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:43:20.925930 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Sep 05 09:43:21.018979 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns resolver local'. Sep 05 09:43:21.092324 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:21.191115 osdx ubnt-cfgd[24284]: inactive Sep 05 09:43:21.211271 osdx INFO[24292]: FRR daemons did not change Sep 05 09:43:21.229980 osdx ca-certificates[24308]: Updating certificates in /etc/ssl/certs... Sep 05 09:43:21.746044 osdx ubnt-cfgd[25306]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:43:21.753797 osdx ca-certificates[25312]: 1 added, 0 removed; done. Sep 05 09:43:21.756740 osdx ca-certificates[25318]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:43:21.759280 osdx ca-certificates[25320]: done. Sep 05 09:43:21.863015 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:43:21.864003 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:21.866803 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:21.891324 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:21.897377 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] dnscrypt-proxy 2.0.45 Sep 05 09:43:21.897771 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Network connectivity detected Sep 05 09:43:21.898068 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Dropping privileges Sep 05 09:43:21.901099 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Network connectivity detected Sep 05 09:43:21.901161 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Sep 05 09:43:21.901161 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Sep 05 09:43:21.901161 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Firefox workaround initialized Sep 05 09:43:21.901161 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpu46nbtxu] Sep 05 09:43:22.043897 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal show | cat'. Sep 05 09:43:22.078470 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:22] [NOTICE] [RD] OK (DoH) - rtt: 113ms Sep 05 09:43:22.078470 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:22] [NOTICE] Server with the lowest initial latency: RD (rtt: 113ms) Sep 05 09:43:22.078470 osdx dnscrypt-proxy[25377]: [2025-09-05 09:43:22] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Sep 05 09:43:29.301313 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:43:29.303401 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:43:29.303445 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:43:29.311316 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:43:29.535550 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:43:29.750368 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:29.825413 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:43:29.910627 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:43:29.977058 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:30.071840 osdx ubnt-cfgd[27083]: inactive Sep 05 09:43:30.091945 osdx INFO[27091]: FRR daemons did not change Sep 05 09:43:30.180167 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:30.191412 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:30.208372 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:30.350962 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:43:30.548243 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Sep 05 09:43:30.677273 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:30.754432 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:43:30.811608 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:43:30.913389 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Sep 05 09:43:30.966382 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Sep 05 09:43:31.092685 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Sep 05 09:43:31.162902 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Sep 05 09:43:31.256307 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns resolver local'. Sep 05 09:43:31.329179 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:31.426408 osdx ubnt-cfgd[27246]: inactive Sep 05 09:43:31.445721 osdx INFO[27254]: FRR daemons did not change Sep 05 09:43:31.459344 osdx ca-certificates[27270]: Updating certificates in /etc/ssl/certs... Sep 05 09:43:31.941058 osdx ubnt-cfgd[28268]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:43:31.949279 osdx ca-certificates[28274]: 1 added, 0 removed; done. Sep 05 09:43:31.952004 osdx ca-certificates[28280]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:43:31.955705 osdx ca-certificates[28282]: done. Sep 05 09:43:32.051727 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:43:32.052873 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:32.055452 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:32.072181 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:32.073765 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] dnscrypt-proxy 2.0.45 Sep 05 09:43:32.073922 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Network connectivity detected Sep 05 09:43:32.074005 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Dropping privileges Sep 05 09:43:32.076046 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Network connectivity detected Sep 05 09:43:32.076123 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Sep 05 09:43:32.076154 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Sep 05 09:43:32.076200 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Firefox workaround initialized Sep 05 09:43:32.076227 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpdg52t7qx] Sep 05 09:43:32.076711 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Sep 05 09:43:32.076753 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Sep 05 09:43:32.076784 osdx dnscrypt-proxy[28339]: [2025-09-05 09:43:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Sep 05 09:43:37.308609 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:43:37.310770 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:43:37.310826 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:43:37.319309 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:43:37.535295 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:43:37.757232 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:37.832816 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:43:37.918153 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:43:37.984262 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:38.080587 osdx ubnt-cfgd[30040]: inactive Sep 05 09:43:38.098952 osdx INFO[30048]: FRR daemons did not change Sep 05 09:43:38.187256 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:38.200999 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:38.224070 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:38.356385 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:43:38.458189 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Sep 05 09:43:38.547185 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Sep 05 09:43:38.704094 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:43:38.763547 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:43:38.862741 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:43:38.926785 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Sep 05 09:43:39.018370 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns resolver local'. Sep 05 09:43:39.095986 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:43:39.188680 osdx ubnt-cfgd[30203]: inactive Sep 05 09:43:39.206347 osdx INFO[30211]: FRR daemons did not change Sep 05 09:43:39.218796 osdx ca-certificates[30226]: Updating certificates in /etc/ssl/certs... Sep 05 09:43:39.722569 osdx ubnt-cfgd[31225]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:43:39.730155 osdx ca-certificates[31230]: 1 added, 0 removed; done. Sep 05 09:43:39.733146 osdx ca-certificates[31237]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:43:39.736118 osdx ca-certificates[31239]: done. Sep 05 09:43:39.835175 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:43:39.836454 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:43:39.838865 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:43:39.855067 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:43:39.857280 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] dnscrypt-proxy 2.0.45 Sep 05 09:43:39.857433 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Network connectivity detected Sep 05 09:43:39.857527 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Dropping privileges Sep 05 09:43:39.859881 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Network connectivity detected Sep 05 09:43:39.859914 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Sep 05 09:43:39.859914 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Sep 05 09:43:39.859940 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Firefox workaround initialized Sep 05 09:43:39.859940 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp513s1g9c] Sep 05 09:43:39.860490 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Sep 05 09:43:39.860511 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Sep 05 09:43:39.860511 osdx dnscrypt-proxy[31296]: [2025-09-05 09:43:39] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16