Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 20 17:39:20.386879 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 17:39:20.389503 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 17:39:20.389554 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 17:39:20.398493 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'. Oct 20 17:39:20.623847 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 17:39:20.868179 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:20.947784 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 20 17:39:21.042902 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 20 17:39:21.130900 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:21.209910 osdx ubnt-cfgd[562370]: inactive Oct 20 17:39:21.237652 osdx INFO[562378]: FRR daemons did not change Oct 20 17:39:21.261488 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 17:39:21.336576 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:21.350987 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:21.381711 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:21.562465 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 17:39:21.789670 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:21.892409 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 20 17:39:21.956482 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 20 17:39:22.067280 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 20 17:39:22.126948 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 20 17:39:22.222388 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Oct 20 17:39:22.280885 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 20 17:39:22.514316 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:22.581262 osdx ubnt-cfgd[562530]: inactive Oct 20 17:39:22.603899 osdx INFO[562538]: FRR daemons did not change Oct 20 17:39:22.618109 osdx ca-certificates[562554]: Updating certificates in /etc/ssl/certs... Oct 20 17:39:23.115586 osdx ubnt-cfgd[563552]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 20 17:39:23.122972 osdx ca-certificates[563558]: 1 added, 0 removed; done. Oct 20 17:39:23.126699 osdx ca-certificates[563564]: Running hooks in /etc/ca-certificates/update.d... Oct 20 17:39:23.129548 osdx ca-certificates[563566]: done. Oct 20 17:39:23.237825 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 20 17:39:23.239224 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:23.241841 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:23.271291 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:23.273979 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] dnscrypt-proxy 2.0.45 Oct 20 17:39:23.274200 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Network connectivity detected Oct 20 17:39:23.274283 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Dropping privileges Oct 20 17:39:23.276665 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Network connectivity detected Oct 20 17:39:23.276698 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 20 17:39:23.276698 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 20 17:39:23.276739 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Firefox workaround initialized Oct 20 17:39:23.276739 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjw0y81nl] Oct 20 17:39:23.419277 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 17:39:23.451153 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] [RD] OK (DoH) - rtt: 109ms Oct 20 17:39:23.451153 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] Server with the lowest initial latency: RD (rtt: 109ms) Oct 20 17:39:23.451153 osdx dnscrypt-proxy[563623]: [2025-10-20 17:39:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Oct 20 17:39:30.311071 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 17:39:30.311500 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 17:39:30.311530 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 17:39:30.320426 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'. Oct 20 17:39:30.527328 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 17:39:30.765436 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:30.844394 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 20 17:39:30.920275 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 20 17:39:31.025246 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:31.088641 osdx ubnt-cfgd[565328]: inactive Oct 20 17:39:31.113020 osdx INFO[565336]: FRR daemons did not change Oct 20 17:39:31.135194 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 17:39:31.211865 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:31.223089 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:31.240964 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:31.392699 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 17:39:31.514803 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Oct 20 17:39:31.658813 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:31.720406 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 20 17:39:31.823723 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 20 17:39:31.888994 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSA9oBhF-8_BV5-eyi2ZW6Iuy3iVHE_q2PjphvxtHpVISApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Oct 20 17:39:31.983698 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 20 17:39:32.057676 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:32.158228 osdx ubnt-cfgd[565489]: inactive Oct 20 17:39:32.178432 osdx INFO[565497]: FRR daemons did not change Oct 20 17:39:32.191312 osdx ca-certificates[565513]: Updating certificates in /etc/ssl/certs... Oct 20 17:39:32.704958 osdx ubnt-cfgd[566511]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 20 17:39:32.714368 osdx ca-certificates[566516]: 1 added, 0 removed; done. Oct 20 17:39:32.717211 osdx ca-certificates[566523]: Running hooks in /etc/ca-certificates/update.d... Oct 20 17:39:32.720699 osdx ca-certificates[566525]: done. Oct 20 17:39:32.827551 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 20 17:39:32.828934 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:32.831384 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:32.852513 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:32.859050 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] dnscrypt-proxy 2.0.45 Oct 20 17:39:32.859242 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Network connectivity detected Oct 20 17:39:32.859310 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Dropping privileges Oct 20 17:39:32.861642 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Network connectivity detected Oct 20 17:39:32.861682 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 20 17:39:32.861682 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 20 17:39:32.861713 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Firefox workaround initialized Oct 20 17:39:32.861713 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpsth8d3nd] Oct 20 17:39:33.023730 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 17:39:33.036443 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:33] [NOTICE] [RD] OK (DoH) - rtt: 111ms Oct 20 17:39:33.036443 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 111ms) Oct 20 17:39:33.036443 osdx dnscrypt-proxy[566582]: [2025-10-20 17:39:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 20 17:39:40.294019 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 17:39:40.294577 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 17:39:40.294610 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 17:39:40.304909 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'. Oct 20 17:39:40.517939 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 17:39:40.737433 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:40.817530 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 20 17:39:40.904082 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 20 17:39:40.981765 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:41.098282 osdx ubnt-cfgd[568287]: inactive Oct 20 17:39:41.121324 osdx INFO[568295]: FRR daemons did not change Oct 20 17:39:41.142590 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 17:39:41.235077 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:41.249440 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:41.269771 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:41.419637 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 17:39:41.581561 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 20 17:39:41.771174 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:41.868015 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 20 17:39:41.968563 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 20 17:39:42.053811 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Oct 20 17:39:42.207369 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Oct 20 17:39:42.265964 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Oct 20 17:39:42.371771 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a'. Oct 20 17:39:42.423968 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 20 17:39:42.535934 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:42.602299 osdx ubnt-cfgd[568450]: inactive Oct 20 17:39:42.623668 osdx INFO[568458]: FRR daemons did not change Oct 20 17:39:42.635698 osdx ca-certificates[568474]: Updating certificates in /etc/ssl/certs... Oct 20 17:39:43.099264 osdx ubnt-cfgd[569472]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 20 17:39:43.107170 osdx ca-certificates[569477]: 1 added, 0 removed; done. Oct 20 17:39:43.111265 osdx ca-certificates[569484]: Running hooks in /etc/ca-certificates/update.d... Oct 20 17:39:43.114231 osdx ca-certificates[569486]: done. Oct 20 17:39:43.218914 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 20 17:39:43.220075 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:43.222185 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:43.240898 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:43.251531 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] dnscrypt-proxy 2.0.45 Oct 20 17:39:43.251736 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Network connectivity detected Oct 20 17:39:43.251795 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Dropping privileges Oct 20 17:39:43.253658 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Network connectivity detected Oct 20 17:39:43.253692 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 20 17:39:43.253692 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 20 17:39:43.253727 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Firefox workaround initialized Oct 20 17:39:43.253727 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpargep40g] Oct 20 17:39:43.254263 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 20 17:39:43.254263 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 20 17:39:43.254328 osdx dnscrypt-proxy[569543]: [2025-10-20 17:39:43] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Oct 20 17:39:49.341096 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 17:39:49.344553 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 17:39:49.344605 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 17:39:49.350432 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system journal clear'. Oct 20 17:39:49.559756 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 17:39:49.785936 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:49.870097 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 20 17:39:49.948135 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 20 17:39:50.015144 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:50.111075 osdx ubnt-cfgd[571244]: inactive Oct 20 17:39:50.136398 osdx INFO[571252]: FRR daemons did not change Oct 20 17:39:50.160564 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 17:39:50.234916 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:50.248340 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:50.270275 osdx OSDxCLI[399276]: User 'admin' left the configuration menu. Oct 20 17:39:50.419303 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 17:39:50.532624 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Oct 20 17:39:50.631016 osdx OSDxCLI[399276]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 46:48:bf:33:d4:d9:ab:9a:0e:b5:c2:6d:61:04:8c:80:5d:50:c5:29:47:c5:0b:ef:04:3c:a3:2e:d7:98:89:0a ip 10.215.168.1 port 8443'. Oct 20 17:39:50.776640 osdx OSDxCLI[399276]: User 'admin' entered the configuration menu. Oct 20 17:39:50.838560 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 20 17:39:50.964367 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 20 17:39:51.056881 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIEZIvzPU2auaDrXCbWEEjIBdUMUpR8UL7wQ8oy7XmIkKGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Oct 20 17:39:51.149135 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'set service dns resolver local'. Oct 20 17:39:51.274657 osdx OSDxCLI[399276]: User 'admin' added a new cfg line: 'show working'. Oct 20 17:39:51.344543 osdx ubnt-cfgd[571407]: inactive Oct 20 17:39:51.364738 osdx INFO[571415]: FRR daemons did not change Oct 20 17:39:51.378055 osdx ca-certificates[571430]: Updating certificates in /etc/ssl/certs... Oct 20 17:39:51.884355 osdx ubnt-cfgd[572429]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 20 17:39:51.891762 osdx ca-certificates[572434]: 1 added, 0 removed; done. Oct 20 17:39:51.894660 osdx ca-certificates[572441]: Running hooks in /etc/ca-certificates/update.d... Oct 20 17:39:51.897562 osdx ca-certificates[572443]: done. Oct 20 17:39:51.984802 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 20 17:39:51.986050 osdx cfgd[1655]: [399276]Completed change to active configuration Oct 20 17:39:51.987990 osdx OSDxCLI[399276]: User 'admin' committed the configuration. Oct 20 17:39:52.009065 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] dnscrypt-proxy 2.0.45 Oct 20 17:39:52.009280 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Network connectivity detected Oct 20 17:39:52.009305 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Dropping privileges Oct 20 17:39:52.011597 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Network connectivity detected Oct 20 17:39:52.011597 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Oct 20 17:39:52.011597 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Oct 20 17:39:52.011597 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Firefox workaround initialized Oct 20 17:39:52.011597 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpv5b553sf] Oct 20 17:39:52.011940 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Oct 20 17:39:52.011965 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Oct 20 17:39:52.011965 osdx dnscrypt-proxy[572500]: [2025-10-20 17:39:52] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Oct 20 17:39:52.035321 osdx OSDxCLI[399276]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16