Static
Test suite to validate using one of the DNS options available in an upstream server
DNS-over-HTTPS Server
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:16:32.000163 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:16:32 UTC Jun 24 15:16:32.001282 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:16:32.001369 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:16:32'. Jun 24 15:16:32.302524 osdx sudo[449273]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:32.306591 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.2M free. Jun 24 15:16:32.308749 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:16:32.308803 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:16:32.310883 osdx sudo[449272]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:32.317421 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:16:32.532576 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:16:32.767727 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:32.847480 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:16:32.923432 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:33.046027 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:33.148869 osdx ubnt-cfgd[449297]: inactive Jun 24 15:16:33.202594 osdx INFO[449305]: FRR daemons did not change Jun 24 15:16:33.224755 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:16:33.305105 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:33.316974 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:33.338474 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:33.532417 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:16:33.731702 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:33.804332 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:16:33.914138 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:16:34.004016 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 15:16:34.108470 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 15:16:34.197048 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 24 15:16:34.256459 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:16:34.421741 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:34.510660 osdx ubnt-cfgd[449457]: inactive Jun 24 15:16:34.534645 osdx INFO[449465]: FRR daemons did not change Jun 24 15:16:34.538608 osdx sudo[449468]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:34.547709 osdx ca-certificates[449481]: Updating certificates in /etc/ssl/certs... Jun 24 15:16:35.053144 osdx ubnt-cfgd[450479]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:16:35.061567 osdx ca-certificates[450484]: 1 added, 0 removed; done. Jun 24 15:16:35.064776 osdx ca-certificates[450491]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:16:35.067716 osdx ca-certificates[450493]: done. Jun 24 15:16:35.169083 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:35.170450 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:35.172917 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:35.190811 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:35.196641 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:35.196868 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Network connectivity detected Jun 24 15:16:35.196967 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Dropping privileges Jun 24 15:16:35.200202 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Network connectivity detected Jun 24 15:16:35.200202 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:35.200202 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:35.200346 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Firefox workaround initialized Jun 24 15:16:35.200346 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpm0p6tk0t] Jun 24 15:16:35.364988 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] [RD] OK (DoH) - rtt: 108ms Jun 24 15:16:35.364988 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] Server with the lowest initial latency: RD (rtt: 108ms) Jun 24 15:16:35.364988 osdx dnscrypt-proxy[450550]: [2025-06-24 15:16:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 15:16:35.387419 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal show | cat'.
Step 3: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server Trusting Fails
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream without setting up certificates
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
The above commands set the network topology to interact with the DNS server
Step 2: Modify the following configuration lines in DUT0 :
set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local
Note
The above commands set up the DNS server to be used.
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
: x509: certificate signed by unknown authorityShow output
Jun 24 15:16:43.313649 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:16:43.314105 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:16:43.314146 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:16:43.317925 osdx sudo[452233]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:43.324466 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:16:43.535527 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:16:43.825808 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:43.906431 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:16:43.977490 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:44.091116 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:44.154590 osdx ubnt-cfgd[452258]: inactive Jun 24 15:16:44.176076 osdx INFO[452266]: FRR daemons did not change Jun 24 15:16:44.197832 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:16:44.274744 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:44.288904 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:44.305903 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:44.462360 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:16:44.639030 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:44.701146 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:44.814568 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:44.869444 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:44.926789 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:45.101588 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:45.161529 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:16:45.289905 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 15:16:45.384865 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 15:16:45.439482 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:16:45.550450 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show changes'. Jun 24 15:16:45.654036 osdx ubnt-cfgd[452425]: inactive Jun 24 15:16:45.672941 osdx INFO[452431]: FRR daemons did not change Jun 24 15:16:45.786155 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:45.787661 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:45.790002 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:45.809430 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:45.814140 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:45.814496 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Network connectivity detected Jun 24 15:16:45.814805 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Dropping privileges Jun 24 15:16:45.817467 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Network connectivity detected Jun 24 15:16:45.817525 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:45.817525 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:45.817525 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Firefox workaround initialized Jun 24 15:16:45.817525 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmppyun0f01] Jun 24 15:16:45.841393 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [ERROR] Get "https://remote.dns/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBd_tvhyO3BqHvhmQz_DdJU": x509: certificate signed by unknown authority Jun 24 15:16:45.841393 osdx dnscrypt-proxy[452490]: [2025-06-24 15:16:45] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
Step 4: Run command show host lookup teldat.com type A at DUT0 and expect this output:
Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused ;; communications error to 127.0.0.1#53: timed out ;; no servers could be reached CLI Error: Command error
Note
The above command attempts to resolve the hostname but fails because the certificate can not be verified
DNS-over-HTTPS Server Trusting
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream without checking its certificate authority.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
The above commands set the network topology to interact with the DNS server
Step 2: Modify the following configuration lines in DUT0 :
set service dns proxy server-name RD set service dns proxy ssl-allow-insecure set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local
Note
The above commands set up the DNS server to be used, we skip the certificate validation with set service dns proxy ssl-allow-insecure
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:16:55.000175 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:16:55 UTC Jun 24 15:16:55.001613 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:16:55'. Jun 24 15:16:55.002181 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:16:55.299688 osdx sudo[452717]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:55.303789 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free. Jun 24 15:16:55.306182 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:16:55.306232 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:16:55.307739 osdx sudo[452716]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:55.313178 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:16:55.551767 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:16:55.836244 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:55.940384 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:16:56.014537 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:56.123988 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:56.186632 osdx ubnt-cfgd[452741]: inactive Jun 24 15:16:56.205839 osdx INFO[452749]: FRR daemons did not change Jun 24 15:16:56.226191 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:16:56.296258 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:56.307415 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:56.333166 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:56.483538 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:16:56.698771 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:56.771531 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:56.894833 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:56.961909 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:57.029980 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:57.165987 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:57.231307 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:16:57.398690 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 15:16:57.467511 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 15:16:57.608112 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy ssl-allow-insecure'. Jun 24 15:16:57.726199 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:16:57.837128 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show changes'. Jun 24 15:16:57.951731 osdx ubnt-cfgd[452909]: inactive Jun 24 15:16:57.987900 osdx INFO[452915]: FRR daemons did not change Jun 24 15:16:58.082442 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:58.083579 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:58.085741 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:58.102939 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:58.105969 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:58.106194 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Network connectivity detected Jun 24 15:16:58.106263 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Dropping privileges Jun 24 15:16:58.108428 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Network connectivity detected Jun 24 15:16:58.108483 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:58.108483 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:58.108483 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Firefox workaround initialized Jun 24 15:16:58.108483 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp12xee8qw] Jun 24 15:16:58.277679 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] [RD] OK (DoH) - rtt: 123ms Jun 24 15:16:58.277679 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] Server with the lowest initial latency: RD (rtt: 123ms) Jun 24 15:16:58.277679 osdx dnscrypt-proxy[452974]: [2025-06-24 15:16:58] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 15:16:58.286129 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal show | cat'.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNS-over-HTTPS Server With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:17:04.000193 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:17:04 UTC Jun 24 15:17:04.001646 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:17:04.002078 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:17:04'. Jun 24 15:17:04.325431 osdx sudo[453211]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:04.329454 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:17:04.330033 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:17:04.330077 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:17:04.333662 osdx sudo[453210]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:04.339804 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:17:04.560992 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:17:04.783599 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:04.868836 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:17:04.965546 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:17:05.050450 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:05.151045 osdx ubnt-cfgd[453235]: inactive Jun 24 15:17:05.171996 osdx INFO[453243]: FRR daemons did not change Jun 24 15:17:05.189661 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:17:05.281318 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:05.293727 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:05.321166 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:17:05.464013 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:17:05.660514 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 24 15:17:05.816904 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:05.882796 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:17:05.977172 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:17:06.046575 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 24 15:17:06.209275 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:17:06.314154 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:06.397113 osdx ubnt-cfgd[453396]: inactive Jun 24 15:17:06.418543 osdx INFO[453404]: FRR daemons did not change Jun 24 15:17:06.422373 osdx sudo[453407]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:06.431703 osdx ca-certificates[453420]: Updating certificates in /etc/ssl/certs... Jun 24 15:17:06.904764 osdx ubnt-cfgd[454418]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:17:06.912423 osdx ca-certificates[454424]: 1 added, 0 removed; done. Jun 24 15:17:06.915333 osdx ca-certificates[454430]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:17:06.918111 osdx ca-certificates[454432]: done. Jun 24 15:17:07.013911 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:17:07.015082 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:07.019422 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:07.035770 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:17:07.035993 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Network connectivity detected Jun 24 15:17:07.036019 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Dropping privileges Jun 24 15:17:07.038080 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Network connectivity detected Jun 24 15:17:07.038122 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:17:07.038122 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:17:07.038122 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Firefox workaround initialized Jun 24 15:17:07.038122 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpapvt607c] Jun 24 15:17:07.040949 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:17:07.199389 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:17:07.221605 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] [RD] OK (DoH) - rtt: 122ms Jun 24 15:17:07.221605 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] Server with the lowest initial latency: RD (rtt: 122ms) Jun 24 15:17:07.221605 osdx dnscrypt-proxy[454489]: [2025-06-24 15:17:07] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 24 15:17:14.000190 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:17:14 UTC Jun 24 15:17:14.001859 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:17:14'. Jun 24 15:17:14.003738 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:17:14.323832 osdx sudo[456174]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:14.326918 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:17:14.327742 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:17:14.327796 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:17:14.331577 osdx sudo[456173]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:14.340800 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:17:14.608436 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:17:15.061140 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:15.205130 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:17:15.312394 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:17:15.446284 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:15.531771 osdx ubnt-cfgd[456198]: inactive Jun 24 15:17:15.555892 osdx INFO[456206]: FRR daemons did not change Jun 24 15:17:15.575743 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:17:15.650545 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:15.664487 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:15.686018 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:17:15.865930 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:17:15.995583 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 15:17:16.216812 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:16.284699 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:17:16.416292 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:17:16.478390 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 24 15:17:16.577140 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 24 15:17:16.668826 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 24 15:17:16.771091 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 24 15:17:16.862414 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:17:16.938631 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:17.101267 osdx ubnt-cfgd[456361]: inactive Jun 24 15:17:17.127827 osdx INFO[456369]: FRR daemons did not change Jun 24 15:17:17.132048 osdx sudo[456372]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:17.141051 osdx ca-certificates[456385]: Updating certificates in /etc/ssl/certs... Jun 24 15:17:17.710331 osdx ubnt-cfgd[457383]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:17:17.721849 osdx ca-certificates[457389]: 1 added, 0 removed; done. Jun 24 15:17:17.726648 osdx ca-certificates[457395]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:17:17.730447 osdx ca-certificates[457397]: done. Jun 24 15:17:17.884212 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:17:17.885568 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:17.887858 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:17.908169 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:17:17.908503 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Network connectivity detected Jun 24 15:17:17.908747 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Dropping privileges Jun 24 15:17:17.911399 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Network connectivity detected Jun 24 15:17:17.911484 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:17:17.911484 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:17:17.911484 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Firefox workaround initialized Jun 24 15:17:17.911484 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpp6sdbhs0] Jun 24 15:17:17.912961 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 15:17:17.913024 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 15:17:17.913057 osdx dnscrypt-proxy[457454]: [2025-06-24 15:17:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 15:17:17.919614 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Step 4: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
DNSCrypt Server With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 24 15:17:23.000171 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:17:23 UTC Jun 24 15:17:23.000758 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:17:23.001737 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:17:23'. Jun 24 15:17:23.309241 osdx sudo[459134]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:23.313032 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:17:23.316733 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:17:23.316807 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:17:23.317345 osdx sudo[459133]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:23.324042 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:17:23.550772 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:17:23.795639 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:23.871307 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:17:23.959641 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:17:24.028800 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:24.159402 osdx ubnt-cfgd[459158]: inactive Jun 24 15:17:24.182079 osdx INFO[459166]: FRR daemons did not change Jun 24 15:17:24.228720 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:17:24.308944 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:24.321485 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:24.338691 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:17:24.507107 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:17:24.655785 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 15:17:24.760799 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 24 15:17:24.911913 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:17:24.975542 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:17:25.075221 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:17:25.141004 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 24 15:17:25.230296 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:17:25.317686 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:17:25.402729 osdx ubnt-cfgd[459321]: inactive Jun 24 15:17:25.422241 osdx INFO[459329]: FRR daemons did not change Jun 24 15:17:25.425999 osdx sudo[459332]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:17:25.434796 osdx ca-certificates[459345]: Updating certificates in /etc/ssl/certs... Jun 24 15:17:25.941935 osdx ubnt-cfgd[460343]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:17:25.950910 osdx ca-certificates[460349]: 1 added, 0 removed; done. Jun 24 15:17:25.953803 osdx ca-certificates[460355]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:17:25.957415 osdx ca-certificates[460357]: done. Jun 24 15:17:26.057067 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:17:26.058276 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:17:26.060827 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:17:26.081844 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:17:26.082133 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Network connectivity detected Jun 24 15:17:26.082362 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Dropping privileges Jun 24 15:17:26.084422 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Network connectivity detected Jun 24 15:17:26.084514 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:17:26.084546 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:17:26.084583 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Firefox workaround initialized Jun 24 15:17:26.084607 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwvwr_b2y] Jun 24 15:17:26.085359 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 15:17:26.085421 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 15:17:26.085450 osdx dnscrypt-proxy[460414]: [2025-06-24 15:17:26] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 15:17:26.091705 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Step 5: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16