Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:15:24.000207 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:15:24 UTC Jun 24 15:15:24.001339 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:15:24'. Jun 24 15:15:24.003155 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:15:24.343606 osdx sudo[437060]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:24.347046 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:15:24.347560 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:15:24.347603 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:15:24.352629 osdx sudo[437059]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:24.361259 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:24.631119 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:24.910721 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:25.001447 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:15:25.128391 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:25.205894 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:25.317357 osdx ubnt-cfgd[437084]: inactive Jun 24 15:15:25.339355 osdx INFO[437092]: FRR daemons did not change Jun 24 15:15:25.359178 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:25.441959 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:15:25.457250 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:15:25.482407 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:15:25.629757 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:15:26.790936 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:26.896540 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:15:26.965424 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:15:27.107934 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 15:15:27.165609 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 15:15:27.271503 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 24 15:15:27.328135 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 24 15:15:27.429150 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 24 15:15:27.485294 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:15:27.589980 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 15:15:27.715003 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:27.783473 osdx ubnt-cfgd[437247]: inactive Jun 24 15:15:27.804673 osdx INFO[437255]: FRR daemons did not change Jun 24 15:15:27.808242 osdx sudo[437258]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:27.817031 osdx ca-certificates[437271]: Updating certificates in /etc/ssl/certs... Jun 24 15:15:28.330195 osdx ubnt-cfgd[438269]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:15:28.337997 osdx ca-certificates[438274]: 1 added, 0 removed; done. Jun 24 15:15:28.341067 osdx ca-certificates[438281]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:15:28.344813 osdx ca-certificates[438283]: done. Jun 24 15:15:28.475494 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:15:28.477031 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:15:28.479297 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:15:28.498843 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:15:28.499049 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Network connectivity detected Jun 24 15:15:28.499191 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Dropping privileges Jun 24 15:15:28.501245 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Network connectivity detected Jun 24 15:15:28.501286 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:15:28.501286 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:15:28.501286 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 15:15:28.501325 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Firefox workaround initialized Jun 24 15:15:28.501325 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpeppu1xhc] Jun 24 15:15:28.505930 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:15:28.657850 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:15:28.668067 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] [RD] OK (DoH) - rtt: 114ms Jun 24 15:15:28.668067 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 114ms) Jun 24 15:15:28.668067 osdx dnscrypt-proxy[438343]: [2025-06-24 15:15:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:15:24.323377 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9) is 1000.0K, max 7.2M, 6.3M free. Jun 24 15:15:24.325243 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 24 15:15:24.325312 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9. Jun 24 15:15:24.334742 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:24.584594 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:25.624479 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:15:25.721312 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 15:15:25.817419 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:25.892090 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 15:15:26.028767 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:26.101518 osdx ubnt-cfgd[241725]: inactive Jun 24 15:15:26.128302 osdx INFO[241739]: FRR daemons did not change Jun 24 15:15:26.149226 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:26.305509 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 24 15:15:26.317307 osdx sshd[241853]: Server listening on 0.0.0.0 port 22. Jun 24 15:15:26.317511 osdx sshd[241853]: Server listening on :: port 22. Jun 24 15:15:26.317615 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 24 15:15:26.338189 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:15:26.349806 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:15:26.371171 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:15:26.533339 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 15:15:30.808609 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:15:30.899282 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 15:15:31.031887 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 15:15:31.150797 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 15:15:31.280166 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 24 15:15:31.425439 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 24 15:15:31.533216 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 24 15:15:31.650544 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d'. Jun 24 15:15:31.740928 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:31.846139 osdx ubnt-cfgd[241908]: inactive Jun 24 15:15:31.866983 osdx INFO[241916]: FRR daemons did not change Jun 24 15:15:31.880615 osdx ca-certificates[241931]: Updating certificates in /etc/ssl/certs... Jun 24 15:15:32.390444 osdx ubnt-cfgd[242930]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:15:32.399512 osdx ca-certificates[242937]: 1 added, 0 removed; done. Jun 24 15:15:32.402563 osdx ca-certificates[242942]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:15:32.405249 osdx ca-certificates[242944]: done. Jun 24 15:15:32.501519 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:15:32.503362 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:15:32.507165 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:15:32.530786 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:15:32.531146 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Network connectivity detected Jun 24 15:15:32.531312 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Dropping privileges Jun 24 15:15:32.533292 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:15:32.534271 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Network connectivity detected Jun 24 15:15:32.534303 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:15:32.534303 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:15:32.534333 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Firefox workaround initialized Jun 24 15:15:32.534333 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpb84kbeaa] Jun 24 15:15:32.708917 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:15:32.731784 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] [DUT0] OK (DoH) - rtt: 111ms Jun 24 15:15:32.731784 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 111ms) Jun 24 15:15:32.731784 osdx dnscrypt-proxy[242951]: [2025-06-24 15:15:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:15:41.338494 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:15:41.340444 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:15:41.340515 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:15:41.343121 osdx sudo[440026]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:41.350259 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:41.646767 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:41.917029 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:42.006180 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:15:42.108315 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:42.180153 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:42.306354 osdx ubnt-cfgd[440051]: inactive Jun 24 15:15:42.326747 osdx INFO[440059]: FRR daemons did not change Jun 24 15:15:42.348452 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:42.419846 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:15:42.431757 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:15:42.450844 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:15:42.592321 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:15:43.763630 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 24 15:15:43.916181 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:43.987031 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:15:44.107848 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:15:44.174739 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSDOW_sH7cF5RTBcUrd_VN3ak8o-26O1ITrdiVkn60L4KgpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Jun 24 15:15:44.272066 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 24 15:15:44.341844 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 24 15:15:44.442059 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 15:15:44.508529 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:15:44.613627 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 15:15:44.691593 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:44.801475 osdx ubnt-cfgd[440216]: inactive Jun 24 15:15:44.824214 osdx INFO[440224]: FRR daemons did not change Jun 24 15:15:44.828142 osdx sudo[440227]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:44.838654 osdx ca-certificates[440240]: Updating certificates in /etc/ssl/certs... Jun 24 15:15:45.370894 osdx ubnt-cfgd[441238]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:15:45.379647 osdx ca-certificates[441244]: 1 added, 0 removed; done. Jun 24 15:15:45.382647 osdx ca-certificates[441250]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:15:45.385390 osdx ca-certificates[441252]: done. Jun 24 15:15:45.504789 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:15:45.506289 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:15:45.510781 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:15:45.539191 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:15:45.539473 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Network connectivity detected Jun 24 15:15:45.539567 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Dropping privileges Jun 24 15:15:45.542255 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Network connectivity detected Jun 24 15:15:45.542309 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:15:45.542309 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:15:45.542358 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 15:15:45.542358 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Firefox workaround initialized Jun 24 15:15:45.542358 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp4iijk12z] Jun 24 15:15:45.545807 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:15:45.712039 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:15:45.731390 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] [RD] OK (DoH) - rtt: 130ms Jun 24 15:15:45.731390 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 130ms) Jun 24 15:15:45.731390 osdx dnscrypt-proxy[441312]: [2025-06-24 15:15:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:15:41.359922 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9) is 1.0M, max 7.2M, 6.2M free. Jun 24 15:15:41.362616 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 24 15:15:41.362686 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9. Jun 24 15:15:41.369215 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:41.600482 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:42.649438 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:15:42.728241 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 15:15:42.811640 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:42.870079 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 15:15:42.980394 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:43.055335 osdx ubnt-cfgd[244631]: inactive Jun 24 15:15:43.084385 osdx INFO[244645]: FRR daemons did not change Jun 24 15:15:43.102644 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:43.247087 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 24 15:15:43.260394 osdx sshd[244759]: Server listening on 0.0.0.0 port 22. Jun 24 15:15:43.260661 osdx sshd[244759]: Server listening on :: port 22. Jun 24 15:15:43.260788 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 24 15:15:43.281700 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:15:43.292822 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:15:43.322048 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:15:43.534120 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 15:15:47.990100 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d'. Jun 24 15:15:48.165747 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:15:48.293298 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 15:15:48.415480 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 15:15:48.536676 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 15:15:48.640834 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 24 15:15:48.723008 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:48.812013 osdx ubnt-cfgd[244814]: inactive Jun 24 15:15:48.838337 osdx INFO[244822]: FRR daemons did not change Jun 24 15:15:48.850781 osdx ca-certificates[244838]: Updating certificates in /etc/ssl/certs... Jun 24 15:15:49.347148 osdx ubnt-cfgd[245836]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:15:49.354180 osdx ca-certificates[245841]: 1 added, 0 removed; done. Jun 24 15:15:49.357044 osdx ca-certificates[245848]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:15:49.359804 osdx ca-certificates[245850]: done. Jun 24 15:15:49.438923 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:15:49.440441 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:15:49.443930 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:15:49.460744 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:15:49.464237 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:15:49.464237 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Network connectivity detected Jun 24 15:15:49.464237 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Dropping privileges Jun 24 15:15:49.466491 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Network connectivity detected Jun 24 15:15:49.466555 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:15:49.466555 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:15:49.466555 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Firefox workaround initialized Jun 24 15:15:49.466555 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp34tyc8dz] Jun 24 15:15:49.629322 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:15:49.678778 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms Jun 24 15:15:49.678778 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) Jun 24 15:15:49.678778 osdx dnscrypt-proxy[245857]: [2025-06-24 15:15:49] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 24 15:15:57.000149 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:15:57 UTC Jun 24 15:15:57.000780 osdx systemd-journald[165652]: Time jumped backwards, rotating. Jun 24 15:15:57.001938 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:15:57'. Jun 24 15:15:57.336668 osdx sudo[442995]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:57.340475 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free. Jun 24 15:15:57.340902 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:15:57.340931 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:15:57.344676 osdx sudo[442994]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:15:57.351617 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:57.574123 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:57.800769 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:57.882804 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:15:57.977600 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:58.081596 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:58.149322 osdx ubnt-cfgd[443019]: inactive Jun 24 15:15:58.171634 osdx INFO[443027]: FRR daemons did not change Jun 24 15:15:58.192774 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:58.263740 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:15:58.274556 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:15:58.314613 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:15:58.478449 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:15:59.653332 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 15:15:59.804957 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:15:59.865753 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:15:59.966986 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:16:00.041410 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Jun 24 15:16:00.127208 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Jun 24 15:16:00.240268 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Jun 24 15:16:00.318223 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d'. Jun 24 15:16:00.415466 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:16:00.490287 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 24 15:16:00.590681 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 24 15:16:00.673720 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 15:16:00.802468 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:00.884587 osdx ubnt-cfgd[443185]: inactive Jun 24 15:16:00.916976 osdx INFO[443193]: FRR daemons did not change Jun 24 15:16:00.921899 osdx sudo[443196]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:00.933766 osdx ca-certificates[443208]: Updating certificates in /etc/ssl/certs... Jun 24 15:16:01.310448 osdx CRON[443870]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:01.547550 osdx ubnt-cfgd[444210]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:16:01.555301 osdx ca-certificates[444216]: 1 added, 0 removed; done. Jun 24 15:16:01.558230 osdx ca-certificates[444222]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:16:01.561146 osdx ca-certificates[444224]: done. Jun 24 15:16:01.693581 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:01.695295 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:01.700653 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:01.718567 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:01.718967 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Network connectivity detected Jun 24 15:16:01.719334 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Dropping privileges Jun 24 15:16:01.722194 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Network connectivity detected Jun 24 15:16:01.722254 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:01.722254 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:01.722254 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 15:16:01.722254 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Firefox workaround initialized Jun 24 15:16:01.722254 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpc9oi9qzl] Jun 24 15:16:01.723059 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 15:16:01.723059 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 15:16:01.723119 osdx dnscrypt-proxy[444284]: [2025-06-24 15:16:01] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Jun 24 15:16:01.732123 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:15:57.316064 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9) is 1.0M, max 7.2M, 6.2M free. Jun 24 15:15:57.319425 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 24 15:15:57.319498 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9. Jun 24 15:15:57.328802 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:15:57.535551 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:15:58.520969 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:15:58.639825 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 15:15:58.697334 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:15:58.798289 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 15:15:58.884700 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:15:58.980575 osdx ubnt-cfgd[247534]: inactive Jun 24 15:15:59.006795 osdx INFO[247548]: FRR daemons did not change Jun 24 15:15:59.031407 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:15:59.187830 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 24 15:15:59.203966 osdx sshd[247662]: Server listening on 0.0.0.0 port 22. Jun 24 15:15:59.204186 osdx sshd[247662]: Server listening on :: port 22. Jun 24 15:15:59.204320 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 24 15:15:59.251883 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:15:59.266404 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:15:59.298638 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:15:59.471272 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 15:16:01.950395 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:16:02.018794 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 15:16:02.128062 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 15:16:02.199919 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 15:16:02.314691 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Jun 24 15:16:02.382999 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Jun 24 15:16:02.495394 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Jun 24 15:16:02.583913 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d'. Jun 24 15:16:02.672887 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:02.806317 osdx ubnt-cfgd[247720]: inactive Jun 24 15:16:02.827121 osdx INFO[247728]: FRR daemons did not change Jun 24 15:16:02.841047 osdx ca-certificates[247744]: Updating certificates in /etc/ssl/certs... Jun 24 15:16:03.364027 osdx ubnt-cfgd[248742]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:16:03.372238 osdx ca-certificates[248749]: 1 added, 0 removed; done. Jun 24 15:16:03.375146 osdx ca-certificates[248754]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:16:03.377935 osdx ca-certificates[248756]: done. Jun 24 15:16:03.459825 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:03.461536 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:16:03.464283 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:16:03.480336 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:16:03.482911 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:03.482911 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Network connectivity detected Jun 24 15:16:03.482911 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Dropping privileges Jun 24 15:16:03.485341 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Network connectivity detected Jun 24 15:16:03.485341 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:03.485341 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:03.485341 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Firefox workaround initialized Jun 24 15:16:03.485341 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp2qu_ecdg] Jun 24 15:16:03.651710 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:16:03.686019 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] [DUT0] OK (DoH) - rtt: 105ms Jun 24 15:16:03.686019 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 105ms) Jun 24 15:16:03.686019 osdx dnscrypt-proxy[248763]: [2025-06-24 15:16:03] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
^(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Jun 24 15:16:12.299056 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free. Jun 24 15:16:12.301499 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 15:16:12.301546 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 15:16:12.304502 osdx sudo[445960]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:12.311749 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:16:12.572606 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:16:12.831154 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:12.912278 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 15:16:12.993368 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:13.083062 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:13.192913 osdx ubnt-cfgd[445985]: inactive Jun 24 15:16:13.212779 osdx INFO[445993]: FRR daemons did not change Jun 24 15:16:13.233483 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:16:13.308369 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:13.319174 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:13.338440 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:13.479329 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 15:16:14.569037 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Jun 24 15:16:14.674509 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 0b:4d:f3:79:95:38:43:78:c6:ef:81:02:4f:2f:6a:ce:77:4f:63:49:e5:25:51:62:18:7a:ef:c4:0f:ee:83:0d ip 10.215.168.1 port 8443'. Jun 24 15:16:14.884275 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu. Jun 24 15:16:14.965242 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 15:16:15.074961 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 15:16:15.157951 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIAtN83mVOEN4xu-BAk8vas53T2NJ5SVRYhh678QP7oMNGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Jun 24 15:16:15.265948 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns resolver local'. Jun 24 15:16:15.337551 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Jun 24 15:16:15.461307 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Jun 24 15:16:15.530593 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Jun 24 15:16:15.682771 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:15.746829 osdx ubnt-cfgd[446151]: inactive Jun 24 15:16:15.773125 osdx INFO[446159]: FRR daemons did not change Jun 24 15:16:15.778173 osdx sudo[446162]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 15:16:15.787048 osdx ca-certificates[446175]: Updating certificates in /etc/ssl/certs... Jun 24 15:16:16.292037 osdx ubnt-cfgd[447173]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:16:16.299738 osdx ca-certificates[447179]: 1 added, 0 removed; done. Jun 24 15:16:16.302882 osdx ca-certificates[447185]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:16:16.305844 osdx ca-certificates[447187]: done. Jun 24 15:16:16.413886 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:16.415394 osdx cfgd[1460]: [304734]Completed change to active configuration Jun 24 15:16:16.417889 osdx OSDxCLI[304734]: User 'admin' committed the configuration. Jun 24 15:16:16.436038 osdx OSDxCLI[304734]: User 'admin' left the configuration menu. Jun 24 15:16:16.437480 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:16.437639 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Network connectivity detected Jun 24 15:16:16.437765 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Dropping privileges Jun 24 15:16:16.440355 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Network connectivity detected Jun 24 15:16:16.440402 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:16.440402 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:16.440402 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Jun 24 15:16:16.440402 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Firefox workaround initialized Jun 24 15:16:16.440402 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpkj2y3dhm] Jun 24 15:16:16.441274 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Jun 24 15:16:16.441309 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Jun 24 15:16:16.441309 osdx dnscrypt-proxy[447247]: [2025-06-24 15:16:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
^(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Jun 24 15:16:12.268109 osdx systemd-journald[1554]: Runtime Journal (/run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9) is 1.0M, max 7.2M, 6.2M free. Jun 24 15:16:12.269210 osdx systemd-journald[1554]: Received client request to rotate journal, rotating. Jun 24 15:16:12.269267 osdx systemd-journald[1554]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c46306ce94da41d08ec4fbe6b50ef5f9. Jun 24 15:16:12.281429 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal clear'. Jun 24 15:16:12.547110 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 15:16:13.496288 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:16:13.581479 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Jun 24 15:16:13.662753 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 15:16:13.772958 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service ssh'. Jun 24 15:16:13.851836 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:13.962898 osdx ubnt-cfgd[250441]: inactive Jun 24 15:16:13.988939 osdx INFO[250455]: FRR daemons did not change Jun 24 15:16:14.013198 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 15:16:14.153504 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 24 15:16:14.167936 osdx sshd[250569]: Server listening on 0.0.0.0 port 22. Jun 24 15:16:14.168204 osdx sshd[250569]: Server listening on :: port 22. Jun 24 15:16:14.168348 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 24 15:16:14.189376 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:16:14.200588 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:16:14.220754 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:16:14.383618 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Jun 24 15:16:16.614558 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 55d7bb80fcfc7c0ebfecdd196e0f14cf870b173fdfe746c2a7f5dd3df1d8767d'. Jun 24 15:16:16.771906 osdx OSDxCLI[143450]: User 'admin' entered the configuration menu. Jun 24 15:16:16.834769 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Jun 24 15:16:16.933402 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Jun 24 15:16:16.993817 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Jun 24 15:16:17.105176 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgVde7gPz8fA6_7N0Zbg8Uz4cLFz_f50bCp_XdPfHYdn0NZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Jun 24 15:16:17.178085 osdx OSDxCLI[143450]: User 'admin' added a new cfg line: 'show working'. Jun 24 15:16:17.276565 osdx ubnt-cfgd[250624]: inactive Jun 24 15:16:17.296338 osdx INFO[250632]: FRR daemons did not change Jun 24 15:16:17.310023 osdx ca-certificates[250648]: Updating certificates in /etc/ssl/certs... Jun 24 15:16:17.860818 osdx ubnt-cfgd[251646]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 24 15:16:17.872338 osdx ca-certificates[251651]: 1 added, 0 removed; done. Jun 24 15:16:17.876742 osdx ca-certificates[251658]: Running hooks in /etc/ca-certificates/update.d... Jun 24 15:16:17.881020 osdx ca-certificates[251660]: done. Jun 24 15:16:17.961741 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 24 15:16:17.964060 osdx cfgd[1254]: [143450]Completed change to active configuration Jun 24 15:16:17.967752 osdx OSDxCLI[143450]: User 'admin' committed the configuration. Jun 24 15:16:17.986133 osdx OSDxCLI[143450]: User 'admin' left the configuration menu. Jun 24 15:16:17.987592 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] dnscrypt-proxy 2.0.45 Jun 24 15:16:17.987592 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Network connectivity detected Jun 24 15:16:17.987592 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Dropping privileges Jun 24 15:16:17.991218 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Network connectivity detected Jun 24 15:16:17.991349 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Jun 24 15:16:17.991393 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Jun 24 15:16:17.991437 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Firefox workaround initialized Jun 24 15:16:17.991485 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpw2w1i9s1] Jun 24 15:16:18.217192 osdx OSDxCLI[143450]: User 'admin' executed a new command: 'system journal show | cat'. Jun 24 15:16:18.218385 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:18] [NOTICE] [DUT0] OK (DoH) - rtt: 112ms Jun 24 15:16:18.218385 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:18] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 112ms) Jun 24 15:16:18.218385 osdx dnscrypt-proxy[251667]: [2025-06-24 15:16:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13