Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 99b11ac235cc5a678a924b00c9715f9d99120fb82ed6b147374fd0a314e61844 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:20:22.458020 osdx systemd-journald[1872]: Runtime Journal (/run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99) is 1.9M, max 13.8M, 11.8M free. Nov 12 16:20:22.458776 osdx systemd-journald[1872]: Received client request to rotate journal, rotating. Nov 12 16:20:22.458821 osdx systemd-journald[1872]: Vacuuming done, freed 0B of archived journals from /run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99. Nov 12 16:20:22.471568 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:22.843697 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:20:23.253181 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:20:23.432567 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 16:20:23.527516 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:20:23.646073 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:23.720421 osdx ubnt-cfgd[166797]: inactive Nov 12 16:20:23.746527 osdx INFO[166803]: FRR daemons did not change Nov 12 16:20:23.770208 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:20:23.824041 osdx WARNING[166871]: No supported link modes on interface eth0 Nov 12 16:20:23.825835 osdx modulelauncher[166871]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:20:23.825848 osdx modulelauncher[166871]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:20:23.827100 osdx modulelauncher[166871]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Nov 12 16:20:23.827115 osdx modulelauncher[166871]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Nov 12 16:20:23.864988 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:20:23.881024 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:20:23.962007 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:20:24.126082 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 16:20:25.726588 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:20:25.829151 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 12 16:20:25.893531 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 12 16:20:26.007576 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 12 16:20:26.086714 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 12 16:20:26.210576 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 99b11ac235cc5a678a924b00c9715f9d99120fb82ed6b147374fd0a314e61844'. Nov 12 16:20:26.303362 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 12 16:20:26.385659 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 12 16:20:26.500488 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 12 16:20:26.570533 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 12 16:20:26.696270 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:26.782641 osdx ubnt-cfgd[166963]: inactive Nov 12 16:20:26.804802 osdx INFO[166971]: FRR daemons did not change Nov 12 16:20:26.832256 osdx ca-certificates[166987]: Updating certificates in /etc/ssl/certs... Nov 12 16:20:27.429080 osdx ubnt-cfgd[167999]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:20:27.442842 osdx ca-certificates[168003]: 1 added, 0 removed; done. Nov 12 16:20:27.446021 osdx ca-certificates[168011]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:20:27.449443 osdx ca-certificates[168013]: done. Nov 12 16:20:27.610591 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:20:27.610855 osdx systemd[1]: Reached target nss-lookup.target - Host and Network Name Lookups. Nov 12 16:20:27.612361 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:20:27.614972 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:20:27.632044 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:20:27.832848 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:20:27.861586 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:20:27.861852 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Network connectivity detected Nov 12 16:20:27.861891 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Dropping privileges Nov 12 16:20:27.864762 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Network connectivity detected Nov 12 16:20:27.864818 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:20:27.864818 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:20:27.864818 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 12 16:20:27.864879 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Firefox workaround initialized Nov 12 16:20:27.864879 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:27] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1jalnysb] Nov 12 16:20:28.092272 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:28] [NOTICE] [RD] OK (DoH) - rtt: 120ms Nov 12 16:20:28.092272 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:28] [NOTICE] Server with the lowest initial latency: RD (rtt: 120ms) Nov 12 16:20:28.092272 osdx dnscrypt-proxy[168073]: [2025-11-12 16:20:28] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:20:22.429787 osdx systemd-journald[1754]: Runtime Journal (/run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b) is 908.0K, max 6.5M, 5.6M free. Nov 12 16:20:22.431945 osdx systemd-journald[1754]: Received client request to rotate journal, rotating. Nov 12 16:20:22.432005 osdx systemd-journald[1754]: Vacuuming done, freed 0B of archived journals from /run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b. Nov 12 16:20:22.442425 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:22.837850 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:20:24.502986 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:20:24.596504 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 12 16:20:24.679100 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:20:24.738698 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service ssh'. Nov 12 16:20:24.855153 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:24.916947 osdx ubnt-cfgd[329719]: inactive Nov 12 16:20:24.944984 osdx INFO[329731]: FRR daemons did not change Nov 12 16:20:24.971955 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:20:25.017758 osdx WARNING[329799]: No supported link modes on interface eth0 Nov 12 16:20:25.019174 osdx modulelauncher[329799]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:20:25.019187 osdx modulelauncher[329799]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:20:25.020745 osdx modulelauncher[329799]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 16:20:25.020808 osdx modulelauncher[329799]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 16:20:25.140325 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 12 16:20:25.156349 osdx sshd[329850]: Server listening on 0.0.0.0 port 22. Nov 12 16:20:25.156380 osdx sshd[329850]: Server listening on :: port 22. Nov 12 16:20:25.156477 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 12 16:20:25.223237 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:20:25.236464 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:20:25.288235 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:20:25.465349 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 12 16:20:29.981196 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:20:30.084220 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 12 16:20:30.139296 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 12 16:20:30.241319 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 12 16:20:30.306987 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 12 16:20:30.420536 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 12 16:20:30.474771 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Nov 12 16:20:30.573458 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72'. Nov 12 16:20:30.662334 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:30.762605 osdx ubnt-cfgd[329905]: inactive Nov 12 16:20:30.784012 osdx INFO[329913]: FRR daemons did not change Nov 12 16:20:30.844758 osdx ca-certificates[329928]: Updating certificates in /etc/ssl/certs... Nov 12 16:20:31.496418 osdx ubnt-cfgd[330941]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:20:31.522851 osdx ca-certificates[330945]: 1 added, 0 removed; done. Nov 12 16:20:31.526649 osdx ca-certificates[330953]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:20:31.530494 osdx ca-certificates[330955]: done. Nov 12 16:20:31.612786 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:20:31.615396 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:20:31.621946 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:20:31.649112 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:20:31.848692 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:20:31.883175 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:20:31.883486 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Network connectivity detected Nov 12 16:20:31.883514 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Dropping privileges Nov 12 16:20:31.886329 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Network connectivity detected Nov 12 16:20:31.886407 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:20:31.886407 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:20:31.886407 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Firefox workaround initialized Nov 12 16:20:31.886407 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:31] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpwv69baqx] Nov 12 16:20:32.098207 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:32] [NOTICE] [DUT0] OK (DoH) - rtt: 115ms Nov 12 16:20:32.098207 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:32] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 115ms) Nov 12 16:20:32.098207 osdx dnscrypt-proxy[330962]: [2025-11-12 16:20:32] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 99b11ac235cc5a678a924b00c9715f9d99120fb82ed6b147374fd0a314e61844 at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCZsRrCNcxaZ4qSSwDJcV-dmRIPuC7WsUc3T9CjFOYYRApyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCZsRrCNcxaZ4qSSwDJcV-dmRIPuC7WsUc3T9CjFOYYRApyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:20:41.296259 osdx systemd-journald[1872]: Runtime Journal (/run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99) is 1.8M, max 13.8M, 11.9M free. Nov 12 16:20:41.299233 osdx systemd-journald[1872]: Received client request to rotate journal, rotating. Nov 12 16:20:41.299318 osdx systemd-journald[1872]: Vacuuming done, freed 0B of archived journals from /run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99. Nov 12 16:20:41.309650 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:41.538604 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:20:41.796978 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:20:41.882784 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 16:20:41.975178 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:20:42.045732 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:42.159982 osdx ubnt-cfgd[169802]: inactive Nov 12 16:20:42.177484 osdx INFO[169808]: FRR daemons did not change Nov 12 16:20:42.215229 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:20:42.258393 osdx WARNING[169876]: No supported link modes on interface eth0 Nov 12 16:20:42.259777 osdx modulelauncher[169876]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:20:42.259789 osdx modulelauncher[169876]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:20:42.260912 osdx modulelauncher[169876]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Nov 12 16:20:42.260922 osdx modulelauncher[169876]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Nov 12 16:20:42.300047 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:20:42.311389 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:20:42.328944 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:20:42.467793 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 16:20:43.625914 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 99b11ac235cc5a678a924b00c9715f9d99120fb82ed6b147374fd0a314e61844'. Nov 12 16:20:43.784142 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:20:43.862820 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 12 16:20:43.972646 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 12 16:20:44.053632 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSCZsRrCNcxaZ4qSSwDJcV-dmRIPuC7WsUc3T9CjFOYYRApyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Nov 12 16:20:44.202397 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 12 16:20:44.317678 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 12 16:20:44.381251 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 12 16:20:44.484180 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 12 16:20:44.553956 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 12 16:20:44.653363 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:44.729542 osdx ubnt-cfgd[169970]: inactive Nov 12 16:20:44.749360 osdx INFO[169978]: FRR daemons did not change Nov 12 16:20:44.763524 osdx ca-certificates[169992]: Updating certificates in /etc/ssl/certs... Nov 12 16:20:45.269908 osdx ubnt-cfgd[171006]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:20:45.279395 osdx ca-certificates[171011]: 1 added, 0 removed; done. Nov 12 16:20:45.282177 osdx ca-certificates[171018]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:20:45.284830 osdx ca-certificates[171020]: done. Nov 12 16:20:45.383506 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:20:45.384662 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:20:45.387330 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:20:45.401429 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:20:45.401656 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Network connectivity detected Nov 12 16:20:45.401709 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Dropping privileges Nov 12 16:20:45.403945 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Network connectivity detected Nov 12 16:20:45.404002 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:20:45.404002 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:20:45.404002 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 12 16:20:45.404002 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Firefox workaround initialized Nov 12 16:20:45.404002 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp0idzz7gs] Nov 12 16:20:45.415723 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:20:45.605840 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:20:45.727567 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] [RD] OK (DoH) - rtt: 137ms Nov 12 16:20:45.727567 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 137ms) Nov 12 16:20:45.727567 osdx dnscrypt-proxy[171080]: [2025-11-12 16:20:45] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:20:41.283489 osdx systemd-journald[1754]: Runtime Journal (/run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b) is 932.0K, max 6.5M, 5.6M free. Nov 12 16:20:41.284141 osdx systemd-journald[1754]: Received client request to rotate journal, rotating. Nov 12 16:20:41.284229 osdx systemd-journald[1754]: Vacuuming done, freed 0B of archived journals from /run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b. Nov 12 16:20:41.296141 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:41.499684 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:20:42.529399 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:20:42.614105 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 12 16:20:42.684702 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:20:42.780663 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service ssh'. Nov 12 16:20:42.866456 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:42.954952 osdx ubnt-cfgd[332663]: inactive Nov 12 16:20:42.984083 osdx INFO[332675]: FRR daemons did not change Nov 12 16:20:43.008139 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:20:43.060364 osdx WARNING[332743]: No supported link modes on interface eth0 Nov 12 16:20:43.061722 osdx modulelauncher[332743]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:20:43.061736 osdx modulelauncher[332743]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:20:43.062837 osdx modulelauncher[332743]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 16:20:43.062843 osdx modulelauncher[332743]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 16:20:43.160485 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 12 16:20:43.171645 osdx sshd[332794]: Server listening on 0.0.0.0 port 22. Nov 12 16:20:43.171670 osdx sshd[332794]: Server listening on :: port 22. Nov 12 16:20:43.171750 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 12 16:20:43.197630 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:20:43.209871 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:20:43.240072 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:20:43.409158 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 12 16:20:47.742302 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72'. Nov 12 16:20:47.881355 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:20:47.935502 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 12 16:20:48.032787 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 12 16:20:48.096570 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 12 16:20:48.198375 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Nov 12 16:20:48.262388 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:20:48.353535 osdx ubnt-cfgd[332851]: inactive Nov 12 16:20:48.372708 osdx INFO[332859]: FRR daemons did not change Nov 12 16:20:48.389488 osdx ca-certificates[332875]: Updating certificates in /etc/ssl/certs... Nov 12 16:20:48.902705 osdx ubnt-cfgd[333887]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:20:48.910054 osdx ca-certificates[333892]: 1 added, 0 removed; done. Nov 12 16:20:48.912875 osdx ca-certificates[333899]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:20:48.915686 osdx ca-certificates[333901]: done. Nov 12 16:20:48.992855 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:20:48.995383 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:20:48.998966 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:20:49.028144 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:20:49.034263 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:20:49.034437 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Network connectivity detected Nov 12 16:20:49.034618 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Dropping privileges Nov 12 16:20:49.036889 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Network connectivity detected Nov 12 16:20:49.036936 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:20:49.036936 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:20:49.036936 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Firefox workaround initialized Nov 12 16:20:49.036936 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:49] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpspd0a4xo] Nov 12 16:20:49.204458 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:20:51.063606 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:51] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [dns.dut0] using fallback resolvers over tcp Nov 12 16:20:51.326779 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:20:51.457412 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:51] [NOTICE] [DUT0] OK (DoH) - rtt: 144ms Nov 12 16:20:51.457412 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:51] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 144ms) Nov 12 16:20:51.457412 osdx dnscrypt-proxy[333908]: [2025-11-12 16:20:51] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 12 16:20:59.319638 osdx systemd-journald[1872]: Runtime Journal (/run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99) is 1.8M, max 13.8M, 11.9M free. Nov 12 16:20:59.322515 osdx systemd-journald[1872]: Received client request to rotate journal, rotating. Nov 12 16:20:59.322587 osdx systemd-journald[1872]: Vacuuming done, freed 0B of archived journals from /run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99. Nov 12 16:20:59.329531 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:59.537135 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:20:59.883998 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:20:59.985908 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 16:21:00.086516 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:21:00.148286 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:00.259345 osdx ubnt-cfgd[172812]: inactive Nov 12 16:21:00.281928 osdx INFO[172818]: FRR daemons did not change Nov 12 16:21:00.302514 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:21:00.352359 osdx WARNING[172886]: No supported link modes on interface eth0 Nov 12 16:21:00.353849 osdx modulelauncher[172886]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:21:00.353863 osdx modulelauncher[172886]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:21:00.355431 osdx modulelauncher[172886]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Nov 12 16:21:00.355439 osdx modulelauncher[172886]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Nov 12 16:21:00.388875 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:21:00.400171 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:21:00.415389 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:21:00.558692 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 16:21:02.021934 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 12 16:21:02.175797 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:21:02.279340 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 12 16:21:02.371075 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 12 16:21:02.471657 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Nov 12 16:21:02.529191 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Nov 12 16:21:02.665435 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Nov 12 16:21:02.731783 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60'. Nov 12 16:21:02.817735 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 12 16:21:02.888413 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 12 16:21:02.985433 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 12 16:21:03.051282 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 12 16:21:03.160538 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:03.229447 osdx ubnt-cfgd[172984]: inactive Nov 12 16:21:03.254010 osdx INFO[172992]: FRR daemons did not change Nov 12 16:21:03.268770 osdx ca-certificates[173008]: Updating certificates in /etc/ssl/certs... Nov 12 16:21:03.838089 osdx ubnt-cfgd[174020]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:21:03.846944 osdx ca-certificates[174026]: 1 added, 0 removed; done. Nov 12 16:21:03.849856 osdx ca-certificates[174032]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:21:03.852652 osdx ca-certificates[174034]: done. Nov 12 16:21:03.998931 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:21:04.000231 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:21:04.003161 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:21:04.018840 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:21:04.019068 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Network connectivity detected Nov 12 16:21:04.019108 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Dropping privileges Nov 12 16:21:04.021386 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Network connectivity detected Nov 12 16:21:04.021448 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:21:04.021448 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:21:04.021448 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 12 16:21:04.021448 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Firefox workaround initialized Nov 12 16:21:04.021448 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp__ahxj6_] Nov 12 16:21:04.029095 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:21:04.042728 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] [RD] OK (DNSCrypt) - rtt: 20ms Nov 12 16:21:04.042728 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] Server with the lowest initial latency: RD (rtt: 20ms) Nov 12 16:21:04.042831 osdx dnscrypt-proxy[174094]: [2025-11-12 16:21:04] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:20:59.276720 osdx systemd-journald[1754]: Runtime Journal (/run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b) is 956.0K, max 6.5M, 5.5M free. Nov 12 16:20:59.277186 osdx systemd-journald[1754]: Received client request to rotate journal, rotating. Nov 12 16:20:59.277229 osdx systemd-journald[1754]: Vacuuming done, freed 0B of archived journals from /run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b. Nov 12 16:20:59.288021 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:20:59.514918 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:21:00.710208 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:21:00.841199 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 12 16:21:00.916188 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:21:01.004486 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service ssh'. Nov 12 16:21:01.092573 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:01.221103 osdx ubnt-cfgd[335615]: inactive Nov 12 16:21:01.259528 osdx INFO[335627]: FRR daemons did not change Nov 12 16:21:01.285184 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:21:01.351999 osdx WARNING[335695]: No supported link modes on interface eth0 Nov 12 16:21:01.353643 osdx modulelauncher[335695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:21:01.353660 osdx modulelauncher[335695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:21:01.354948 osdx modulelauncher[335695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 16:21:01.354959 osdx modulelauncher[335695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 16:21:01.509645 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 12 16:21:01.540763 osdx sshd[335746]: Server listening on 0.0.0.0 port 22. Nov 12 16:21:01.540799 osdx sshd[335746]: Server listening on :: port 22. Nov 12 16:21:01.540940 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 12 16:21:01.572051 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:21:01.589885 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:21:01.614322 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:21:01.758254 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 12 16:21:04.262312 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:21:04.374830 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 12 16:21:04.432860 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 12 16:21:04.542328 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 12 16:21:04.617196 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 12 16:21:04.728465 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 12 16:21:04.828608 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Nov 12 16:21:04.894364 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72'. Nov 12 16:21:05.071212 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:05.144488 osdx ubnt-cfgd[335804]: inactive Nov 12 16:21:05.167604 osdx INFO[335812]: FRR daemons did not change Nov 12 16:21:05.182476 osdx ca-certificates[335828]: Updating certificates in /etc/ssl/certs... Nov 12 16:21:05.760175 osdx ubnt-cfgd[336840]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:21:05.770661 osdx ca-certificates[336845]: 1 added, 0 removed; done. Nov 12 16:21:05.774448 osdx ca-certificates[336852]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:21:05.778119 osdx ca-certificates[336854]: done. Nov 12 16:21:05.865781 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:21:05.868062 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:21:05.871135 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:21:05.892233 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:21:05.892599 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Network connectivity detected Nov 12 16:21:05.892874 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Dropping privileges Nov 12 16:21:05.895678 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Network connectivity detected Nov 12 16:21:05.895747 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:21:05.895747 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:21:05.895747 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Firefox workaround initialized Nov 12 16:21:05.895747 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:05] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpspvqpsis] Nov 12 16:21:05.899897 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:21:06.078707 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:21:08.016614 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:08] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [dns.dut0] using fallback resolvers over tcp Nov 12 16:21:08.204951 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:08] [NOTICE] [DUT0] OK (DoH) - rtt: 147ms Nov 12 16:21:08.204951 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:08] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 147ms) Nov 12 16:21:08.204951 osdx dnscrypt-proxy[336861]: [2025-11-12 16:21:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1 Nov 12 16:21:08.221048 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'.
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFYMzpKGosLyTSEfy8oI_pDAz8vGYaVPtOYLX-7Ht95gGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFYMzpKGosLyTSEfy8oI_pDAz8vGYaVPtOYLX-7Ht95gGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Nov 12 16:21:17.286425 osdx systemd-journald[1872]: Runtime Journal (/run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99) is 1.8M, max 13.8M, 11.9M free. Nov 12 16:21:17.289266 osdx systemd-journald[1872]: Received client request to rotate journal, rotating. Nov 12 16:21:17.289328 osdx systemd-journald[1872]: Vacuuming done, freed 0B of archived journals from /run/log/journal/04bdf7f70d714c0fb0ef3d9377529e99. Nov 12 16:21:17.298931 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:21:17.534924 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:21:17.896596 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:21:18.048562 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 12 16:21:18.146415 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:21:18.220521 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:18.307957 osdx ubnt-cfgd[175818]: inactive Nov 12 16:21:18.331420 osdx INFO[175824]: FRR daemons did not change Nov 12 16:21:18.353276 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:21:18.404666 osdx WARNING[175892]: No supported link modes on interface eth0 Nov 12 16:21:18.406507 osdx modulelauncher[175892]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:21:18.406521 osdx modulelauncher[175892]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:21:18.408029 osdx modulelauncher[175892]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Nov 12 16:21:18.408040 osdx modulelauncher[175892]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Nov 12 16:21:18.448534 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:21:18.462451 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:21:18.491349 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:21:18.658004 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 12 16:21:20.046047 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Nov 12 16:21:20.183615 osdx OSDxCLI[123608]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 56:0c:ce:92:86:a2:c2:f2:4d:21:1f:cb:ca:08:fe:90:c0:cf:cb:c6:61:a5:4f:b4:e6:0b:5f:ee:c7:b7:de:60 ip 10.215.168.1 port 8443'. Nov 12 16:21:20.326798 osdx OSDxCLI[123608]: User 'admin' entered the configuration menu. Nov 12 16:21:20.405097 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 12 16:21:20.504028 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 12 16:21:20.562899 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIFYMzpKGosLyTSEfy8oI_pDAz8vGYaVPtOYLX-7Ht95gGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Nov 12 16:21:20.668750 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 12 16:21:20.733584 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Nov 12 16:21:20.847050 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Nov 12 16:21:20.904133 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Nov 12 16:21:21.032411 osdx OSDxCLI[123608]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:21.121092 osdx ubnt-cfgd[175987]: inactive Nov 12 16:21:21.141710 osdx INFO[175995]: FRR daemons did not change Nov 12 16:21:21.156122 osdx ca-certificates[176011]: Updating certificates in /etc/ssl/certs... Nov 12 16:21:21.670718 osdx ubnt-cfgd[177023]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:21:21.678633 osdx ca-certificates[177028]: 1 added, 0 removed; done. Nov 12 16:21:21.681457 osdx ca-certificates[177035]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:21:21.684126 osdx ca-certificates[177037]: done. Nov 12 16:21:21.813683 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:21:21.815228 osdx cfgd[1666]: [123608]Completed change to active configuration Nov 12 16:21:21.817524 osdx OSDxCLI[123608]: User 'admin' committed the configuration. Nov 12 16:21:21.837543 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:21:21.837543 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Network connectivity detected Nov 12 16:21:21.837543 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Dropping privileges Nov 12 16:21:21.838983 osdx OSDxCLI[123608]: User 'admin' left the configuration menu. Nov 12 16:21:21.840654 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Network connectivity detected Nov 12 16:21:21.840712 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:21:21.840712 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:21:21.840712 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Nov 12 16:21:21.840771 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Firefox workaround initialized Nov 12 16:21:21.840771 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp_daiqlnz] Nov 12 16:21:21.841817 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Nov 12 16:21:21.841817 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Nov 12 16:21:21.841817 osdx dnscrypt-proxy[177097]: [2025-11-12 16:21:21] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Nov 12 16:21:17.271421 osdx systemd-journald[1754]: Runtime Journal (/run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b) is 956.0K, max 6.5M, 5.5M free. Nov 12 16:21:17.273271 osdx systemd-journald[1754]: Received client request to rotate journal, rotating. Nov 12 16:21:17.273325 osdx systemd-journald[1754]: Vacuuming done, freed 0B of archived journals from /run/log/journal/18feb8e5bb5a49edb7e456ab042ed98b. Nov 12 16:21:17.284444 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal clear'. Nov 12 16:21:17.501659 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system coredump delete all'. Nov 12 16:21:18.789293 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:21:18.961479 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Nov 12 16:21:19.064282 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 12 16:21:19.175190 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service ssh'. Nov 12 16:21:19.273072 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:19.336739 osdx ubnt-cfgd[338567]: inactive Nov 12 16:21:19.370046 osdx INFO[338579]: FRR daemons did not change Nov 12 16:21:19.397278 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 12 16:21:19.445021 osdx WARNING[338647]: No supported link modes on interface eth0 Nov 12 16:21:19.447034 osdx modulelauncher[338647]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Nov 12 16:21:19.447049 osdx modulelauncher[338647]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Nov 12 16:21:19.448248 osdx modulelauncher[338647]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Nov 12 16:21:19.448259 osdx modulelauncher[338647]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Nov 12 16:21:19.550070 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Nov 12 16:21:19.564793 osdx sshd[338698]: Server listening on 0.0.0.0 port 22. Nov 12 16:21:19.564824 osdx sshd[338698]: Server listening on :: port 22. Nov 12 16:21:19.564935 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Nov 12 16:21:19.591162 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:21:19.602916 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:21:19.633929 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:21:19.799778 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Nov 12 16:21:22.040643 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash da2476bcae016fd75352f422b002f97f437155d5d61d0f5f088f9ca83294da72'. Nov 12 16:21:22.173378 osdx OSDxCLI[229492]: User 'admin' entered the configuration menu. Nov 12 16:21:22.281980 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Nov 12 16:21:22.363708 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 12 16:21:22.424585 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 12 16:21:22.527449 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQg2iR2vK4Bb9dTUvQisAL5f0NxVdXWHQ9fCI-cqDKU2nINZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Nov 12 16:21:22.608844 osdx OSDxCLI[229492]: User 'admin' added a new cfg line: 'show working'. Nov 12 16:21:22.704430 osdx ubnt-cfgd[338753]: inactive Nov 12 16:21:22.728670 osdx INFO[338761]: FRR daemons did not change Nov 12 16:21:22.743721 osdx ca-certificates[338777]: Updating certificates in /etc/ssl/certs... Nov 12 16:21:23.309500 osdx ubnt-cfgd[339789]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 12 16:21:23.316915 osdx ca-certificates[339794]: 1 added, 0 removed; done. Nov 12 16:21:23.319670 osdx ca-certificates[339801]: Running hooks in /etc/ca-certificates/update.d... Nov 12 16:21:23.322303 osdx ca-certificates[339803]: done. Nov 12 16:21:23.393810 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 12 16:21:23.395991 osdx cfgd[1453]: [229492]Completed change to active configuration Nov 12 16:21:23.399615 osdx OSDxCLI[229492]: User 'admin' committed the configuration. Nov 12 16:21:23.415495 osdx OSDxCLI[229492]: User 'admin' left the configuration menu. Nov 12 16:21:23.433256 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] dnscrypt-proxy 2.0.45 Nov 12 16:21:23.433511 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Network connectivity detected Nov 12 16:21:23.433537 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Dropping privileges Nov 12 16:21:23.435722 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Network connectivity detected Nov 12 16:21:23.435784 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Nov 12 16:21:23.435784 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Nov 12 16:21:23.435784 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Firefox workaround initialized Nov 12 16:21:23.435784 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Loading the set of cloaking rules from [/tmp/tmprifizdul] Nov 12 16:21:23.583846 osdx OSDxCLI[229492]: User 'admin' executed a new command: 'system journal show | cat'. Nov 12 16:21:23.624671 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] [DUT0] OK (DoH) - rtt: 109ms Nov 12 16:21:23.624671 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 109ms) Nov 12 16:21:23.624671 osdx dnscrypt-proxy[339810]: [2025-11-12 16:21:23] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13