Static Server
Test suite that connects DUT1 over DUT0 using DoH. Meanwhile, DUT0 establishes a connection with the upstream server and forwards DNS queries to it.
Server With Upstream DoH
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56d2dc9783a8c33a68b4b8938777fc5a91749b16b5b6117fa04686ce5ad9496d set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:45:11.318260 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 21:45:11.322032 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 21:45:11.322118 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 21:45:11.330625 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:45:11.579040 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:45:11.899613 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:45:11.995812 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 21:45:12.068560 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:45:12.181667 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:12.257275 osdx ubnt-cfgd[606293]: inactive Dec 17 21:45:12.283383 osdx INFO[606299]: FRR daemons did not change Dec 17 21:45:12.314023 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:45:12.366599 osdx WARNING[606367]: No supported link modes on interface eth0 Dec 17 21:45:12.368589 osdx modulelauncher[606367]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:45:12.368605 osdx modulelauncher[606367]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:45:12.370415 osdx modulelauncher[606367]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:45:12.370441 osdx modulelauncher[606367]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:45:12.415182 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:45:12.431468 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:45:12.463734 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:45:12.660938 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 21:45:12.788340 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:13.921572 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:45:14.010443 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 17 21:45:14.107046 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 17 21:45:14.205634 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 17 21:45:14.320985 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 17 21:45:14.435838 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56d2dc9783a8c33a68b4b8938777fc5a91749b16b5b6117fa04686ce5ad9496d'. Dec 17 21:45:14.504078 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 17 21:45:14.634620 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 17 21:45:14.736750 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 17 21:45:14.814217 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 17 21:45:14.944199 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:15.018454 osdx ubnt-cfgd[606464]: inactive Dec 17 21:45:15.057787 osdx INFO[606472]: FRR daemons did not change Dec 17 21:45:15.070569 osdx ca-certificates[606488]: Updating certificates in /etc/ssl/certs... Dec 17 21:45:15.653406 osdx ubnt-cfgd[607500]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:45:15.664375 osdx ca-certificates[607506]: 1 added, 0 removed; done. Dec 17 21:45:15.667550 osdx ca-certificates[607512]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:45:15.670377 osdx ca-certificates[607514]: done. Dec 17 21:45:15.814467 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:45:15.815931 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:45:15.818971 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:45:15.838748 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:45:15.839036 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Network connectivity detected Dec 17 21:45:15.839126 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Dropping privileges Dec 17 21:45:15.841874 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Network connectivity detected Dec 17 21:45:15.841967 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:45:15.841967 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:45:15.841967 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 17 21:45:15.841967 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Firefox workaround initialized Dec 17 21:45:15.841967 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:15] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp3nccp06e] Dec 17 21:45:15.852320 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:45:16.016380 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:16.049993 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:16] [NOTICE] [RD] OK (DoH) - rtt: 153ms Dec 17 21:45:16.049993 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:16] [NOTICE] Server with the lowest initial latency: RD (rtt: 153ms) Dec 17 21:45:16.049993 osdx dnscrypt-proxy[607574]: [2025-12-17 21:45:16] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:45:11.299279 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c) is 912.0K, max 6.5M, 5.6M free. Dec 17 21:45:11.302967 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Dec 17 21:45:11.303046 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c. Dec 17 21:45:11.310537 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:45:11.564489 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:45:12.797695 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:45:12.895618 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 17 21:45:12.950091 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:45:13.049474 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service ssh'. Dec 17 21:45:13.128003 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:13.233864 osdx ubnt-cfgd[291322]: inactive Dec 17 21:45:13.259225 osdx INFO[291334]: FRR daemons did not change Dec 17 21:45:13.290960 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:45:13.342452 osdx WARNING[291402]: No supported link modes on interface eth0 Dec 17 21:45:13.344017 osdx modulelauncher[291402]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:45:13.344031 osdx modulelauncher[291402]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:45:13.345296 osdx modulelauncher[291402]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:45:13.345305 osdx modulelauncher[291402]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:45:13.455269 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 17 21:45:13.473072 osdx sshd[291453]: Server listening on 0.0.0.0 port 22. Dec 17 21:45:13.473102 osdx sshd[291453]: Server listening on :: port 22. Dec 17 21:45:13.473200 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 17 21:45:13.502286 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:45:13.518647 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:45:13.534365 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:45:13.683819 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 17 21:45:18.349064 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:45:18.454331 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 17 21:45:18.519990 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 17 21:45:18.619543 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 17 21:45:18.693168 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 17 21:45:18.786888 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 17 21:45:18.865523 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 17 21:45:18.963227 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9'. Dec 17 21:45:19.080026 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:19.180723 osdx ubnt-cfgd[291509]: inactive Dec 17 21:45:19.206474 osdx INFO[291517]: FRR daemons did not change Dec 17 21:45:19.220886 osdx ca-certificates[291533]: Updating certificates in /etc/ssl/certs... Dec 17 21:45:19.813911 osdx ubnt-cfgd[292545]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:45:19.824820 osdx ca-certificates[292550]: 1 added, 0 removed; done. Dec 17 21:45:19.829134 osdx ca-certificates[292557]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:45:19.832918 osdx ca-certificates[292559]: done. Dec 17 21:45:19.915578 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:45:19.917856 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:45:19.920910 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:45:19.937183 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:45:19.963110 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:45:19.963866 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Network connectivity detected Dec 17 21:45:19.963866 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Dropping privileges Dec 17 21:45:19.967005 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Network connectivity detected Dec 17 21:45:19.967168 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:45:19.967225 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:45:19.967287 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Firefox workaround initialized Dec 17 21:45:19.967325 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:19] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpuoxgwezj] Dec 17 21:45:20.150318 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:20] [NOTICE] [DUT0] OK (DoH) - rtt: 110ms Dec 17 21:45:20.150318 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 110ms) Dec 17 21:45:20.150318 osdx dnscrypt-proxy[292566]: [2025-12-17 21:45:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DoH With Stamp
Description
Configures DUT0 to connect, using DNS-over-HTTPS (DoH) over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56d2dc9783a8c33a68b4b8938777fc5a91749b16b5b6117fa04686ce5ad9496d at DUT0 and expect this output:
Show output
sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW0tyXg6jDOmi0uJOHd_xakXSbFrW2EX-gRobOWtlJbQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW0tyXg6jDOmi0uJOHd_xakXSbFrW2EX-gRobOWtlJbQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:45:26.349932 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 21:45:26.353250 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 21:45:26.353320 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 21:45:26.361914 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:45:26.595785 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:45:26.843405 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:45:26.925701 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 21:45:27.000072 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:45:27.118162 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:27.192810 osdx ubnt-cfgd[609304]: inactive Dec 17 21:45:27.214027 osdx INFO[609310]: FRR daemons did not change Dec 17 21:45:27.237263 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:45:27.282277 osdx WARNING[609378]: No supported link modes on interface eth0 Dec 17 21:45:27.283893 osdx modulelauncher[609378]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:45:27.283908 osdx modulelauncher[609378]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:45:27.285111 osdx modulelauncher[609378]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:45:27.285121 osdx modulelauncher[609378]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:45:27.322410 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:45:27.334142 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:45:27.360810 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:45:27.551925 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 21:45:27.624527 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:28.792612 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name remote.dns host-path /dns-query host-port 443 ip 10.215.168.1 hash 56d2dc9783a8c33a68b4b8938777fc5a91749b16b5b6117fa04686ce5ad9496d'. Dec 17 21:45:28.933262 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:45:29.047320 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 17 21:45:29.148054 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 17 21:45:29.256313 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AgAAAAAAAAAADDEwLjIxNS4xNjguMSBW0tyXg6jDOmi0uJOHd_xakXSbFrW2EX-gRobOWtlJbQpyZW1vdGUuZG5zCi9kbnMtcXVlcnk'. Dec 17 21:45:29.348002 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 17 21:45:29.410605 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 17 21:45:29.519448 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 17 21:45:29.597579 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 17 21:45:29.720023 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 17 21:45:29.874175 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:29.951860 osdx ubnt-cfgd[609477]: inactive Dec 17 21:45:29.977775 osdx INFO[609485]: FRR daemons did not change Dec 17 21:45:29.993462 osdx ca-certificates[609501]: Updating certificates in /etc/ssl/certs... Dec 17 21:45:30.611156 osdx ubnt-cfgd[610513]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:45:30.619503 osdx ca-certificates[610518]: 1 added, 0 removed; done. Dec 17 21:45:30.623565 osdx ca-certificates[610525]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:45:30.626798 osdx ca-certificates[610527]: done. Dec 17 21:45:30.745613 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:45:30.746908 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:45:30.749336 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:45:30.765686 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:45:30.770544 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:45:30.770779 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Network connectivity detected Dec 17 21:45:30.770945 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Dropping privileges Dec 17 21:45:30.773837 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Network connectivity detected Dec 17 21:45:30.773910 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:45:30.773910 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:45:30.773910 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 17 21:45:30.773910 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Firefox workaround initialized Dec 17 21:45:30.773910 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:30] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp8oj7sodi] Dec 17 21:45:30.942431 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:33.083796 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:35.212528 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:35.833485 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:35] [ERROR] Post "https://remote.dns/dns-query?body_hash=17b578596d5ce1b77e2c4b04f57088713b2892dbbb22b2de1164160075b3c262": net/http: request canceled (Client.Timeout exceeded while awaiting headers) Dec 17 21:45:35.833485 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:35] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable Dec 17 21:45:37.365644 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:39.528978 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:41.640099 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:43.762017 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:45.885249 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:45.985113 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:45] [NOTICE] [RD] OK (DoH) - rtt: 108ms Dec 17 21:45:45.985113 osdx dnscrypt-proxy[610587]: [2025-12-17 21:45:45] [NOTICE] Server with the lowest initial latency: RD (rtt: 108ms)
Step 4: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:45:27.312721 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c) is 932.0K, max 6.5M, 5.6M free. Dec 17 21:45:27.315628 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Dec 17 21:45:27.315704 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c. Dec 17 21:45:27.322686 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:45:27.550931 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:45:28.635742 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:45:28.715813 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 17 21:45:28.800655 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:45:28.869664 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service ssh'. Dec 17 21:45:28.997505 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:29.061412 osdx ubnt-cfgd[294264]: inactive Dec 17 21:45:29.088919 osdx INFO[294276]: FRR daemons did not change Dec 17 21:45:29.111687 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:45:29.159868 osdx WARNING[294344]: No supported link modes on interface eth0 Dec 17 21:45:29.161385 osdx modulelauncher[294344]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:45:29.161399 osdx modulelauncher[294344]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:45:29.162641 osdx modulelauncher[294344]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:45:29.162650 osdx modulelauncher[294344]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:45:29.268090 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 17 21:45:29.281207 osdx sshd[294395]: Server listening on 0.0.0.0 port 22. Dec 17 21:45:29.281233 osdx sshd[294395]: Server listening on :: port 22. Dec 17 21:45:29.281325 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 17 21:45:29.310227 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:45:29.325102 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:45:29.340437 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:45:29.507243 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 17 21:45:49.046111 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9'. Dec 17 21:45:49.194498 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:45:49.263755 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 17 21:45:49.356286 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 17 21:45:49.416550 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 17 21:45:49.512268 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Dec 17 21:45:49.590277 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:45:49.695888 osdx ubnt-cfgd[294452]: inactive Dec 17 21:45:49.716777 osdx INFO[294460]: FRR daemons did not change Dec 17 21:45:49.731013 osdx ca-certificates[294476]: Updating certificates in /etc/ssl/certs... Dec 17 21:45:50.281409 osdx ubnt-cfgd[295488]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:45:50.288757 osdx ca-certificates[295493]: 1 added, 0 removed; done. Dec 17 21:45:50.291851 osdx ca-certificates[295500]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:45:50.294606 osdx ca-certificates[295502]: done. Dec 17 21:45:50.372155 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:45:50.375099 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:45:50.377355 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:45:50.400134 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:45:50.425851 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:45:50.426070 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Network connectivity detected Dec 17 21:45:50.426154 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Dropping privileges Dec 17 21:45:50.428269 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Network connectivity detected Dec 17 21:45:50.428326 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:45:50.428326 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:45:50.428326 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Firefox workaround initialized Dec 17 21:45:50.428326 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:50] [NOTICE] Loading the set of cloaking rules from [/tmp/tmp1azy15i6] Dec 17 21:45:50.557466 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:52.745724 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:54.869220 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:55.508564 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:55] [ERROR] Post "https://dns.dut0:3000/dns-query?body_hash=ba7c815f219252e6ece54a2891b0d63f9ff7f400f8ad62cb12c70134e4ce0ccf": stream error: stream ID 3; INTERNAL_ERROR; received from peer (Client.Timeout exceeded while awaiting headers) Dec 17 21:45:55.508564 osdx dnscrypt-proxy[295509]: [2025-12-17 21:45:55] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable Dec 17 21:45:56.996555 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:45:57.030913 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Dec 17 21:45:59.135428 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:01.249893 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:03.467965 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:05.594435 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:05.725746 osdx dnscrypt-proxy[295509]: [2025-12-17 21:46:05] [NOTICE] [DUT0] OK (DoH) - rtt: 126ms Dec 17 21:46:05.725746 osdx dnscrypt-proxy[295509]: [2025-12-17 21:46:05] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 126ms)
Step 7: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server.
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD protocol dns-crypt ip 10.215.168.1 set service dns proxy static RD protocol dns-crypt port 8443 set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns set service dns proxy static RD protocol dns-crypt provider public-key '5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 17 21:46:13.059247 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Dec 17 21:46:13.000315 osdx systemd-timedated[612334]: Changed local time to Wed 2025-12-17 21:46:13 UTC Dec 17 21:46:13.002040 osdx systemd-journald[123332]: Time jumped backwards, rotating. Dec 17 21:46:13.002131 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'set date 2025-12-17 21:46:13'. Dec 17 21:46:13.319254 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 21:46:13.322044 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 21:46:13.322102 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 21:46:13.329924 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:46:13.553188 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:46:13.803453 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:46:13.881749 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 21:46:13.982729 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:46:14.082259 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:14.171407 osdx ubnt-cfgd[612362]: inactive Dec 17 21:46:14.191190 osdx INFO[612368]: FRR daemons did not change Dec 17 21:46:14.214049 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:46:14.255965 osdx WARNING[612436]: No supported link modes on interface eth0 Dec 17 21:46:14.257372 osdx modulelauncher[612436]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:46:14.257383 osdx modulelauncher[612436]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:46:14.258662 osdx modulelauncher[612436]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:46:14.258670 osdx modulelauncher[612436]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:46:14.292830 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:46:14.304177 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:46:14.319270 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:46:14.480179 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 21:46:14.559538 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:15.682422 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 17 21:46:15.819795 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:46:15.895620 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 17 21:46:15.994364 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 17 21:46:16.050332 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt ip 10.215.168.1'. Dec 17 21:46:16.145769 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt port 8443'. Dec 17 21:46:16.203325 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider name 2.dnscrypt-cert.remote.dns'. Dec 17 21:46:16.300491 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-crypt provider public-key 5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29'. Dec 17 21:46:16.351686 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 17 21:46:16.448886 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 17 21:46:16.503806 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 17 21:46:16.601889 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 17 21:46:16.668062 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:16.750862 osdx ubnt-cfgd[612536]: inactive Dec 17 21:46:16.772659 osdx INFO[612544]: FRR daemons did not change Dec 17 21:46:16.786916 osdx ca-certificates[612560]: Updating certificates in /etc/ssl/certs... Dec 17 21:46:17.344311 osdx ubnt-cfgd[613572]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:46:17.351983 osdx ca-certificates[613577]: 1 added, 0 removed; done. Dec 17 21:46:17.355005 osdx ca-certificates[613584]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:46:17.357827 osdx ca-certificates[613586]: done. Dec 17 21:46:17.478395 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:46:17.479788 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:46:17.482354 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:46:17.497582 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:46:17.497805 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Network connectivity detected Dec 17 21:46:17.497996 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Dropping privileges Dec 17 21:46:17.498755 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:46:17.500798 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Network connectivity detected Dec 17 21:46:17.500844 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:46:17.500844 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:46:17.500844 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 17 21:46:17.500899 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Firefox workaround initialized Dec 17 21:46:17.500899 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpjl9bakxu] Dec 17 21:46:17.511812 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] [RD] OK (DNSCrypt) - rtt: 10ms Dec 17 21:46:17.511812 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] Server with the lowest initial latency: RD (rtt: 10ms) Dec 17 21:46:17.511812 osdx dnscrypt-proxy[613646]: [2025-12-17 21:46:17] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64 set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:46:14.000263 osdx systemd-timedated[297225]: Changed local time to Wed 2025-12-17 21:46:14 UTC Dec 17 21:46:14.002216 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'set date 2025-12-17 21:46:14'. Dec 17 21:46:14.002872 osdx systemd-journald[1556]: Time jumped backwards, rotating. Dec 17 21:46:14.282877 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c) is 964.0K, max 6.5M, 5.5M free. Dec 17 21:46:14.286876 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Dec 17 21:46:14.286934 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c. Dec 17 21:46:14.292857 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:46:14.491460 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:46:15.559646 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:46:15.634139 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 17 21:46:15.710243 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:46:15.781568 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service ssh'. Dec 17 21:46:15.896690 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:15.964922 osdx ubnt-cfgd[297254]: inactive Dec 17 21:46:16.042021 osdx INFO[297266]: FRR daemons did not change Dec 17 21:46:16.066877 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:46:16.115536 osdx WARNING[297334]: No supported link modes on interface eth0 Dec 17 21:46:16.116934 osdx modulelauncher[297334]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:46:16.116947 osdx modulelauncher[297334]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:46:16.118256 osdx modulelauncher[297334]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:46:16.118266 osdx modulelauncher[297334]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:46:16.231615 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 17 21:46:16.242886 osdx sshd[297385]: Server listening on 0.0.0.0 port 22. Dec 17 21:46:16.242912 osdx sshd[297385]: Server listening on :: port 22. Dec 17 21:46:16.242998 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 17 21:46:16.267356 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:46:16.282652 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:46:16.298042 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:46:16.438611 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 17 21:46:18.672363 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:46:18.756113 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 17 21:46:18.860987 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 17 21:46:18.927429 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 17 21:46:19.022340 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Dec 17 21:46:19.088709 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Dec 17 21:46:19.172632 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.64'. Dec 17 21:46:19.233711 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9'. Dec 17 21:46:19.361770 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:19.453390 osdx ubnt-cfgd[297441]: inactive Dec 17 21:46:19.481831 osdx INFO[297449]: FRR daemons did not change Dec 17 21:46:19.495003 osdx ca-certificates[297465]: Updating certificates in /etc/ssl/certs... Dec 17 21:46:20.021697 osdx ubnt-cfgd[298477]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:46:20.029918 osdx ca-certificates[298482]: 1 added, 0 removed; done. Dec 17 21:46:20.032995 osdx ca-certificates[298489]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:46:20.035927 osdx ca-certificates[298491]: done. Dec 17 21:46:20.127363 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:46:20.130775 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:46:20.137147 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:46:20.146515 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:46:20.146694 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Network connectivity detected Dec 17 21:46:20.146811 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Dropping privileges Dec 17 21:46:20.148870 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Network connectivity detected Dec 17 21:46:20.148916 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:46:20.148916 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:46:20.148916 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Firefox workaround initialized Dec 17 21:46:20.148916 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpu3fjfqni] Dec 17 21:46:20.161583 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:46:20.317450 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:20.363938 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] [DUT0] OK (DoH) - rtt: 114ms Dec 17 21:46:20.363938 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 114ms) Dec 17 21:46:20.363938 osdx dnscrypt-proxy[298498]: [2025-12-17 21:46:20] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 6: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13
Server With Upstream DNSCrypt With Stamp
Description
Configures DUT0 to connect, using DNSCrypt over an upstream server (generating a DNS stamp and using it to configure the connection).
Scenario
Step 1: Run command service dns proxy dnscrypt public-key running://dnscrypt.crt at DUT0 and expect this output:
Show output
5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29
Step 2: Run command service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29 ip 10.215.168.1 port 8443 at DUT0 and expect this output:
Show output
sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIF448q9zdTM-Olg-2Cx7U58ZZtKM8GGNoGJZXTTmjqEpGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns proxy server-name RD set service dns proxy static RD stamp 'sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIF448q9zdTM-Olg-2Cx7U58ZZtKM8GGNoGJZXTTmjqEpGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z' set service dns resolver local set service dns static host-name teldat.com inet 10.11.12.13 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[RD\] OK \(DNSCrypt\) - rtt: \d+ms$Show output
Dec 17 21:46:29.308479 osdx systemd-journald[123332]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.9M, max 13.8M, 11.8M free. Dec 17 21:46:29.311220 osdx systemd-journald[123332]: Received client request to rotate journal, rotating. Dec 17 21:46:29.311296 osdx systemd-journald[123332]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 21:46:29.320032 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:46:29.549829 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:46:29.801596 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:46:29.908284 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 17 21:46:29.976997 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:46:30.081511 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:30.142187 osdx ubnt-cfgd[615369]: inactive Dec 17 21:46:30.166807 osdx INFO[615375]: FRR daemons did not change Dec 17 21:46:30.191227 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:46:30.235696 osdx WARNING[615443]: No supported link modes on interface eth0 Dec 17 21:46:30.237263 osdx modulelauncher[615443]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:46:30.237276 osdx modulelauncher[615443]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:46:30.238543 osdx modulelauncher[615443]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:46:30.238554 osdx modulelauncher[615443]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:46:30.276375 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:46:30.288143 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:46:30.304818 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:46:30.450730 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 21:46:30.519562 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:31.551933 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'service dns proxy dnscrypt public-key running://dnscrypt.crt'. Dec 17 21:46:31.666722 osdx OSDxCLI[476020]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-crypt provider-name 2.dnscrypt-cert.remote.dns provider-key 5e:38:f2:af:73:75:33:3e:3a:58:3e:d8:2c:7b:53:9f:19:66:d2:8c:f0:61:8d:a0:62:59:5d:34:e6:8e:a1:29 ip 10.215.168.1 port 8443'. Dec 17 21:46:31.811274 osdx OSDxCLI[476020]: User 'admin' entered the configuration menu. Dec 17 21:46:31.895155 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 17 21:46:32.012653 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 17 21:46:32.105484 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy static RD stamp sdns://AQAAAAAAAAAAETEwLjIxNS4xNjguMTo4NDQzIF448q9zdTM-Olg-2Cx7U58ZZtKM8GGNoGJZXTTmjqEpGjIuZG5zY3J5cHQtY2VydC5yZW1vdGUuZG5z'. Dec 17 21:46:32.206927 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns resolver local'. Dec 17 21:46:32.310024 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert file running://dns.dut0.crt'. Dec 17 21:46:32.474241 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns proxy server cert key running://dns.dut0.key'. Dec 17 21:46:32.527392 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'set service dns static host-name teldat.com inet 10.11.12.13'. Dec 17 21:46:32.635469 osdx OSDxCLI[476020]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:32.701447 osdx ubnt-cfgd[615543]: inactive Dec 17 21:46:32.728686 osdx INFO[615551]: FRR daemons did not change Dec 17 21:46:32.749424 osdx ca-certificates[615567]: Updating certificates in /etc/ssl/certs... Dec 17 21:46:33.316457 osdx ubnt-cfgd[616579]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:46:33.326983 osdx ca-certificates[616585]: 1 added, 0 removed; done. Dec 17 21:46:33.331560 osdx ca-certificates[616591]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:46:33.335421 osdx ca-certificates[616593]: done. Dec 17 21:46:33.459581 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:46:33.461074 osdx cfgd[1460]: [476020]Completed change to active configuration Dec 17 21:46:33.463709 osdx OSDxCLI[476020]: User 'admin' committed the configuration. Dec 17 21:46:33.486165 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:46:33.486383 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Network connectivity detected Dec 17 21:46:33.486502 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Dropping privileges Dec 17 21:46:33.489577 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Network connectivity detected Dec 17 21:46:33.489640 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:46:33.489640 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:46:33.489690 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Now listening to https://[::]:3000/dns-query [DoH] Dec 17 21:46:33.489690 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Firefox workaround initialized Dec 17 21:46:33.489733 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpb8fedry5] Dec 17 21:46:33.490191 osdx OSDxCLI[476020]: User 'admin' left the configuration menu. Dec 17 21:46:33.490679 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] [RD] OK (DNSCrypt) - rtt: 0ms Dec 17 21:46:33.490679 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] Server with the lowest initial latency: RD (rtt: 0ms) Dec 17 21:46:33.490679 osdx dnscrypt-proxy[616653]: [2025-12-17 21:46:33] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 5: Run command service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9 at DUT1 and expect this output:
Show output
sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5
Step 6: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.215.168.65/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name DUT0 set service dns proxy static DUT0 stamp 'sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5' set service dns static host-name dns.dut0 inet 10.215.168.64 set service ssh set system certificate trust 'running://CA.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command system journal show | cat at DUT1 and check if output matches the following regular expressions:
(?m)^.*\[DUT0\] OK \(DoH\) - rtt: \d+ms$Show output
Dec 17 21:46:29.271595 osdx systemd-journald[1556]: Runtime Journal (/run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c) is 1012.0K, max 6.5M, 5.5M free. Dec 17 21:46:29.273105 osdx systemd-journald[1556]: Received client request to rotate journal, rotating. Dec 17 21:46:29.273169 osdx systemd-journald[1556]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c6a6a8e2d9d640e4bbdbbcec0635592c. Dec 17 21:46:29.286687 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal clear'. Dec 17 21:46:29.518674 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 21:46:30.524090 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:46:30.612697 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.65/24'. Dec 17 21:46:30.688972 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 17 21:46:30.762117 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service ssh'. Dec 17 21:46:30.869008 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:30.938755 osdx ubnt-cfgd[300200]: inactive Dec 17 21:46:30.969553 osdx INFO[300212]: FRR daemons did not change Dec 17 21:46:30.993081 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 21:46:31.043186 osdx WARNING[300280]: No supported link modes on interface eth0 Dec 17 21:46:31.045111 osdx modulelauncher[300280]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 21:46:31.045127 osdx modulelauncher[300280]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 21:46:31.046756 osdx modulelauncher[300280]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 21:46:31.046766 osdx modulelauncher[300280]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 21:46:31.149599 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 17 21:46:31.162384 osdx sshd[300331]: Server listening on 0.0.0.0 port 22. Dec 17 21:46:31.162415 osdx sshd[300331]: Server listening on :: port 22. Dec 17 21:46:31.162535 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 17 21:46:31.191173 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:46:31.203532 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:46:31.220675 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:46:31.356485 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'ping 10.215.168.64 count 1 size 56 timeout 1'. Dec 17 21:46:33.674221 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'service dns proxy stamp calculate dns-over-https host-name dns.dut0 host-path /dns-query host-port 3000 ip 10.215.168.64 hash 727657aa445ba5cdb16eac1d54737da21d1968b8cbd7076492b70bb9806730c9'. Dec 17 21:46:33.824747 osdx OSDxCLI[67921]: User 'admin' entered the configuration menu. Dec 17 21:46:33.884869 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.64'. Dec 17 21:46:33.967847 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Dec 17 21:46:34.042146 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Dec 17 21:46:34.145151 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 stamp sdns://AgAAAAAAAAAADTEwLjIxNS4xNjguNjQgcnZXqkRbpc2xbqwdVHN9oh0ZaLjL1wdkkrcLuYBnMMkNZG5zLmR1dDA6MzAwMAovZG5zLXF1ZXJ5'. Dec 17 21:46:34.214124 osdx OSDxCLI[67921]: User 'admin' added a new cfg line: 'show working'. Dec 17 21:46:34.310359 osdx ubnt-cfgd[300386]: inactive Dec 17 21:46:34.335771 osdx INFO[300394]: FRR daemons did not change Dec 17 21:46:34.352038 osdx ca-certificates[300410]: Updating certificates in /etc/ssl/certs... Dec 17 21:46:34.924662 osdx ubnt-cfgd[301422]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Dec 17 21:46:34.932259 osdx ca-certificates[301428]: 1 added, 0 removed; done. Dec 17 21:46:34.935332 osdx ca-certificates[301434]: Running hooks in /etc/ca-certificates/update.d... Dec 17 21:46:34.938249 osdx ca-certificates[301436]: done. Dec 17 21:46:35.029563 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Dec 17 21:46:35.030949 osdx cfgd[1255]: [67921]Completed change to active configuration Dec 17 21:46:35.033303 osdx OSDxCLI[67921]: User 'admin' committed the configuration. Dec 17 21:46:35.050780 osdx OSDxCLI[67921]: User 'admin' left the configuration menu. Dec 17 21:46:35.056953 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] dnscrypt-proxy 2.0.45 Dec 17 21:46:35.057130 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Network connectivity detected Dec 17 21:46:35.057228 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Dropping privileges Dec 17 21:46:35.059390 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Network connectivity detected Dec 17 21:46:35.059434 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Dec 17 21:46:35.059434 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Dec 17 21:46:35.059434 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Firefox workaround initialized Dec 17 21:46:35.059434 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Loading the set of cloaking rules from [/tmp/tmphk6y6_c6] Dec 17 21:46:35.237110 osdx OSDxCLI[67921]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 21:46:35.240308 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] [DUT0] OK (DoH) - rtt: 101ms Dec 17 21:46:35.240308 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] Server with the lowest initial latency: DUT0 (rtt: 101ms) Dec 17 21:46:35.240308 osdx dnscrypt-proxy[301443]: [2025-12-17 21:46:35] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Step 8: Run command show host lookup teldat.com type A at DUT1 and check if output contains the following tokens:
teldat.com has address 10.11.12.13Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 10.11.12.13