Source
Test suite to validate using one or multiple ciphers to protect DoH connection
Valid Source
Description
Configures a valid source with the expected minisign key and checks that everything works.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key RWTETPPuIeyvrUO58wyZkAg+2TtFBIadjV0TN8clB5vexuqKenR26xtY set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[rd-server\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 20 10:27:58.302322 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 10:27:58.302816 osdx systemd-journald[2054]: Received client request to rotate journal, rotating. Mar 20 10:27:58.302888 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 10:27:58.312413 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'. Mar 20 10:27:58.534093 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 10:27:58.758201 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu. Mar 20 10:27:58.841205 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 20 10:27:58.914613 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 20 10:27:59.018120 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'. Mar 20 10:27:59.079345 osdx ubnt-cfgd[339693]: inactive Mar 20 10:27:59.100119 osdx INFO[339699]: FRR daemons did not change Mar 20 10:27:59.130818 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 10:27:59.172255 osdx WARNING[339768]: No supported link modes on interface eth0 Mar 20 10:27:59.174045 osdx modulelauncher[339768]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 10:27:59.174058 osdx modulelauncher[339768]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 10:27:59.175608 osdx modulelauncher[339768]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 10:27:59.175617 osdx modulelauncher[339768]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 10:27:59.213863 osdx cfgd[1833]: [183021]Completed change to active configuration Mar 20 10:27:59.224892 osdx OSDxCLI[183021]: User 'admin' committed the configuration. Mar 20 10:27:59.252492 osdx OSDxCLI[183021]: User 'admin' left the configuration menu. Mar 20 10:27:59.416288 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 20 10:27:59.481758 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 10:27:59.685700 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu. Mar 20 10:27:59.742012 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 20 10:27:59.839089 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'. Mar 20 10:27:59.894945 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key RWTETPPuIeyvrUO58wyZkAg+2TtFBIadjV0TN8clB5vexuqKenR26xtY'. Mar 20 10:27:59.986812 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name rd-server'. Mar 20 10:28:00.064029 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'. Mar 20 10:28:00.151606 osdx ubnt-cfgd[339862]: inactive Mar 20 10:28:00.174153 osdx INFO[339870]: FRR daemons did not change Mar 20 10:28:00.188679 osdx ca-certificates[339886]: Updating certificates in /etc/ssl/certs... Mar 20 10:28:00.726008 osdx ubnt-cfgd[340898]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 20 10:28:00.733944 osdx ca-certificates[340903]: 1 added, 0 removed; done. Mar 20 10:28:00.737796 osdx ca-certificates[340910]: Running hooks in /etc/ca-certificates/update.d... Mar 20 10:28:00.741280 osdx ca-certificates[340912]: done. Mar 20 10:28:00.807207 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 20 10:28:00.808679 osdx cfgd[1833]: [183021]Completed change to active configuration Mar 20 10:28:00.811132 osdx OSDxCLI[183021]: User 'admin' committed the configuration. Mar 20 10:28:00.834374 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] dnscrypt-proxy 2.0.45 Mar 20 10:28:00.834602 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Network connectivity detected Mar 20 10:28:00.834648 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Dropping privileges Mar 20 10:28:00.837353 osdx OSDxCLI[183021]: User 'admin' left the configuration menu. Mar 20 10:28:00.837819 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Network connectivity detected Mar 20 10:28:00.837858 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 20 10:28:00.837858 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 20 10:28:00.846973 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-gdf7z4zhwpkqnwpf.tmp: permission denied Mar 20 10:28:00.846973 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Source [RD] loaded Mar 20 10:28:00.847064 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [WARNING] Missing stamp for server [server-name`] Mar 20 10:28:00.847064 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [WARNING] Error in source [RD]: [Missing stamp for server [server-name`]] -- Continuing with reduced server count [1] Mar 20 10:28:00.847064 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Firefox workaround initialized Mar 20 10:28:00.847064 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpl346qcta] Mar 20 10:28:00.877545 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] [rd-server] OK (DoH) - rtt: 12ms Mar 20 10:28:00.877545 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] Server with the lowest initial latency: rd-server (rtt: 12ms) Mar 20 10:28:00.877545 osdx dnscrypt-proxy[340916]: [2026-03-20 10:28:00] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Valid Source With Prefix
Description
Configures a valid source with the expected minisign key and checks that everything works. Additionally, uses a prefix to avoid the duplicity of servers with the same name.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy server-name PRIVATE-rd-server set service dns proxy source RD minisign-key RWTETPPuIeyvrUO58wyZkAg+2TtFBIadjV0TN8clB5vexuqKenR26xtY set service dns proxy source RD prefix PRIVATE- set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
(?m)^.*\[PRIVATE-rd-server\] OK \(DoH\) - rtt: \d+ms$Show output
Mar 20 10:28:05.000241 osdx systemd-timedated[273200]: Changed local time to Fri 2026-03-20 10:28:05 UTC Mar 20 10:28:05.001440 osdx systemd-journald[2054]: Time jumped backwards, rotating. Mar 20 10:28:05.001856 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'set date 2026-03-20 10:28:05'. Mar 20 10:28:05.324360 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 10:28:05.325448 osdx systemd-journald[2054]: Received client request to rotate journal, rotating. Mar 20 10:28:05.325523 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 10:28:05.337638 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'. Mar 20 10:28:05.556893 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 10:28:05.808084 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu. Mar 20 10:28:05.892046 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 20 10:28:05.965078 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 20 10:28:06.072265 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'. Mar 20 10:28:06.134631 osdx ubnt-cfgd[342612]: inactive Mar 20 10:28:06.155740 osdx INFO[342618]: FRR daemons did not change Mar 20 10:28:06.189450 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 10:28:06.233124 osdx WARNING[342687]: No supported link modes on interface eth0 Mar 20 10:28:06.234499 osdx modulelauncher[342687]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 10:28:06.234512 osdx modulelauncher[342687]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 10:28:06.235762 osdx modulelauncher[342687]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 10:28:06.235773 osdx modulelauncher[342687]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 10:28:06.275544 osdx cfgd[1833]: [183021]Completed change to active configuration Mar 20 10:28:06.286732 osdx OSDxCLI[183021]: User 'admin' committed the configuration. Mar 20 10:28:06.310781 osdx OSDxCLI[183021]: User 'admin' left the configuration menu. Mar 20 10:28:06.492482 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 20 10:28:06.567430 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 10:28:06.732834 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu. Mar 20 10:28:06.816938 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 20 10:28:06.930992 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy source RD url http://10.215.168.1/~robot/RD-resolver.md'. Mar 20 10:28:06.987649 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy source RD minisign-key RWTETPPuIeyvrUO58wyZkAg+2TtFBIadjV0TN8clB5vexuqKenR26xtY'. Mar 20 10:28:07.081257 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy source RD prefix PRIVATE-'. Mar 20 10:28:07.143743 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name PRIVATE-rd-server'. Mar 20 10:28:07.307611 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'. Mar 20 10:28:07.366184 osdx ubnt-cfgd[342782]: inactive Mar 20 10:28:07.384969 osdx INFO[342790]: FRR daemons did not change Mar 20 10:28:07.397804 osdx ca-certificates[342806]: Updating certificates in /etc/ssl/certs... Mar 20 10:28:07.909809 osdx ubnt-cfgd[343818]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 20 10:28:07.921099 osdx ca-certificates[343824]: 1 added, 0 removed; done. Mar 20 10:28:07.924025 osdx ca-certificates[343830]: Running hooks in /etc/ca-certificates/update.d... Mar 20 10:28:07.926880 osdx ca-certificates[343832]: done. Mar 20 10:28:08.001800 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 20 10:28:08.002990 osdx cfgd[1833]: [183021]Completed change to active configuration Mar 20 10:28:08.004881 osdx OSDxCLI[183021]: User 'admin' committed the configuration. Mar 20 10:28:08.023536 osdx OSDxCLI[183021]: User 'admin' left the configuration menu. Mar 20 10:28:08.023742 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] dnscrypt-proxy 2.0.45 Mar 20 10:28:08.023915 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Network connectivity detected Mar 20 10:28:08.024070 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Dropping privileges Mar 20 10:28:08.026707 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Network connectivity detected Mar 20 10:28:08.026759 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Mar 20 10:28:08.026759 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Mar 20 10:28:08.027989 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [WARNING] /var/cache/dnscrypt-proxy/RD.md: open /var/cache/dnscrypt-proxy/sf-oqwchrj7g3hgxpzc.tmp: permission denied Mar 20 10:28:08.027989 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Source [RD] loaded Mar 20 10:28:08.028062 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [WARNING] Missing stamp for server [PRIVATE-server-name`] Mar 20 10:28:08.028062 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [WARNING] Error in source [RD]: [Missing stamp for server [PRIVATE-server-name`]] -- Continuing with reduced server count [1] Mar 20 10:28:08.028062 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Firefox workaround initialized Mar 20 10:28:08.028062 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Loading the set of cloaking rules from [/tmp/tmpk4qnzb1h] Mar 20 10:28:08.056761 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] [PRIVATE-rd-server] OK (DoH) - rtt: 13ms Mar 20 10:28:08.056761 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] Server with the lowest initial latency: PRIVATE-rd-server (rtt: 13ms) Mar 20 10:28:08.056761 osdx dnscrypt-proxy[343836]: [2026-03-20 10:28:08] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Invalid Source
Description
Configures an invalid source with a random minisign key and expects it to fail.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy log level 0 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key ZkVuV51JgXK2NSFdheaECucV set service dns proxy source RD url 'http://10.215.168.1/~robot/invalid-source' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Invalid Minisign Key
Description
Configures a valid source but with an incorrect minisign key, which should fail.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy log level 0 set service dns proxy server-name rd-server set service dns proxy source RD minisign-key InvalidMinisignKey== set service dns proxy source RD url 'http://10.215.168.1/~robot/RD-resolver.md' set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'