Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-02-26 19:03:23 UTC, end at Mon 2024-02-26 19:03:34 UTC. -- Feb 26 19:03:23.422193 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:03:23.439864 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:03:24.112300 osdx osdx-coredump[8259]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:03:24.123248 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:03:25.170967 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:25.292454 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:03:25.437227 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:03:25.587216 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:03:25.710436 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:25.764922 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:25.814045 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:26.020386 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:03:26.257442 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:26.381898 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:03:26.497975 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:03:26.630692 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:03:26.730565 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:03:26.852417 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:03:26.962002 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 26 19:03:27.073240 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:03:27.189508 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:03:27.307057 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:03:27.477325 osdx ca-certificates[8394]: Updating certificates in /etc/ssl/certs... Feb 26 19:03:28.285211 osdx ca-certificates[9376]: 1 added, 0 removed; done. Feb 26 19:03:28.292765 osdx ca-certificates[9382]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:03:28.299491 osdx ca-certificates[9386]: done. Feb 26 19:03:28.394055 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:03:28.397975 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:28.409064 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:28.451915 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:28.704574 osdx dnscrypt-proxy[9390]: dnscrypt-proxy 2.0.45 Feb 26 19:03:28.705141 osdx dnscrypt-proxy[9390]: Network connectivity detected Feb 26 19:03:28.705738 osdx dnscrypt-proxy[9390]: Dropping privileges Feb 26 19:03:28.708985 osdx dnscrypt-proxy[9390]: Network connectivity detected Feb 26 19:03:28.709364 osdx dnscrypt-proxy[9390]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:03:28.709488 osdx dnscrypt-proxy[9390]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:03:28.709640 osdx dnscrypt-proxy[9390]: Firefox workaround initialized Feb 26 19:03:28.709758 osdx dnscrypt-proxy[9390]: Loading the set of cloaking rules from [/tmp/tmpJSQkQ8] Feb 26 19:03:29.040112 osdx dnscrypt-proxy[9390]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 26 19:03:29.040418 osdx dnscrypt-proxy[9390]: [RD] OK (DoH) - rtt: 216ms Feb 26 19:03:29.040560 osdx dnscrypt-proxy[9390]: Server with the lowest initial latency: RD (rtt: 216ms) Feb 26 19:03:29.040685 osdx dnscrypt-proxy[9390]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:03:34.707866 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-02-26 19:03:45 UTC, end at Mon 2024-02-26 19:03:50 UTC. -- Feb 26 19:03:45.420890 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:03:45.438911 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:03:46.103878 osdx osdx-coredump[11011]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:03:46.115555 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:03:47.195752 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:47.319567 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:03:47.459658 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:03:47.614913 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:03:47.733507 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:47.790037 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:47.839458 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:48.045346 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:03:48.288204 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:48.411043 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:03:48.526031 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:03:48.648321 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:03:48.763863 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:03:48.884668 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:03:48.993044 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 26 19:03:49.106496 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:03:49.225538 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:03:49.340988 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:03:49.493149 osdx ca-certificates[11146]: Updating certificates in /etc/ssl/certs... Feb 26 19:03:50.267323 osdx ca-certificates[12130]: 1 added, 0 removed; done. Feb 26 19:03:50.275514 osdx ca-certificates[12134]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:03:50.281626 osdx ca-certificates[12138]: done. Feb 26 19:03:50.370193 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:03:50.373721 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:50.384854 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:50.408221 osdx dnscrypt-proxy[12142]: dnscrypt-proxy 2.0.45 Feb 26 19:03:50.408812 osdx dnscrypt-proxy[12142]: Network connectivity detected Feb 26 19:03:50.409542 osdx dnscrypt-proxy[12142]: Dropping privileges Feb 26 19:03:50.412956 osdx dnscrypt-proxy[12142]: Network connectivity detected Feb 26 19:03:50.413472 osdx dnscrypt-proxy[12142]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:03:50.413595 osdx dnscrypt-proxy[12142]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:03:50.413736 osdx dnscrypt-proxy[12142]: Firefox workaround initialized Feb 26 19:03:50.413861 osdx dnscrypt-proxy[12142]: Loading the set of cloaking rules from [/tmp/tmpr0Y_wg] Feb 26 19:03:50.432889 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:50.583010 osdx dnscrypt-proxy[12142]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 26 19:03:50.585569 osdx dnscrypt-proxy[12142]: [RD] OK (DoH) - rtt: 119ms Feb 26 19:03:50.585719 osdx dnscrypt-proxy[12142]: Server with the lowest initial latency: RD (rtt: 119ms) Feb 26 19:03:50.586880 osdx dnscrypt-proxy[12142]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:03:50.639242 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-02-26 19:03:50 UTC, end at Mon 2024-02-26 19:04:03 UTC. -- Feb 26 19:03:50.969497 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:03:50.987188 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:03:51.445676 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:51.559746 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:03:51.722059 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:03:51.827374 osdx dnscrypt-proxy[12142]: Stopped. Feb 26 19:03:51.829211 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:03:51.830027 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:03:51.830516 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:03:51.958605 osdx ca-certificates[12214]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:03:52.362197 osdx ca-certificates[12772]: done. Feb 26 19:03:52.371075 osdx ca-certificates[12777]: Updating certificates in /etc/ssl/certs... Feb 26 19:03:53.043568 osdx ca-certificates[13615]: 137 added, 0 removed; done. Feb 26 19:03:53.051152 osdx ca-certificates[13620]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:03:53.057798 osdx ca-certificates[13623]: done. Feb 26 19:03:53.110062 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:53.115353 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:53.163954 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:54.784653 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:03:54.905486 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:03:55.047827 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:03:55.170513 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:03:55.284655 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:03:55.404847 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:03:55.514571 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 26 19:03:55.624946 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:03:55.742524 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:03:55.857780 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:03:56.016741 osdx ca-certificates[13669]: Updating certificates in /etc/ssl/certs... Feb 26 19:03:56.789419 osdx ca-certificates[14653]: 1 added, 0 removed; done. Feb 26 19:03:56.797090 osdx ca-certificates[14657]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:03:56.803980 osdx ca-certificates[14661]: done. Feb 26 19:03:56.830913 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:03:57.039506 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:03:57.043145 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:03:57.092424 osdx dnscrypt-proxy[14716]: dnscrypt-proxy 2.0.45 Feb 26 19:03:57.093074 osdx dnscrypt-proxy[14716]: Network connectivity detected Feb 26 19:03:57.095521 osdx dnscrypt-proxy[14716]: Dropping privileges Feb 26 19:03:57.108704 osdx dnscrypt-proxy[14716]: Network connectivity detected Feb 26 19:03:57.108763 osdx dnscrypt-proxy[14716]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:03:57.108774 osdx dnscrypt-proxy[14716]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:03:57.108809 osdx dnscrypt-proxy[14716]: Firefox workaround initialized Feb 26 19:03:57.108819 osdx dnscrypt-proxy[14716]: Loading the set of cloaking rules from [/tmp/tmpU3FQ9B] Feb 26 19:03:57.143990 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:03:57.185592 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:03:57.415730 osdx dnscrypt-proxy[14716]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 26 19:03:57.415759 osdx dnscrypt-proxy[14716]: [RD] OK (DoH) - rtt: 206ms Feb 26 19:03:57.415774 osdx dnscrypt-proxy[14716]: Server with the lowest initial latency: RD (rtt: 206ms) Feb 26 19:03:57.415784 osdx dnscrypt-proxy[14716]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:04:03.383188 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-02-26 19:04:03 UTC, end at Mon 2024-02-26 19:04:10 UTC. -- Feb 26 19:04:03.735618 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:04:03.753392 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:04:04.194761 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:04.308603 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:04:04.470288 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:04:04.576802 osdx dnscrypt-proxy[14716]: Stopped. Feb 26 19:04:04.578580 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:04:04.579413 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:04:04.579892 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:04:04.707567 osdx ca-certificates[14809]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:04:05.110374 osdx ca-certificates[15367]: done. Feb 26 19:04:05.121102 osdx ca-certificates[15374]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:05.791169 osdx ca-certificates[16210]: 137 added, 0 removed; done. Feb 26 19:04:05.799320 osdx ca-certificates[16214]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:05.805423 osdx ca-certificates[16218]: done. Feb 26 19:04:05.857439 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:05.862791 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:05.894685 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:07.495380 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:07.616898 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:04:07.731945 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:04:07.854503 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:04:07.969036 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:04:08.091533 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:04:08.201964 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 26 19:04:08.311923 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:04:08.447608 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:08.565087 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:08.722129 osdx ca-certificates[16264]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:09.494136 osdx ca-certificates[17248]: 1 added, 0 removed; done. Feb 26 19:04:09.501711 osdx ca-certificates[17252]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:09.508552 osdx ca-certificates[17256]: done. Feb 26 19:04:09.534914 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:04:09.741094 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:04:09.744699 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:09.792515 osdx dnscrypt-proxy[17311]: dnscrypt-proxy 2.0.45 Feb 26 19:04:09.793183 osdx dnscrypt-proxy[17311]: Network connectivity detected Feb 26 19:04:09.795360 osdx dnscrypt-proxy[17311]: Dropping privileges Feb 26 19:04:09.804405 osdx dnscrypt-proxy[17311]: Network connectivity detected Feb 26 19:04:09.804855 osdx dnscrypt-proxy[17311]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:04:09.804977 osdx dnscrypt-proxy[17311]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:04:09.805124 osdx dnscrypt-proxy[17311]: Firefox workaround initialized Feb 26 19:04:09.805242 osdx dnscrypt-proxy[17311]: Loading the set of cloaking rules from [/tmp/tmp8retD9] Feb 26 19:04:09.852366 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:09.887998 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:10.022891 osdx dnscrypt-proxy[17311]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:04:10.022920 osdx dnscrypt-proxy[17311]: [RD] OK (DoH) - rtt: 117ms Feb 26 19:04:10.022936 osdx dnscrypt-proxy[17311]: Server with the lowest initial latency: RD (rtt: 117ms) Feb 26 19:04:10.022947 osdx dnscrypt-proxy[17311]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:04:10.083693 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-02-26 19:04:20 UTC, end at Mon 2024-02-26 19:04:25 UTC. -- Feb 26 19:04:20.444360 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:04:20.463489 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:04:21.162427 osdx osdx-coredump[18950]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:04:21.173060 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:04:22.227932 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:22.350207 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:22.492296 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:22.643553 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:04:22.764651 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:22.820881 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:22.870541 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:23.077122 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:04:23.316622 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:23.438948 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:04:23.580912 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:04:23.704451 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:04:23.818364 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:04:23.939909 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:04:24.048757 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:04:24.159751 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:04:24.277940 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:24.394587 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:24.546581 osdx ca-certificates[19085]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:25.326980 osdx ca-certificates[20069]: 1 added, 0 removed; done. Feb 26 19:04:25.334650 osdx ca-certificates[20073]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:25.341514 osdx ca-certificates[20077]: done. Feb 26 19:04:25.429873 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:04:25.433471 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:25.445307 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:25.467343 osdx dnscrypt-proxy[20081]: dnscrypt-proxy 2.0.45 Feb 26 19:04:25.467973 osdx dnscrypt-proxy[20081]: Network connectivity detected Feb 26 19:04:25.468712 osdx dnscrypt-proxy[20081]: Dropping privileges Feb 26 19:04:25.472290 osdx dnscrypt-proxy[20081]: Network connectivity detected Feb 26 19:04:25.472777 osdx dnscrypt-proxy[20081]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:04:25.472899 osdx dnscrypt-proxy[20081]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:04:25.473073 osdx dnscrypt-proxy[20081]: Firefox workaround initialized Feb 26 19:04:25.473199 osdx dnscrypt-proxy[20081]: Loading the set of cloaking rules from [/tmp/tmp4ptWTF] Feb 26 19:04:25.474632 osdx dnscrypt-proxy[20081]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 26 19:04:25.488485 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:25.655007 osdx dnscrypt-proxy[20081]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:04:25.655036 osdx dnscrypt-proxy[20081]: [RD] OK (DoH) - rtt: 132ms Feb 26 19:04:25.655052 osdx dnscrypt-proxy[20081]: Server with the lowest initial latency: RD (rtt: 132ms) Feb 26 19:04:25.655062 osdx dnscrypt-proxy[20081]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-02-26 19:04:36 UTC, end at Mon 2024-02-26 19:04:41 UTC. -- Feb 26 19:04:36.428118 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:04:36.445954 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:04:37.116604 osdx osdx-coredump[21695]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:04:37.128405 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:04:38.172684 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:38.295896 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:38.437359 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:38.589830 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:04:38.711181 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:38.766242 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:38.817821 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:39.027777 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:04:39.268908 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:39.391074 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:04:39.504365 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:04:39.626431 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:04:39.741137 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:04:39.864133 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:04:39.975790 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:04:40.093685 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:04:40.214360 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:40.334278 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:40.490661 osdx ca-certificates[21830]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:41.293337 osdx ca-certificates[22814]: 1 added, 0 removed; done. Feb 26 19:04:41.301620 osdx ca-certificates[22818]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:41.308129 osdx ca-certificates[22822]: done. Feb 26 19:04:41.401886 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:04:41.406255 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:41.412891 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:41.447532 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:41.448938 osdx dnscrypt-proxy[22826]: dnscrypt-proxy 2.0.45 Feb 26 19:04:41.449058 osdx dnscrypt-proxy[22826]: Network connectivity detected Feb 26 19:04:41.449537 osdx dnscrypt-proxy[22826]: Dropping privileges Feb 26 19:04:41.453627 osdx dnscrypt-proxy[22826]: Network connectivity detected Feb 26 19:04:41.454110 osdx dnscrypt-proxy[22826]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:04:41.454247 osdx dnscrypt-proxy[22826]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:04:41.454396 osdx dnscrypt-proxy[22826]: Firefox workaround initialized Feb 26 19:04:41.454526 osdx dnscrypt-proxy[22826]: Loading the set of cloaking rules from [/tmp/tmpDfZJAO] Feb 26 19:04:41.456133 osdx dnscrypt-proxy[22826]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 26 19:04:41.626162 osdx dnscrypt-proxy[22826]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:04:41.626191 osdx dnscrypt-proxy[22826]: [RD] OK (DoH) - rtt: 124ms Feb 26 19:04:41.626207 osdx dnscrypt-proxy[22826]: Server with the lowest initial latency: RD (rtt: 124ms) Feb 26 19:04:41.626218 osdx dnscrypt-proxy[22826]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-02-26 19:04:41 UTC, end at Mon 2024-02-26 19:04:48 UTC. -- Feb 26 19:04:41.856317 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:04:41.873879 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:04:42.335941 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:42.450206 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:04:42.612778 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:04:42.718327 osdx dnscrypt-proxy[22826]: Stopped. Feb 26 19:04:42.720040 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:04:42.720895 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:04:42.721396 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:04:42.852096 osdx ca-certificates[22892]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:04:43.255247 osdx ca-certificates[23450]: done. Feb 26 19:04:43.264158 osdx ca-certificates[23455]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:43.946649 osdx ca-certificates[24293]: 137 added, 0 removed; done. Feb 26 19:04:43.959037 osdx ca-certificates[24297]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:43.965811 osdx ca-certificates[24301]: done. Feb 26 19:04:44.017673 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:44.023089 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:44.058888 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:45.705683 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:45.828688 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:04:45.968361 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:04:46.090516 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:04:46.204378 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:04:46.326179 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:04:46.434083 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 26 19:04:46.544745 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:04:46.662482 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:46.779769 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:46.939218 osdx ca-certificates[24347]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:47.708153 osdx ca-certificates[25333]: 1 added, 0 removed; done. Feb 26 19:04:47.715708 osdx ca-certificates[25337]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:47.722391 osdx ca-certificates[25341]: done. Feb 26 19:04:47.749187 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:04:47.960054 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:04:47.963741 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:48.010334 osdx dnscrypt-proxy[25396]: dnscrypt-proxy 2.0.45 Feb 26 19:04:48.010992 osdx dnscrypt-proxy[25396]: Network connectivity detected Feb 26 19:04:48.013562 osdx dnscrypt-proxy[25396]: Dropping privileges Feb 26 19:04:48.022352 osdx dnscrypt-proxy[25396]: Network connectivity detected Feb 26 19:04:48.022788 osdx dnscrypt-proxy[25396]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:04:48.022910 osdx dnscrypt-proxy[25396]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:04:48.023053 osdx dnscrypt-proxy[25396]: Firefox workaround initialized Feb 26 19:04:48.023171 osdx dnscrypt-proxy[25396]: Loading the set of cloaking rules from [/tmp/tmpv20LXk] Feb 26 19:04:48.024962 osdx dnscrypt-proxy[25396]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 26 19:04:48.076250 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:48.132983 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:48.238626 osdx dnscrypt-proxy[25396]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:04:48.238909 osdx dnscrypt-proxy[25396]: [RD] OK (DoH) - rtt: 125ms Feb 26 19:04:48.238927 osdx dnscrypt-proxy[25396]: Server with the lowest initial latency: RD (rtt: 125ms) Feb 26 19:04:48.238939 osdx dnscrypt-proxy[25396]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-02-26 19:04:48 UTC, end at Mon 2024-02-26 19:04:54 UTC. -- Feb 26 19:04:48.507317 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:04:48.525112 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:04:48.967662 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:49.082289 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:04:49.219598 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:04:49.324823 osdx dnscrypt-proxy[25396]: Stopped. Feb 26 19:04:49.326596 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:04:49.327422 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:04:49.327915 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:04:49.455848 osdx ca-certificates[25477]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:04:49.858247 osdx ca-certificates[26035]: done. Feb 26 19:04:49.867140 osdx ca-certificates[26040]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:50.540043 osdx ca-certificates[26878]: 137 added, 0 removed; done. Feb 26 19:04:50.547631 osdx ca-certificates[26882]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:50.554335 osdx ca-certificates[26886]: done. Feb 26 19:04:50.606237 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:50.611461 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:50.663462 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:52.302447 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:04:52.424908 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:04:52.563868 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:04:52.685229 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:04:52.799660 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:04:52.919612 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:04:53.027306 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:04:53.143430 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 26 19:04:53.253717 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:04:53.371760 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:04:53.486672 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:04:53.646950 osdx ca-certificates[26933]: Updating certificates in /etc/ssl/certs... Feb 26 19:04:54.421227 osdx ca-certificates[27918]: 1 added, 0 removed; done. Feb 26 19:04:54.428952 osdx ca-certificates[27923]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:04:54.435036 osdx ca-certificates[27926]: done. Feb 26 19:04:54.461537 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:04:54.669885 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:04:54.673198 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:04:54.722385 osdx dnscrypt-proxy[27981]: dnscrypt-proxy 2.0.45 Feb 26 19:04:54.723066 osdx dnscrypt-proxy[27981]: Network connectivity detected Feb 26 19:04:54.729013 osdx dnscrypt-proxy[27981]: Dropping privileges Feb 26 19:04:54.738664 osdx dnscrypt-proxy[27981]: Network connectivity detected Feb 26 19:04:54.739169 osdx dnscrypt-proxy[27981]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:04:54.739298 osdx dnscrypt-proxy[27981]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:04:54.739440 osdx dnscrypt-proxy[27981]: Firefox workaround initialized Feb 26 19:04:54.739557 osdx dnscrypt-proxy[27981]: Loading the set of cloaking rules from [/tmp/tmpxj2NhM] Feb 26 19:04:54.741188 osdx dnscrypt-proxy[27981]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 26 19:04:54.776593 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:04:54.811836 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:04:54.951048 osdx dnscrypt-proxy[27981]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:04:54.951077 osdx dnscrypt-proxy[27981]: [RD] OK (DoH) - rtt: 117ms Feb 26 19:04:54.951092 osdx dnscrypt-proxy[27981]: Server with the lowest initial latency: RD (rtt: 117ms) Feb 26 19:04:54.951103 osdx dnscrypt-proxy[27981]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-02-26 19:05:05 UTC, end at Mon 2024-02-26 19:05:10 UTC. -- Feb 26 19:05:05.426274 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:05.444237 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:06.113492 osdx osdx-coredump[29618]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 26 19:05:06.125367 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system coredump delete all'. Feb 26 19:05:07.165620 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:07.287990 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:07.430583 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:07.584358 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:07.702727 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:07.758230 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:07.809627 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:08.017286 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 26 19:05:08.253132 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:08.375878 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:08.518415 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:08.640943 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:08.756905 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:08.878174 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:08.986521 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:05:09.105459 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 26 19:05:09.216369 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:09.334230 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:09.453710 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:09.606440 osdx ca-certificates[29754]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:10.380543 osdx ca-certificates[30738]: 1 added, 0 removed; done. Feb 26 19:05:10.388732 osdx ca-certificates[30742]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:10.394849 osdx ca-certificates[30746]: done. Feb 26 19:05:10.484534 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:10.488128 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:10.513903 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:10.530043 osdx dnscrypt-proxy[30750]: dnscrypt-proxy 2.0.45 Feb 26 19:05:10.530603 osdx dnscrypt-proxy[30750]: Network connectivity detected Feb 26 19:05:10.531313 osdx dnscrypt-proxy[30750]: Dropping privileges Feb 26 19:05:10.534549 osdx dnscrypt-proxy[30750]: Network connectivity detected Feb 26 19:05:10.535088 osdx dnscrypt-proxy[30750]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:10.535101 osdx dnscrypt-proxy[30750]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:10.535134 osdx dnscrypt-proxy[30750]: Firefox workaround initialized Feb 26 19:05:10.535145 osdx dnscrypt-proxy[30750]: Loading the set of cloaking rules from [/tmp/tmpXQ2fmC] Feb 26 19:05:10.551879 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:10.712052 osdx dnscrypt-proxy[30750]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 26 19:05:10.712082 osdx dnscrypt-proxy[30750]: [RD] OK (DoH) - rtt: 128ms Feb 26 19:05:10.712099 osdx dnscrypt-proxy[30750]: Server with the lowest initial latency: RD (rtt: 128ms) Feb 26 19:05:10.712109 osdx dnscrypt-proxy[30750]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:10.751492 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-02-26 19:05:11 UTC, end at Mon 2024-02-26 19:05:23 UTC. -- Feb 26 19:05:11.083619 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:11.101374 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:11.545011 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:11.658856 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:05:11.817067 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:05:11.922991 osdx dnscrypt-proxy[30750]: Stopped. Feb 26 19:05:11.924815 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:05:11.925626 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:05:11.926108 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:05:12.054888 osdx ca-certificates[30822]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:05:12.458563 osdx ca-certificates[31380]: done. Feb 26 19:05:12.467538 osdx ca-certificates[31385]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:13.141080 osdx ca-certificates[32223]: 137 added, 0 removed; done. Feb 26 19:05:13.149238 osdx ca-certificates[32227]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:13.155347 osdx ca-certificates[32231]: done. Feb 26 19:05:13.207280 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:13.212603 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:13.259911 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:14.874790 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:14.997138 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:15.142443 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:15.265675 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:15.380198 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:15.502895 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:15.611681 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:05:15.729880 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 26 19:05:15.839773 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:15.958984 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:16.075997 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:16.235181 osdx ca-certificates[32278]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:17.010921 osdx ca-certificates[806]: 1 added, 0 removed; done. Feb 26 19:05:17.018463 osdx ca-certificates[810]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:17.025247 osdx ca-certificates[815]: done. Feb 26 19:05:17.052361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:17.261847 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:17.264717 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:17.313846 osdx dnscrypt-proxy[874]: dnscrypt-proxy 2.0.45 Feb 26 19:05:17.314484 osdx dnscrypt-proxy[874]: Network connectivity detected Feb 26 19:05:17.316475 osdx dnscrypt-proxy[874]: Dropping privileges Feb 26 19:05:17.326026 osdx dnscrypt-proxy[874]: Network connectivity detected Feb 26 19:05:17.326524 osdx dnscrypt-proxy[874]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:17.326654 osdx dnscrypt-proxy[874]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:17.326795 osdx dnscrypt-proxy[874]: Firefox workaround initialized Feb 26 19:05:17.326912 osdx dnscrypt-proxy[874]: Loading the set of cloaking rules from [/tmp/tmpPXrU8S] Feb 26 19:05:17.372801 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:17.408361 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:17.647622 osdx dnscrypt-proxy[874]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 26 19:05:17.647669 osdx dnscrypt-proxy[874]: [RD] OK (DoH) - rtt: 223ms Feb 26 19:05:17.647695 osdx dnscrypt-proxy[874]: Server with the lowest initial latency: RD (rtt: 223ms) Feb 26 19:05:17.647712 osdx dnscrypt-proxy[874]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:23.605086 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-02-26 19:05:23 UTC, end at Mon 2024-02-26 19:05:30 UTC. -- Feb 26 19:05:23.906539 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:23.924255 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:24.360157 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:24.474726 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:05:24.633069 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:05:24.739386 osdx dnscrypt-proxy[874]: Stopped. Feb 26 19:05:24.741211 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:05:24.742015 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:05:24.742489 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:05:24.870162 osdx ca-certificates[975]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:05:25.267735 osdx ca-certificates[1548]: done. Feb 26 19:05:25.278176 osdx ca-certificates[1552]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:25.947377 osdx ca-certificates[2391]: 137 added, 0 removed; done. Feb 26 19:05:25.955452 osdx ca-certificates[2396]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:25.961437 osdx ca-certificates[2399]: done. Feb 26 19:05:26.013781 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:26.019314 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:26.069047 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:27.730959 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:27.854885 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:27.970496 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:28.094450 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:28.208525 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:28.330809 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:28.439677 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 26 19:05:28.559042 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 26 19:05:28.670254 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:28.789546 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:28.905820 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:29.066884 osdx ca-certificates[2446]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:29.846173 osdx ca-certificates[3433]: 1 added, 0 removed; done. Feb 26 19:05:29.853810 osdx ca-certificates[3437]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:29.860592 osdx ca-certificates[3441]: done. Feb 26 19:05:29.888383 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:30.094673 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:30.098326 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:30.146052 osdx dnscrypt-proxy[3496]: dnscrypt-proxy 2.0.45 Feb 26 19:05:30.146715 osdx dnscrypt-proxy[3496]: Network connectivity detected Feb 26 19:05:30.149224 osdx dnscrypt-proxy[3496]: Dropping privileges Feb 26 19:05:30.158595 osdx dnscrypt-proxy[3496]: Network connectivity detected Feb 26 19:05:30.161728 osdx dnscrypt-proxy[3496]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:30.161741 osdx dnscrypt-proxy[3496]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:30.161778 osdx dnscrypt-proxy[3496]: Firefox workaround initialized Feb 26 19:05:30.161788 osdx dnscrypt-proxy[3496]: Loading the set of cloaking rules from [/tmp/tmpCWadcy] Feb 26 19:05:30.202889 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:30.243713 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:30.365449 osdx dnscrypt-proxy[3496]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:05:30.365732 osdx dnscrypt-proxy[3496]: [RD] OK (DoH) - rtt: 111ms Feb 26 19:05:30.365751 osdx dnscrypt-proxy[3496]: Server with the lowest initial latency: RD (rtt: 111ms) Feb 26 19:05:30.365762 osdx dnscrypt-proxy[3496]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:30.436248 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-02-26 19:05:30 UTC, end at Mon 2024-02-26 19:05:37 UTC. -- Feb 26 19:05:30.740904 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:30.758591 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:31.198660 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:31.312000 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:05:31.448223 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:05:31.578388 osdx dnscrypt-proxy[3496]: Stopped. Feb 26 19:05:31.580155 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:05:31.581043 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:05:31.581532 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:05:31.709680 osdx ca-certificates[3584]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:05:32.115410 osdx ca-certificates[4142]: done. Feb 26 19:05:32.124415 osdx ca-certificates[4147]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:32.802334 osdx ca-certificates[4985]: 137 added, 0 removed; done. Feb 26 19:05:32.809924 osdx ca-certificates[4989]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:32.816650 osdx ca-certificates[4993]: done. Feb 26 19:05:32.869115 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:32.874277 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:32.906237 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:34.533544 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:34.655755 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:34.796088 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:34.919345 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:35.030121 osdx systemd[1]: systemd-timedated.service: Succeeded. Feb 26 19:05:35.038668 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:35.157129 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:35.267490 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 26 19:05:35.384608 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 26 19:05:35.495976 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:35.614711 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:35.730595 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:35.889082 osdx ca-certificates[5042]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:36.670759 osdx ca-certificates[6026]: 1 added, 0 removed; done. Feb 26 19:05:36.678558 osdx ca-certificates[6030]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:36.685486 osdx ca-certificates[6034]: done. Feb 26 19:05:36.712362 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:36.920756 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:36.924416 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:36.974077 osdx dnscrypt-proxy[6089]: dnscrypt-proxy 2.0.45 Feb 26 19:05:36.974669 osdx dnscrypt-proxy[6089]: Network connectivity detected Feb 26 19:05:36.976511 osdx dnscrypt-proxy[6089]: Dropping privileges Feb 26 19:05:36.989896 osdx dnscrypt-proxy[6089]: Network connectivity detected Feb 26 19:05:36.990380 osdx dnscrypt-proxy[6089]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:36.990392 osdx dnscrypt-proxy[6089]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:36.990618 osdx dnscrypt-proxy[6089]: Firefox workaround initialized Feb 26 19:05:36.990758 osdx dnscrypt-proxy[6089]: Loading the set of cloaking rules from [/tmp/tmpUne8h5] Feb 26 19:05:37.025490 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:37.067046 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:37.209595 osdx dnscrypt-proxy[6089]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 26 19:05:37.209625 osdx dnscrypt-proxy[6089]: [RD] OK (DoH) - rtt: 121ms Feb 26 19:05:37.209641 osdx dnscrypt-proxy[6089]: Server with the lowest initial latency: RD (rtt: 121ms) Feb 26 19:05:37.209651 osdx dnscrypt-proxy[6089]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:37.265618 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-02-26 19:05:37 UTC, end at Mon 2024-02-26 19:05:44 UTC. -- Feb 26 19:05:37.566472 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:37.584229 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:38.020734 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:38.134879 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:05:38.299730 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:05:38.405562 osdx dnscrypt-proxy[6089]: Stopped. Feb 26 19:05:38.407308 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:05:38.408156 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:05:38.408676 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:05:38.537212 osdx ca-certificates[6177]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:05:38.943371 osdx ca-certificates[6735]: done. Feb 26 19:05:38.952492 osdx ca-certificates[6740]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:39.634676 osdx ca-certificates[7579]: 137 added, 0 removed; done. Feb 26 19:05:39.642375 osdx ca-certificates[7583]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:39.649323 osdx ca-certificates[7587]: done. Feb 26 19:05:39.701276 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:39.706592 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:39.738040 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:41.360229 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:41.484868 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:41.624270 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:41.750155 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:41.870563 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:41.992987 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:42.101527 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 26 19:05:42.218593 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 26 19:05:42.329274 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:42.448139 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:42.564050 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:42.722420 osdx ca-certificates[7634]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:43.503368 osdx ca-certificates[8618]: 1 added, 0 removed; done. Feb 26 19:05:43.511047 osdx ca-certificates[8622]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:43.517841 osdx ca-certificates[8626]: done. Feb 26 19:05:43.544357 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:43.752548 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:43.756129 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:43.803770 osdx dnscrypt-proxy[8681]: dnscrypt-proxy 2.0.45 Feb 26 19:05:43.804400 osdx dnscrypt-proxy[8681]: Network connectivity detected Feb 26 19:05:43.808506 osdx dnscrypt-proxy[8681]: Dropping privileges Feb 26 19:05:43.818071 osdx dnscrypt-proxy[8681]: Network connectivity detected Feb 26 19:05:43.818562 osdx dnscrypt-proxy[8681]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:43.818692 osdx dnscrypt-proxy[8681]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:43.818835 osdx dnscrypt-proxy[8681]: Firefox workaround initialized Feb 26 19:05:43.818955 osdx dnscrypt-proxy[8681]: Loading the set of cloaking rules from [/tmp/tmp68Eytb] Feb 26 19:05:43.858411 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:43.899094 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:44.037976 osdx dnscrypt-proxy[8681]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 26 19:05:44.038007 osdx dnscrypt-proxy[8681]: [RD] OK (DoH) - rtt: 126ms Feb 26 19:05:44.038024 osdx dnscrypt-proxy[8681]: Server with the lowest initial latency: RD (rtt: 126ms) Feb 26 19:05:44.038034 osdx dnscrypt-proxy[8681]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:44.096381 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-02-26 19:05:44 UTC, end at Mon 2024-02-26 19:05:50 UTC. -- Feb 26 19:05:44.398618 osdx systemd-journald[1369]: Runtime journal (/run/log/journal/bb5e03885d754db09ee63ec3d68ce029) is 2.0M, max 16.0M, 14.0M free. Feb 26 19:05:44.416481 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'system journal clear'. Feb 26 19:05:44.854466 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:44.968810 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'delete'. Feb 26 19:05:45.104238 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 26 19:05:45.239544 osdx dnscrypt-proxy[8681]: Stopped. Feb 26 19:05:45.241350 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 26 19:05:45.242165 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 26 19:05:45.242635 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 26 19:05:45.373504 osdx ca-certificates[8768]: Clearing symlinks in /etc/ssl/certs... Feb 26 19:05:45.781833 osdx ca-certificates[9326]: done. Feb 26 19:05:45.790739 osdx ca-certificates[9331]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:46.473132 osdx ca-certificates[10169]: 137 added, 0 removed; done. Feb 26 19:05:46.481397 osdx ca-certificates[10173]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:46.487463 osdx ca-certificates[10177]: done. Feb 26 19:05:46.539896 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:46.545082 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:46.576949 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:48.219142 osdx OSDxCLI[2572]: User 'admin' entered the configuration menu. Feb 26 19:05:48.341567 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 26 19:05:48.457200 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 26 19:05:48.578992 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 26 19:05:48.694139 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 26 19:05:48.815771 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash d2be24e65ff372013da62ec4ec3f6031758ee573acef6552a41a6d4de0353831'. Feb 26 19:05:48.925861 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 26 19:05:49.044289 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 26 19:05:49.155249 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 26 19:05:49.274250 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 26 19:05:49.391193 osdx OSDxCLI[2572]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 26 19:05:49.550191 osdx ca-certificates[10224]: Updating certificates in /etc/ssl/certs... Feb 26 19:05:50.332860 osdx ca-certificates[11209]: 1 added, 0 removed; done. Feb 26 19:05:50.341134 osdx ca-certificates[11213]: Running hooks in /etc/ca-certificates/update.d... Feb 26 19:05:50.347309 osdx ca-certificates[11217]: done. Feb 26 19:05:50.373361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 26 19:05:50.581073 osdx systemd[1]: Started DNSCrypt client proxy. Feb 26 19:05:50.584690 osdx cfgd[997]: [2572]Completed change to active configuration Feb 26 19:05:50.635395 osdx dnscrypt-proxy[11272]: dnscrypt-proxy 2.0.45 Feb 26 19:05:50.637816 osdx dnscrypt-proxy[11272]: Network connectivity detected Feb 26 19:05:50.638550 osdx dnscrypt-proxy[11272]: Dropping privileges Feb 26 19:05:50.645931 osdx dnscrypt-proxy[11272]: Network connectivity detected Feb 26 19:05:50.646446 osdx dnscrypt-proxy[11272]: Now listening to 127.0.0.1:53 [UDP] Feb 26 19:05:50.646578 osdx dnscrypt-proxy[11272]: Now listening to 127.0.0.1:53 [TCP] Feb 26 19:05:50.646720 osdx dnscrypt-proxy[11272]: Firefox workaround initialized Feb 26 19:05:50.646838 osdx dnscrypt-proxy[11272]: Loading the set of cloaking rules from [/tmp/tmpubozN6] Feb 26 19:05:50.686430 osdx OSDxCLI[2572]: User 'admin' committed the configuration. Feb 26 19:05:50.747325 osdx OSDxCLI[2572]: User 'admin' left the configuration menu. Feb 26 19:05:50.870800 osdx dnscrypt-proxy[11272]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 26 19:05:50.871084 osdx dnscrypt-proxy[11272]: [RD] OK (DoH) - rtt: 129ms Feb 26 19:05:50.871225 osdx dnscrypt-proxy[11272]: Server with the lowest initial latency: RD (rtt: 129ms) Feb 26 19:05:50.871238 osdx dnscrypt-proxy[11272]: dnscrypt-proxy is ready - live servers: 1 Feb 26 19:05:50.954917 osdx OSDxCLI[2572]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.