Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-12-02 20:17:10 UTC, end at Mon 2024-12-02 20:17:16 UTC. -- Dec 02 20:17:10.568729 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:17:10.614856 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:17:11.517434 osdx osdx-coredump[16198]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:17:11.532235 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:17:12.827858 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:13.049561 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:13.190541 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:13.365002 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:17:13.503954 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:13.565465 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:13.615739 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:13.817819 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:17:14.049263 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:14.165521 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:17:14.335199 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:17:14.461969 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:17:14.570234 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:17:14.690644 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:17:14.813114 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Dec 02 20:17:14.940415 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:17:15.052383 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:15.177423 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:15.349978 osdx ca-certificates[16337]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:16.160826 osdx ca-certificates[17322]: 1 added, 0 removed; done. Dec 02 20:17:16.166415 osdx ca-certificates[17328]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:16.171907 osdx ca-certificates[17330]: done. Dec 02 20:17:16.265086 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:17:16.268103 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:16.272111 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:16.299542 osdx dnscrypt-proxy[17334]: dnscrypt-proxy 2.0.45 Dec 02 20:17:16.299637 osdx dnscrypt-proxy[17334]: Network connectivity detected Dec 02 20:17:16.300051 osdx dnscrypt-proxy[17334]: Dropping privileges Dec 02 20:17:16.303498 osdx dnscrypt-proxy[17334]: Network connectivity detected Dec 02 20:17:16.303562 osdx dnscrypt-proxy[17334]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:17:16.303573 osdx dnscrypt-proxy[17334]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:17:16.303621 osdx dnscrypt-proxy[17334]: Firefox workaround initialized Dec 02 20:17:16.303634 osdx dnscrypt-proxy[17334]: Loading the set of cloaking rules from [/tmp/tmpzRSxA6] Dec 02 20:17:16.306628 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:16.451235 osdx dnscrypt-proxy[17334]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Dec 02 20:17:16.451265 osdx dnscrypt-proxy[17334]: [RD] OK (DoH) - rtt: 107ms Dec 02 20:17:16.451279 osdx dnscrypt-proxy[17334]: Server with the lowest initial latency: RD (rtt: 107ms) Dec 02 20:17:16.451288 osdx dnscrypt-proxy[17334]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:17:16.495525 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-12-02 20:17:27 UTC, end at Mon 2024-12-02 20:17:33 UTC. -- Dec 02 20:17:27.463967 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:17:27.496196 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:17:28.292497 osdx osdx-coredump[18964]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:17:28.303315 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:17:29.611585 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:29.796223 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:29.931929 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:30.167179 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:17:30.344241 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:30.398825 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:30.431641 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:30.716492 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:17:30.912275 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:31.028014 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:17:31.167452 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:17:31.302356 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:17:31.408947 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:17:31.533439 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:17:31.696732 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Dec 02 20:17:31.800352 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:17:31.984427 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:32.123140 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:32.298074 osdx ca-certificates[19104]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:33.038121 osdx ca-certificates[20088]: 1 added, 0 removed; done. Dec 02 20:17:33.043641 osdx ca-certificates[20094]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:33.048976 osdx ca-certificates[20096]: done. Dec 02 20:17:33.121415 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:17:33.124419 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:33.128837 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:33.144572 osdx dnscrypt-proxy[20100]: dnscrypt-proxy 2.0.45 Dec 02 20:17:33.144648 osdx dnscrypt-proxy[20100]: Network connectivity detected Dec 02 20:17:33.144976 osdx dnscrypt-proxy[20100]: Dropping privileges Dec 02 20:17:33.148683 osdx dnscrypt-proxy[20100]: Network connectivity detected Dec 02 20:17:33.148742 osdx dnscrypt-proxy[20100]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:17:33.148751 osdx dnscrypt-proxy[20100]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:17:33.148787 osdx dnscrypt-proxy[20100]: Firefox workaround initialized Dec 02 20:17:33.148797 osdx dnscrypt-proxy[20100]: Loading the set of cloaking rules from [/tmp/tmpQ5_chn] Dec 02 20:17:33.160040 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:33.291302 osdx dnscrypt-proxy[20100]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Dec 02 20:17:33.291328 osdx dnscrypt-proxy[20100]: [RD] OK (DoH) - rtt: 104ms Dec 02 20:17:33.291343 osdx dnscrypt-proxy[20100]: Server with the lowest initial latency: RD (rtt: 104ms) Dec 02 20:17:33.291351 osdx dnscrypt-proxy[20100]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:17:33.382375 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-12-02 20:17:33 UTC, end at Mon 2024-12-02 20:17:41 UTC. -- Dec 02 20:17:33.726491 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:17:33.764094 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:17:34.188967 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:34.331898 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:17:34.506685 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:17:34.693312 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:17:34.693952 osdx dnscrypt-proxy[20100]: Stopped. Dec 02 20:17:34.695869 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:17:34.696296 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:17:34.865559 osdx ca-certificates[20179]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:17:35.397202 osdx ca-certificates[20736]: done. Dec 02 20:17:35.402444 osdx ca-certificates[20739]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:36.093037 osdx ca-certificates[21580]: 137 added, 0 removed; done. Dec 02 20:17:36.099641 osdx ca-certificates[21587]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:36.106090 osdx ca-certificates[21589]: done. Dec 02 20:17:36.152731 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:36.157702 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:36.190121 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:38.089709 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:38.270389 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:17:38.447258 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:17:38.630789 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:17:38.771418 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:17:38.893668 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:17:39.076369 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Dec 02 20:17:39.196572 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:17:39.360610 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:39.484822 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:39.696649 osdx ca-certificates[21630]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:40.727761 osdx ca-certificates[22614]: 1 added, 0 removed; done. Dec 02 20:17:40.734368 osdx ca-certificates[22621]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:40.740752 osdx ca-certificates[22623]: done. Dec 02 20:17:40.767182 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:17:41.025352 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:17:41.034243 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:41.059138 osdx dnscrypt-proxy[22687]: dnscrypt-proxy 2.0.45 Dec 02 20:17:41.059257 osdx dnscrypt-proxy[22687]: Network connectivity detected Dec 02 20:17:41.059725 osdx dnscrypt-proxy[22687]: Dropping privileges Dec 02 20:17:41.070379 osdx dnscrypt-proxy[22687]: Network connectivity detected Dec 02 20:17:41.070440 osdx dnscrypt-proxy[22687]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:17:41.070450 osdx dnscrypt-proxy[22687]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:17:41.070484 osdx dnscrypt-proxy[22687]: Firefox workaround initialized Dec 02 20:17:41.070494 osdx dnscrypt-proxy[22687]: Loading the set of cloaking rules from [/tmp/tmpkgw85I] Dec 02 20:17:41.100882 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:41.163771 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:41.301201 osdx dnscrypt-proxy[22687]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Dec 02 20:17:41.301231 osdx dnscrypt-proxy[22687]: [RD] OK (DoH) - rtt: 127ms Dec 02 20:17:41.301252 osdx dnscrypt-proxy[22687]: Server with the lowest initial latency: RD (rtt: 127ms) Dec 02 20:17:41.301263 osdx dnscrypt-proxy[22687]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:17:41.384035 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-12-02 20:17:41 UTC, end at Mon 2024-12-02 20:17:50 UTC. -- Dec 02 20:17:41.846333 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:17:41.871658 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:17:42.529395 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:42.717766 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:17:42.923508 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:17:43.184401 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:17:43.185080 osdx dnscrypt-proxy[22687]: Stopped. Dec 02 20:17:43.187336 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:17:43.187858 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:17:43.366935 osdx ca-certificates[22782]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:17:44.198330 osdx ca-certificates[23339]: done. Dec 02 20:17:44.205238 osdx ca-certificates[23347]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:45.168336 osdx ca-certificates[24183]: 137 added, 0 removed; done. Dec 02 20:17:45.179327 osdx ca-certificates[24189]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:45.187026 osdx ca-certificates[24191]: done. Dec 02 20:17:45.248632 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:45.254124 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:45.305535 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:47.294686 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:17:47.478337 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:17:47.631130 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:17:47.803229 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:17:47.949041 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:17:48.087785 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:17:48.199621 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Dec 02 20:17:48.302387 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:17:48.440731 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:17:48.553492 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:17:48.703358 osdx ca-certificates[24233]: Updating certificates in /etc/ssl/certs... Dec 02 20:17:49.548891 osdx ca-certificates[25217]: 1 added, 0 removed; done. Dec 02 20:17:49.554233 osdx ca-certificates[25224]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:17:49.560178 osdx ca-certificates[25226]: done. Dec 02 20:17:49.587174 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:17:49.806490 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:17:49.814236 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:17:49.853382 osdx dnscrypt-proxy[25290]: dnscrypt-proxy 2.0.45 Dec 02 20:17:49.853491 osdx dnscrypt-proxy[25290]: Network connectivity detected Dec 02 20:17:49.854037 osdx dnscrypt-proxy[25290]: Dropping privileges Dec 02 20:17:49.879179 osdx dnscrypt-proxy[25290]: Network connectivity detected Dec 02 20:17:49.879234 osdx dnscrypt-proxy[25290]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:17:49.879244 osdx dnscrypt-proxy[25290]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:17:49.879278 osdx dnscrypt-proxy[25290]: Firefox workaround initialized Dec 02 20:17:49.879287 osdx dnscrypt-proxy[25290]: Loading the set of cloaking rules from [/tmp/tmpbPxw8e] Dec 02 20:17:49.883338 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:17:49.930093 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:17:50.068832 osdx dnscrypt-proxy[25290]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:17:50.068858 osdx dnscrypt-proxy[25290]: [RD] OK (DoH) - rtt: 115ms Dec 02 20:17:50.068872 osdx dnscrypt-proxy[25290]: Server with the lowest initial latency: RD (rtt: 115ms) Dec 02 20:17:50.068883 osdx dnscrypt-proxy[25290]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:17:50.152291 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-12-02 20:18:02 UTC, end at Mon 2024-12-02 20:18:09 UTC. -- Dec 02 20:18:02.009863 osdx systemd-timedated[26909]: Changed local time to Mon Dec 2 20:18:02 2024 Dec 02 20:18:02.018514 osdx OSDxCLI[727]: User 'admin' executed a new command: 'set date 2024-12-02 20:18:02'. Dec 02 20:18:02.662658 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 4.0M, max 16.0M, 11.9M free. Dec 02 20:18:02.699250 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:18:03.585398 osdx osdx-coredump[26942]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:18:03.595459 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:18:04.833875 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:05.000266 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:05.116113 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:05.286898 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:18:05.428922 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:05.479478 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:05.551701 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:05.779183 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:18:06.005251 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:06.127563 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:18:06.252425 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:18:06.384241 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:18:06.505455 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:18:06.619823 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:18:06.725050 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:18:06.821594 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:18:06.986522 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:07.138409 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:07.354764 osdx ca-certificates[27081]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:08.638892 osdx ca-certificates[28067]: 1 added, 0 removed; done. Dec 02 20:18:08.639148 osdx ca-certificates[28071]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:08.645984 osdx ca-certificates[28076]: done. Dec 02 20:18:08.765960 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:18:08.781353 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:08.787015 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:08.800651 osdx dnscrypt-proxy[28080]: dnscrypt-proxy 2.0.45 Dec 02 20:18:08.801178 osdx dnscrypt-proxy[28080]: Network connectivity detected Dec 02 20:18:08.801760 osdx dnscrypt-proxy[28080]: Dropping privileges Dec 02 20:18:08.820681 osdx dnscrypt-proxy[28080]: Network connectivity detected Dec 02 20:18:08.820741 osdx dnscrypt-proxy[28080]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:18:08.820751 osdx dnscrypt-proxy[28080]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:18:08.820786 osdx dnscrypt-proxy[28080]: Firefox workaround initialized Dec 02 20:18:08.820795 osdx dnscrypt-proxy[28080]: Loading the set of cloaking rules from [/tmp/tmpccVnPZ] Dec 02 20:18:08.822574 osdx dnscrypt-proxy[28080]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Dec 02 20:18:08.839427 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:09.068632 osdx dnscrypt-proxy[28080]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:18:09.068663 osdx dnscrypt-proxy[28080]: [RD] OK (DoH) - rtt: 171ms Dec 02 20:18:09.068678 osdx dnscrypt-proxy[28080]: Server with the lowest initial latency: RD (rtt: 171ms) Dec 02 20:18:09.068689 osdx dnscrypt-proxy[28080]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-12-02 20:18:21 UTC, end at Mon 2024-12-02 20:18:28 UTC. -- Dec 02 20:18:21.531316 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:18:21.566828 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:18:22.485753 osdx osdx-coredump[29705]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:18:22.513487 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:18:23.886641 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:24.085768 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:24.248742 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:24.441194 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:18:24.620615 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:24.674981 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:24.762194 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:25.007739 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:18:25.333472 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:25.523720 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:18:25.732949 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:18:25.919418 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:18:26.056889 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:18:26.185734 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:18:26.321119 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:18:26.444264 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:18:26.619151 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:26.815983 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:27.004655 osdx ca-certificates[29845]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:27.934796 osdx ca-certificates[30829]: 1 added, 0 removed; done. Dec 02 20:18:27.941730 osdx ca-certificates[30836]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:27.947738 osdx ca-certificates[30838]: done. Dec 02 20:18:28.026621 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:18:28.030384 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:28.035809 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:28.054714 osdx dnscrypt-proxy[30842]: dnscrypt-proxy 2.0.45 Dec 02 20:18:28.054787 osdx dnscrypt-proxy[30842]: Network connectivity detected Dec 02 20:18:28.055193 osdx dnscrypt-proxy[30842]: Dropping privileges Dec 02 20:18:28.058739 osdx dnscrypt-proxy[30842]: Network connectivity detected Dec 02 20:18:28.058802 osdx dnscrypt-proxy[30842]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:18:28.058818 osdx dnscrypt-proxy[30842]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:18:28.058859 osdx dnscrypt-proxy[30842]: Firefox workaround initialized Dec 02 20:18:28.058871 osdx dnscrypt-proxy[30842]: Loading the set of cloaking rules from [/tmp/tmpOzix_F] Dec 02 20:18:28.060013 osdx dnscrypt-proxy[30842]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Dec 02 20:18:28.080674 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:28.233975 osdx dnscrypt-proxy[30842]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:18:28.234006 osdx dnscrypt-proxy[30842]: [RD] OK (DoH) - rtt: 120ms Dec 02 20:18:28.234021 osdx dnscrypt-proxy[30842]: Server with the lowest initial latency: RD (rtt: 120ms) Dec 02 20:18:28.234031 osdx dnscrypt-proxy[30842]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-12-02 20:18:28 UTC, end at Mon 2024-12-02 20:18:35 UTC. -- Dec 02 20:18:28.512592 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:18:28.538300 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:18:29.030529 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:29.128981 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:18:29.275292 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:18:29.402413 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:18:29.403429 osdx dnscrypt-proxy[30842]: Stopped. Dec 02 20:18:29.404854 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:18:29.405245 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:18:29.549898 osdx ca-certificates[30915]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:18:30.120263 osdx ca-certificates[31473]: done. Dec 02 20:18:30.127500 osdx ca-certificates[31488]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:30.922841 osdx ca-certificates[32320]: 137 added, 0 removed; done. Dec 02 20:18:30.929586 osdx ca-certificates[32327]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:30.935966 osdx ca-certificates[32329]: done. Dec 02 20:18:30.986572 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:30.995452 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:31.031347 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:32.864260 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:33.024312 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:18:33.187825 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:18:33.390435 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:18:33.543613 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:18:33.691705 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:18:33.807656 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Dec 02 20:18:33.957476 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:18:34.101005 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:34.240916 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:34.433904 osdx ca-certificates[32370]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:35.218044 osdx ca-certificates[895]: 1 added, 0 removed; done. Dec 02 20:18:35.224757 osdx ca-certificates[905]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:35.230559 osdx ca-certificates[907]: done. Dec 02 20:18:35.257198 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:18:35.469274 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:18:35.472137 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:35.492775 osdx dnscrypt-proxy[973]: dnscrypt-proxy 2.0.45 Dec 02 20:18:35.492896 osdx dnscrypt-proxy[973]: Network connectivity detected Dec 02 20:18:35.493362 osdx dnscrypt-proxy[973]: Dropping privileges Dec 02 20:18:35.497376 osdx dnscrypt-proxy[973]: Network connectivity detected Dec 02 20:18:35.497437 osdx dnscrypt-proxy[973]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:18:35.497448 osdx dnscrypt-proxy[973]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:18:35.497474 osdx dnscrypt-proxy[973]: Firefox workaround initialized Dec 02 20:18:35.497480 osdx dnscrypt-proxy[973]: Loading the set of cloaking rules from [/tmp/tmpYouR54] Dec 02 20:18:35.498720 osdx dnscrypt-proxy[973]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Dec 02 20:18:35.524346 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:35.578771 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:35.654271 osdx dnscrypt-proxy[973]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:18:35.654305 osdx dnscrypt-proxy[973]: [RD] OK (DoH) - rtt: 112ms Dec 02 20:18:35.654325 osdx dnscrypt-proxy[973]: Server with the lowest initial latency: RD (rtt: 112ms) Dec 02 20:18:35.654337 osdx dnscrypt-proxy[973]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-12-02 20:18:35 UTC, end at Mon 2024-12-02 20:18:43 UTC. -- Dec 02 20:18:35.960275 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:18:35.977460 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:18:36.450754 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:36.599968 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:18:36.823950 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:18:37.018778 osdx dnscrypt-proxy[973]: Stopped. Dec 02 20:18:37.019186 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:18:37.020291 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:18:37.020621 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:18:37.170798 osdx ca-certificates[1069]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:18:37.692796 osdx ca-certificates[1644]: done. Dec 02 20:18:37.699939 osdx ca-certificates[1652]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:38.508513 osdx ca-certificates[2489]: 137 added, 0 removed; done. Dec 02 20:18:38.514366 osdx ca-certificates[2494]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:38.520102 osdx ca-certificates[2496]: done. Dec 02 20:18:38.579565 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:38.587073 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:38.617256 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:40.632200 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:40.754739 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:18:40.888918 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:18:41.049381 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:18:41.160563 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:18:41.289898 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:18:41.387746 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:18:41.497685 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Dec 02 20:18:41.615093 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:18:41.767237 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:41.878701 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:42.049811 osdx ca-certificates[2539]: Updating certificates in /etc/ssl/certs... Dec 02 20:18:42.818092 osdx ca-certificates[3522]: 1 added, 0 removed; done. Dec 02 20:18:42.824641 osdx ca-certificates[3529]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:18:42.831638 osdx ca-certificates[3531]: done. Dec 02 20:18:42.861192 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:18:43.098683 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:18:43.102044 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:43.120757 osdx dnscrypt-proxy[3595]: dnscrypt-proxy 2.0.45 Dec 02 20:18:43.120864 osdx dnscrypt-proxy[3595]: Network connectivity detected Dec 02 20:18:43.121363 osdx dnscrypt-proxy[3595]: Dropping privileges Dec 02 20:18:43.126713 osdx dnscrypt-proxy[3595]: Network connectivity detected Dec 02 20:18:43.126772 osdx dnscrypt-proxy[3595]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:18:43.126782 osdx dnscrypt-proxy[3595]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:18:43.126817 osdx dnscrypt-proxy[3595]: Firefox workaround initialized Dec 02 20:18:43.126828 osdx dnscrypt-proxy[3595]: Loading the set of cloaking rules from [/tmp/tmpfCFdGf] Dec 02 20:18:43.128340 osdx dnscrypt-proxy[3595]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Dec 02 20:18:43.148392 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:43.184534 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:43.294581 osdx dnscrypt-proxy[3595]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:18:43.294615 osdx dnscrypt-proxy[3595]: [RD] OK (DoH) - rtt: 103ms Dec 02 20:18:43.294630 osdx dnscrypt-proxy[3595]: Server with the lowest initial latency: RD (rtt: 103ms) Dec 02 20:18:43.294641 osdx dnscrypt-proxy[3595]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-12-02 20:18:54 UTC, end at Mon 2024-12-02 20:19:00 UTC. -- Dec 02 20:18:54.000607 osdx systemd-timedated[5202]: Changed local time to Mon Dec 2 20:18:54 2024 Dec 02 20:18:54.008327 osdx OSDxCLI[727]: User 'admin' executed a new command: 'set date 2024-12-02 20:18:54'. Dec 02 20:18:54.539048 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 4.0M, max 16.0M, 11.9M free. Dec 02 20:18:54.579215 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:18:55.309914 osdx osdx-coredump[5235]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 02 20:18:55.318980 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system coredump delete all'. Dec 02 20:18:56.465524 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:56.640964 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:56.805795 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:57.010315 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:18:57.154225 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:18:57.199518 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:18:57.267804 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:18:57.553438 osdx OSDxCLI[727]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 02 20:18:57.862366 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:18:58.002309 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:18:58.125904 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:18:58.291248 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:18:58.411646 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:18:58.553510 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:18:58.690591 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:18:58.818003 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Dec 02 20:18:58.959890 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:18:59.135450 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:18:59.246609 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:18:59.441910 osdx ca-certificates[5378]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:00.351056 osdx ca-certificates[6359]: 1 added, 0 removed; done. Dec 02 20:19:00.359995 osdx ca-certificates[6367]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:00.369942 osdx ca-certificates[6369]: done. Dec 02 20:19:00.458204 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:00.461482 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:00.502271 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:00.535060 osdx dnscrypt-proxy[6373]: dnscrypt-proxy 2.0.45 Dec 02 20:19:00.535164 osdx dnscrypt-proxy[6373]: Network connectivity detected Dec 02 20:19:00.535691 osdx dnscrypt-proxy[6373]: Dropping privileges Dec 02 20:19:00.545108 osdx dnscrypt-proxy[6373]: Network connectivity detected Dec 02 20:19:00.545178 osdx dnscrypt-proxy[6373]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:00.545190 osdx dnscrypt-proxy[6373]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:00.545230 osdx dnscrypt-proxy[6373]: Firefox workaround initialized Dec 02 20:19:00.545241 osdx dnscrypt-proxy[6373]: Loading the set of cloaking rules from [/tmp/tmpSY19om] Dec 02 20:19:00.553248 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:00.756233 osdx dnscrypt-proxy[6373]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Dec 02 20:19:00.756262 osdx dnscrypt-proxy[6373]: [RD] OK (DoH) - rtt: 153ms Dec 02 20:19:00.756276 osdx dnscrypt-proxy[6373]: Server with the lowest initial latency: RD (rtt: 153ms) Dec 02 20:19:00.756291 osdx dnscrypt-proxy[6373]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:00.823816 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-12-02 20:19:01 UTC, end at Mon 2024-12-02 20:19:10 UTC. -- Dec 02 20:19:01.296155 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 4.0M, max 16.0M, 11.9M free. Dec 02 20:19:01.333507 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:19:01.930497 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:02.110218 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:19:02.347311 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:19:02.552487 osdx dnscrypt-proxy[6373]: Stopped. Dec 02 20:19:02.552556 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:19:02.554922 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:19:02.555438 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:19:02.699909 osdx ca-certificates[6458]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:19:03.270452 osdx ca-certificates[7015]: done. Dec 02 20:19:03.279317 osdx ca-certificates[7024]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:04.508462 osdx ca-certificates[7858]: 137 added, 0 removed; done. Dec 02 20:19:04.513807 osdx ca-certificates[7865]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:04.520250 osdx ca-certificates[7867]: done. Dec 02 20:19:04.573003 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:04.586575 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:04.628680 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:06.717717 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:06.908795 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:19:07.045906 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:19:07.226221 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:19:07.340911 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:19:07.488080 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:19:07.642442 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:19:07.771968 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Dec 02 20:19:07.913098 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:19:08.088559 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:19:08.209104 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:19:08.418108 osdx ca-certificates[7910]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:09.427651 osdx ca-certificates[8893]: 1 added, 0 removed; done. Dec 02 20:19:09.434458 osdx ca-certificates[8900]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:09.441655 osdx ca-certificates[8902]: done. Dec 02 20:19:09.472070 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:19:09.706278 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:09.709424 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:09.743023 osdx dnscrypt-proxy[8966]: dnscrypt-proxy 2.0.45 Dec 02 20:19:09.743178 osdx dnscrypt-proxy[8966]: Network connectivity detected Dec 02 20:19:09.743831 osdx dnscrypt-proxy[8966]: Dropping privileges Dec 02 20:19:09.747555 osdx dnscrypt-proxy[8966]: Network connectivity detected Dec 02 20:19:09.747637 osdx dnscrypt-proxy[8966]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:09.747650 osdx dnscrypt-proxy[8966]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:09.747705 osdx dnscrypt-proxy[8966]: Firefox workaround initialized Dec 02 20:19:09.747716 osdx dnscrypt-proxy[8966]: Loading the set of cloaking rules from [/tmp/tmpaOx0Cz] Dec 02 20:19:09.773368 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:09.844553 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:09.920807 osdx dnscrypt-proxy[8966]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Dec 02 20:19:09.920844 osdx dnscrypt-proxy[8966]: [RD] OK (DoH) - rtt: 127ms Dec 02 20:19:09.920860 osdx dnscrypt-proxy[8966]: Server with the lowest initial latency: RD (rtt: 127ms) Dec 02 20:19:09.920870 osdx dnscrypt-proxy[8966]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:10.076824 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-12-02 20:19:10 UTC, end at Mon 2024-12-02 20:19:18 UTC. -- Dec 02 20:19:10.518519 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:19:10.560417 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:19:11.160517 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:11.293353 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:19:11.443056 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:19:11.581258 osdx dnscrypt-proxy[8966]: Stopped. Dec 02 20:19:11.581340 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:19:11.582582 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:19:11.583027 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:19:11.733413 osdx ca-certificates[9061]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:19:12.175036 osdx ca-certificates[9618]: done. Dec 02 20:19:12.191269 osdx ca-certificates[9631]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:13.068556 osdx ca-certificates[10461]: 137 added, 0 removed; done. Dec 02 20:19:13.076075 osdx ca-certificates[10468]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:13.085328 osdx ca-certificates[10470]: done. Dec 02 20:19:13.154419 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:13.164979 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:13.216153 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:15.317016 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:15.426891 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:19:15.617908 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:19:15.797655 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:19:15.898761 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:19:16.037436 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:19:16.174531 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Dec 02 20:19:16.292410 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Dec 02 20:19:16.403228 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:19:16.565327 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:19:16.734561 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:19:17.003860 osdx ca-certificates[10514]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:18.001694 osdx ca-certificates[11499]: 1 added, 0 removed; done. Dec 02 20:19:18.008046 osdx ca-certificates[11504]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:18.015057 osdx ca-certificates[11506]: done. Dec 02 20:19:18.054330 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:19:18.295190 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:18.299372 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:18.345653 osdx dnscrypt-proxy[11570]: dnscrypt-proxy 2.0.45 Dec 02 20:19:18.346175 osdx dnscrypt-proxy[11570]: Network connectivity detected Dec 02 20:19:18.346745 osdx dnscrypt-proxy[11570]: Dropping privileges Dec 02 20:19:18.352208 osdx dnscrypt-proxy[11570]: Network connectivity detected Dec 02 20:19:18.352275 osdx dnscrypt-proxy[11570]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:18.352340 osdx dnscrypt-proxy[11570]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:18.352423 osdx dnscrypt-proxy[11570]: Firefox workaround initialized Dec 02 20:19:18.352434 osdx dnscrypt-proxy[11570]: Loading the set of cloaking rules from [/tmp/tmpujkmqx] Dec 02 20:19:18.361450 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:18.413597 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:18.526341 osdx dnscrypt-proxy[11570]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:19:18.526424 osdx dnscrypt-proxy[11570]: [RD] OK (DoH) - rtt: 110ms Dec 02 20:19:18.526438 osdx dnscrypt-proxy[11570]: Server with the lowest initial latency: RD (rtt: 110ms) Dec 02 20:19:18.526447 osdx dnscrypt-proxy[11570]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:18.651189 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-12-02 20:19:19 UTC, end at Mon 2024-12-02 20:19:26 UTC. -- Dec 02 20:19:19.060217 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:19:19.121107 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:19:19.686943 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:19.884795 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:19:20.116079 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:19:20.299071 osdx dnscrypt-proxy[11570]: Stopped. Dec 02 20:19:20.299142 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:19:20.313125 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:19:20.313493 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:19:20.440730 osdx ca-certificates[11666]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:19:20.920932 osdx ca-certificates[12223]: done. Dec 02 20:19:20.930142 osdx ca-certificates[12232]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:21.648206 osdx ca-certificates[13068]: 137 added, 0 removed; done. Dec 02 20:19:21.654705 osdx ca-certificates[13075]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:21.661798 osdx ca-certificates[13077]: done. Dec 02 20:19:21.717177 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:21.722970 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:21.864972 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:23.702413 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:23.863632 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:19:24.021694 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:19:24.040831 osdx systemd[1]: systemd-timedated.service: Succeeded. Dec 02 20:19:24.185447 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:19:24.333193 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:19:24.455269 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:19:24.567753 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Dec 02 20:19:24.670205 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Dec 02 20:19:24.780032 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:19:24.928621 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:19:25.059963 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:19:25.230026 osdx ca-certificates[13121]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:26.229846 osdx ca-certificates[14106]: 1 added, 0 removed; done. Dec 02 20:19:26.235654 osdx ca-certificates[14109]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:26.241334 osdx ca-certificates[14114]: done. Dec 02 20:19:26.270315 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:19:26.487054 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:26.496187 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:26.547894 osdx dnscrypt-proxy[14178]: dnscrypt-proxy 2.0.45 Dec 02 20:19:26.547991 osdx dnscrypt-proxy[14178]: Network connectivity detected Dec 02 20:19:26.548399 osdx dnscrypt-proxy[14178]: Dropping privileges Dec 02 20:19:26.561035 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:26.578932 osdx dnscrypt-proxy[14178]: Network connectivity detected Dec 02 20:19:26.578989 osdx dnscrypt-proxy[14178]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:26.578998 osdx dnscrypt-proxy[14178]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:26.579038 osdx dnscrypt-proxy[14178]: Firefox workaround initialized Dec 02 20:19:26.579047 osdx dnscrypt-proxy[14178]: Loading the set of cloaking rules from [/tmp/tmprFwhHR] Dec 02 20:19:26.628364 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:26.792236 osdx dnscrypt-proxy[14178]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Dec 02 20:19:26.792265 osdx dnscrypt-proxy[14178]: [RD] OK (DoH) - rtt: 129ms Dec 02 20:19:26.792282 osdx dnscrypt-proxy[14178]: Server with the lowest initial latency: RD (rtt: 129ms) Dec 02 20:19:26.792293 osdx dnscrypt-proxy[14178]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:26.927769 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-12-02 20:19:27 UTC, end at Mon 2024-12-02 20:19:34 UTC. -- Dec 02 20:19:27.308635 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:19:27.344133 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:19:27.844634 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:27.966023 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:19:28.162805 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:19:28.289494 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:19:28.290276 osdx dnscrypt-proxy[14178]: Stopped. Dec 02 20:19:28.291441 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:19:28.291770 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:19:28.441500 osdx ca-certificates[14273]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:19:29.044702 osdx ca-certificates[14831]: done. Dec 02 20:19:29.052602 osdx ca-certificates[14838]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:29.881036 osdx ca-certificates[15675]: 137 added, 0 removed; done. Dec 02 20:19:29.886595 osdx ca-certificates[15681]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:29.892057 osdx ca-certificates[15683]: done. Dec 02 20:19:29.941634 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:29.946146 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:29.984732 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:31.791792 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:31.954327 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:19:32.185578 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:19:32.317217 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:19:32.454622 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:19:32.606445 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:19:32.716053 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Dec 02 20:19:32.848408 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Dec 02 20:19:32.964628 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:19:33.091990 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:19:33.188924 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:19:33.387240 osdx ca-certificates[15726]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:34.245991 osdx ca-certificates[16711]: 1 added, 0 removed; done. Dec 02 20:19:34.251544 osdx ca-certificates[16717]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:34.257129 osdx ca-certificates[16719]: done. Dec 02 20:19:34.282276 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:19:34.496971 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:34.499994 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:34.546134 osdx dnscrypt-proxy[16783]: dnscrypt-proxy 2.0.45 Dec 02 20:19:34.546230 osdx dnscrypt-proxy[16783]: Network connectivity detected Dec 02 20:19:34.546681 osdx dnscrypt-proxy[16783]: Dropping privileges Dec 02 20:19:34.551817 osdx dnscrypt-proxy[16783]: Network connectivity detected Dec 02 20:19:34.551869 osdx dnscrypt-proxy[16783]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:34.551878 osdx dnscrypt-proxy[16783]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:34.551923 osdx dnscrypt-proxy[16783]: Firefox workaround initialized Dec 02 20:19:34.551931 osdx dnscrypt-proxy[16783]: Loading the set of cloaking rules from [/tmp/tmpzv2Ks_] Dec 02 20:19:34.561842 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:34.621330 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:34.721166 osdx dnscrypt-proxy[16783]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Dec 02 20:19:34.721196 osdx dnscrypt-proxy[16783]: [RD] OK (DoH) - rtt: 108ms Dec 02 20:19:34.721212 osdx dnscrypt-proxy[16783]: Server with the lowest initial latency: RD (rtt: 108ms) Dec 02 20:19:34.721223 osdx dnscrypt-proxy[16783]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:34.853313 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-12-02 20:19:35 UTC, end at Mon 2024-12-02 20:19:42 UTC. -- Dec 02 20:19:35.246448 osdx systemd-journald[31677]: Runtime journal (/run/log/journal/1d07d1333cb24d498692b025d3740112) is 2.0M, max 16.0M, 14.0M free. Dec 02 20:19:35.286311 osdx OSDxCLI[727]: User 'admin' executed a new command: 'system journal clear'. Dec 02 20:19:35.742771 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:35.862802 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'delete'. Dec 02 20:19:36.029281 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Dec 02 20:19:36.200204 osdx systemd[1]: Stopping DNSCrypt client proxy... Dec 02 20:19:36.200701 osdx dnscrypt-proxy[16783]: Stopped. Dec 02 20:19:36.204863 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Dec 02 20:19:36.205268 osdx systemd[1]: Stopped DNSCrypt client proxy. Dec 02 20:19:36.371511 osdx ca-certificates[16879]: Clearing symlinks in /etc/ssl/certs... Dec 02 20:19:36.905469 osdx ca-certificates[17437]: done. Dec 02 20:19:36.913120 osdx ca-certificates[17444]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:37.633338 osdx ca-certificates[18281]: 137 added, 0 removed; done. Dec 02 20:19:37.639163 osdx ca-certificates[18288]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:37.645540 osdx ca-certificates[18290]: done. Dec 02 20:19:37.692952 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:37.697438 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:37.739941 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:39.575378 osdx OSDxCLI[727]: User 'admin' entered the configuration menu. Dec 02 20:19:39.719972 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Dec 02 20:19:39.834625 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Dec 02 20:19:40.026363 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Dec 02 20:19:40.150812 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Dec 02 20:19:40.269874 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Dec 02 20:19:40.382967 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Dec 02 20:19:40.503819 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Dec 02 20:19:40.638738 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Dec 02 20:19:40.828962 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Dec 02 20:19:40.934976 osdx OSDxCLI[727]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Dec 02 20:19:41.188251 osdx ca-certificates[18333]: Updating certificates in /etc/ssl/certs... Dec 02 20:19:42.125846 osdx ca-certificates[19317]: 1 added, 0 removed; done. Dec 02 20:19:42.132579 osdx ca-certificates[19324]: Running hooks in /etc/ca-certificates/update.d... Dec 02 20:19:42.139756 osdx ca-certificates[19326]: done. Dec 02 20:19:42.178309 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 02 20:19:42.408625 osdx systemd[1]: Started DNSCrypt client proxy. Dec 02 20:19:42.411496 osdx cfgd[1120]: [727]Completed change to active configuration Dec 02 20:19:42.446569 osdx dnscrypt-proxy[19390]: dnscrypt-proxy 2.0.45 Dec 02 20:19:42.446688 osdx dnscrypt-proxy[19390]: Network connectivity detected Dec 02 20:19:42.450939 osdx dnscrypt-proxy[19390]: Dropping privileges Dec 02 20:19:42.464781 osdx dnscrypt-proxy[19390]: Network connectivity detected Dec 02 20:19:42.464845 osdx dnscrypt-proxy[19390]: Now listening to 127.0.0.1:53 [UDP] Dec 02 20:19:42.464856 osdx dnscrypt-proxy[19390]: Now listening to 127.0.0.1:53 [TCP] Dec 02 20:19:42.464958 osdx dnscrypt-proxy[19390]: Firefox workaround initialized Dec 02 20:19:42.464970 osdx dnscrypt-proxy[19390]: Loading the set of cloaking rules from [/tmp/tmpPsm3J6] Dec 02 20:19:42.470890 osdx OSDxCLI[727]: User 'admin' committed the configuration. Dec 02 20:19:42.539567 osdx OSDxCLI[727]: User 'admin' left the configuration menu. Dec 02 20:19:42.654230 osdx dnscrypt-proxy[19390]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Dec 02 20:19:42.654269 osdx dnscrypt-proxy[19390]: [RD] OK (DoH) - rtt: 135ms Dec 02 20:19:42.654286 osdx dnscrypt-proxy[19390]: Server with the lowest initial latency: RD (rtt: 135ms) Dec 02 20:19:42.654295 osdx dnscrypt-proxy[19390]: dnscrypt-proxy is ready - live servers: 1 Dec 02 20:19:42.780067 osdx OSDxCLI[727]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.