Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-05-22 08:17:27 UTC, end at Wed 2024-05-22 08:17:31 UTC. -- May 22 08:17:27.370803 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:17:27.401825 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:17:27.923620 osdx osdx-coredump[3216]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:17:27.933323 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:17:28.779701 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:28.932974 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:29.014588 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:29.167795 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:17:29.267877 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:29.305963 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:29.332410 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:29.505216 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:17:29.695232 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:29.791794 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:17:29.852814 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:17:29.888171 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:17:30.009278 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:17:30.098488 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:17:30.216491 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:17:30.329908 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. May 22 08:17:30.429356 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:17:30.533060 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:30.620535 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:30.768508 osdx ca-certificates[3331]: Updating certificates in /etc/ssl/certs... May 22 08:17:31.432103 osdx ca-certificates[4314]: 1 added, 0 removed; done. May 22 08:17:31.436885 osdx ca-certificates[4321]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:31.441425 osdx ca-certificates[4323]: done. May 22 08:17:31.511967 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:17:31.514007 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:31.517552 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:31.533422 osdx dnscrypt-proxy[4327]: dnscrypt-proxy 2.0.45 May 22 08:17:31.533496 osdx dnscrypt-proxy[4327]: Network connectivity detected May 22 08:17:31.533806 osdx dnscrypt-proxy[4327]: Dropping privileges May 22 08:17:31.536672 osdx dnscrypt-proxy[4327]: Network connectivity detected May 22 08:17:31.536722 osdx dnscrypt-proxy[4327]: Now listening to 127.0.0.1:53 [UDP] May 22 08:17:31.536730 osdx dnscrypt-proxy[4327]: Now listening to 127.0.0.1:53 [TCP] May 22 08:17:31.536763 osdx dnscrypt-proxy[4327]: Firefox workaround initialized May 22 08:17:31.536771 osdx dnscrypt-proxy[4327]: Loading the set of cloaking rules from [/tmp/tmpGj5aNv] May 22 08:17:31.561240 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:31.678422 osdx dnscrypt-proxy[4327]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 May 22 08:17:31.678444 osdx dnscrypt-proxy[4327]: [RD] OK (DoH) - rtt: 110ms May 22 08:17:31.678454 osdx dnscrypt-proxy[4327]: Server with the lowest initial latency: RD (rtt: 110ms) May 22 08:17:31.678460 osdx dnscrypt-proxy[4327]: dnscrypt-proxy is ready - live servers: 1 May 22 08:17:31.725539 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-05-22 08:17:39 UTC, end at Wed 2024-05-22 08:17:43 UTC. -- May 22 08:17:39.362185 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:17:39.396025 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:17:39.933016 osdx osdx-coredump[5956]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:17:39.940935 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:17:40.741220 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:40.872641 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:40.958867 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:41.091009 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:17:41.185343 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:41.230828 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:41.256958 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:41.432851 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:17:41.616700 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:41.711699 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:17:41.810911 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:17:41.942107 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:17:42.021793 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:17:42.142564 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:17:42.230760 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. May 22 08:17:42.321639 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:17:42.427229 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:42.514244 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:42.646792 osdx ca-certificates[6071]: Updating certificates in /etc/ssl/certs... May 22 08:17:43.382867 osdx ca-certificates[7054]: 1 added, 0 removed; done. May 22 08:17:43.389584 osdx ca-certificates[7061]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:43.395730 osdx ca-certificates[7063]: done. May 22 08:17:43.476338 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:17:43.479082 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:43.483134 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:43.502163 osdx dnscrypt-proxy[7067]: dnscrypt-proxy 2.0.45 May 22 08:17:43.502272 osdx dnscrypt-proxy[7067]: Network connectivity detected May 22 08:17:43.502698 osdx dnscrypt-proxy[7067]: Dropping privileges May 22 08:17:43.505949 osdx dnscrypt-proxy[7067]: Network connectivity detected May 22 08:17:43.506280 osdx dnscrypt-proxy[7067]: Now listening to 127.0.0.1:53 [UDP] May 22 08:17:43.506399 osdx dnscrypt-proxy[7067]: Now listening to 127.0.0.1:53 [TCP] May 22 08:17:43.506493 osdx dnscrypt-proxy[7067]: Firefox workaround initialized May 22 08:17:43.506563 osdx dnscrypt-proxy[7067]: Loading the set of cloaking rules from [/tmp/tmp9wTgIz] May 22 08:17:43.516863 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:43.668050 osdx dnscrypt-proxy[7067]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 May 22 08:17:43.668101 osdx dnscrypt-proxy[7067]: [RD] OK (DoH) - rtt: 129ms May 22 08:17:43.668118 osdx dnscrypt-proxy[7067]: Server with the lowest initial latency: RD (rtt: 129ms) May 22 08:17:43.668129 osdx dnscrypt-proxy[7067]: dnscrypt-proxy is ready - live servers: 1 May 22 08:17:43.688125 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-05-22 08:17:43 UTC, end at Wed 2024-05-22 08:17:54 UTC. -- May 22 08:17:43.961740 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:17:43.993954 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:17:44.222761 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:17:44.364572 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:44.462135 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:17:44.593746 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:17:44.697816 osdx dnscrypt-proxy[7067]: Stopped. May 22 08:17:44.697928 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:17:44.698965 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:17:44.699404 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:17:44.816277 osdx ca-certificates[7146]: Clearing symlinks in /etc/ssl/certs... May 22 08:17:45.197138 osdx ca-certificates[7704]: done. May 22 08:17:45.202582 osdx ca-certificates[7714]: Updating certificates in /etc/ssl/certs... May 22 08:17:45.786284 osdx ca-certificates[8547]: 137 added, 0 removed; done. May 22 08:17:45.792126 osdx ca-certificates[8554]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:45.796808 osdx ca-certificates[8556]: done. May 22 08:17:45.836782 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:45.840411 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:45.865076 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:47.317788 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:47.412985 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:17:47.529102 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:17:47.637543 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:17:47.743119 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:17:47.888578 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:17:47.974080 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. May 22 08:17:48.061435 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:17:48.165704 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:48.245398 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:48.401087 osdx ca-certificates[8600]: Updating certificates in /etc/ssl/certs... May 22 08:17:49.045826 osdx ca-certificates[9584]: 1 added, 0 removed; done. May 22 08:17:49.050304 osdx ca-certificates[9590]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:49.054686 osdx ca-certificates[9592]: done. May 22 08:17:49.075016 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:17:49.220044 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:17:49.222281 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:49.239327 osdx dnscrypt-proxy[9629]: dnscrypt-proxy 2.0.45 May 22 08:17:49.239427 osdx dnscrypt-proxy[9629]: Network connectivity detected May 22 08:17:49.239815 osdx dnscrypt-proxy[9629]: Dropping privileges May 22 08:17:49.242669 osdx dnscrypt-proxy[9629]: Network connectivity detected May 22 08:17:49.242732 osdx dnscrypt-proxy[9629]: Now listening to 127.0.0.1:53 [UDP] May 22 08:17:49.242742 osdx dnscrypt-proxy[9629]: Now listening to 127.0.0.1:53 [TCP] May 22 08:17:49.242773 osdx dnscrypt-proxy[9629]: Firefox workaround initialized May 22 08:17:49.242780 osdx dnscrypt-proxy[9629]: Loading the set of cloaking rules from [/tmp/tmpqaCWiA] May 22 08:17:49.419136 osdx dnscrypt-proxy[9629]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 May 22 08:17:49.419182 osdx dnscrypt-proxy[9629]: [RD] OK (DoH) - rtt: 135ms May 22 08:17:49.419204 osdx dnscrypt-proxy[9629]: Server with the lowest initial latency: RD (rtt: 135ms) May 22 08:17:49.419211 osdx dnscrypt-proxy[9629]: dnscrypt-proxy is ready - live servers: 1 May 22 08:17:54.249597 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:17:54.249635 osdx zebra[1078]: [PHJDC-499N2][EC 100663314] STARVATION: task agentx_timeout (7f2a641bcc70) ran for 5007ms (cpu time 0ms) May 22 08:17:54.254966 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:54.296319 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:54.464431 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-05-22 08:17:54 UTC, end at Wed 2024-05-22 08:18:06 UTC. -- May 22 08:17:54.754163 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:17:54.779860 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:17:55.137527 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:55.229149 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:17:55.359882 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:17:55.461208 osdx dnscrypt-proxy[9629]: Stopped. May 22 08:17:55.461297 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:17:55.462429 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:17:55.462764 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:17:55.572078 osdx ca-certificates[9725]: Clearing symlinks in /etc/ssl/certs... May 22 08:17:55.942032 osdx ca-certificates[10283]: done. May 22 08:17:55.949931 osdx ca-certificates[10293]: Updating certificates in /etc/ssl/certs... May 22 08:17:56.491985 osdx ca-certificates[11127]: 137 added, 0 removed; done. May 22 08:17:56.496173 osdx ca-certificates[11133]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:56.502497 osdx ca-certificates[11135]: done. May 22 08:17:56.543763 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:56.547152 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:56.586928 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:17:57.904305 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:17:57.999884 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:17:58.088368 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:17:58.196442 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:17:58.274321 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:17:58.367184 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:17:58.449177 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. May 22 08:17:58.579712 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:17:58.688462 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:17:58.791833 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:17:58.954863 osdx ca-certificates[11179]: Updating certificates in /etc/ssl/certs... May 22 08:17:59.220009 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:17:59.634683 osdx ca-certificates[12162]: 1 added, 0 removed; done. May 22 08:17:59.638893 osdx ca-certificates[12169]: Running hooks in /etc/ca-certificates/update.d... May 22 08:17:59.643195 osdx ca-certificates[12171]: done. May 22 08:17:59.663032 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:17:59.809874 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:17:59.812560 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:17:59.828106 osdx dnscrypt-proxy[12208]: dnscrypt-proxy 2.0.45 May 22 08:17:59.828181 osdx dnscrypt-proxy[12208]: Network connectivity detected May 22 08:17:59.828536 osdx dnscrypt-proxy[12208]: Dropping privileges May 22 08:17:59.831178 osdx dnscrypt-proxy[12208]: Network connectivity detected May 22 08:17:59.831228 osdx dnscrypt-proxy[12208]: Now listening to 127.0.0.1:53 [UDP] May 22 08:17:59.831237 osdx dnscrypt-proxy[12208]: Now listening to 127.0.0.1:53 [TCP] May 22 08:17:59.831271 osdx dnscrypt-proxy[12208]: Firefox workaround initialized May 22 08:17:59.831278 osdx dnscrypt-proxy[12208]: Loading the set of cloaking rules from [/tmp/tmprnv8TP] May 22 08:17:59.855315 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:17:59.897005 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:00.377591 osdx dnscrypt-proxy[12208]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 May 22 08:18:00.377621 osdx dnscrypt-proxy[12208]: [RD] OK (DoH) - rtt: 509ms May 22 08:18:00.377636 osdx dnscrypt-proxy[12208]: Server with the lowest initial latency: RD (rtt: 509ms) May 22 08:18:00.377646 osdx dnscrypt-proxy[12208]: dnscrypt-proxy is ready - live servers: 1 May 22 08:18:04.244723 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:18:06.076615 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-05-22 08:18:15 UTC, end at Wed 2024-05-22 08:18:19 UTC. -- May 22 08:18:15.453833 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:18:15.488540 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:18:16.110398 osdx osdx-coredump[13861]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:18:16.121210 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:18:17.062003 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:17.196519 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:17.296359 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:17.429640 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:18:17.520265 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:17.564774 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:17.600940 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:17.795518 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:18:17.978280 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:18.081302 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:18:18.195889 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:18:18.322275 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:18:18.438747 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:18:18.533934 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:18:18.617170 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:18:18.731783 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:18:18.838396 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:18.918365 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:19.048134 osdx ca-certificates[13976]: Updating certificates in /etc/ssl/certs... May 22 08:18:19.436834 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:18:19.741640 osdx ca-certificates[14961]: 1 added, 0 removed; done. May 22 08:18:19.746382 osdx ca-certificates[14967]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:19.750940 osdx ca-certificates[14969]: done. May 22 08:18:19.824657 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:18:19.826787 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:19.830750 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:19.847043 osdx dnscrypt-proxy[14973]: dnscrypt-proxy 2.0.45 May 22 08:18:19.847111 osdx dnscrypt-proxy[14973]: Network connectivity detected May 22 08:18:19.847428 osdx dnscrypt-proxy[14973]: Dropping privileges May 22 08:18:19.850183 osdx dnscrypt-proxy[14973]: Network connectivity detected May 22 08:18:19.850250 osdx dnscrypt-proxy[14973]: Now listening to 127.0.0.1:53 [UDP] May 22 08:18:19.850258 osdx dnscrypt-proxy[14973]: Now listening to 127.0.0.1:53 [TCP] May 22 08:18:19.850288 osdx dnscrypt-proxy[14973]: Firefox workaround initialized May 22 08:18:19.850295 osdx dnscrypt-proxy[14973]: Loading the set of cloaking rules from [/tmp/tmp2glWqQ] May 22 08:18:19.851418 osdx dnscrypt-proxy[14973]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file May 22 08:18:19.897880 osdx OSDxCLI[18676]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-05-22 08:18:28 UTC, end at Wed 2024-05-22 08:18:32 UTC. -- May 22 08:18:28.366637 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:18:28.396299 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:18:28.931488 osdx osdx-coredump[16595]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:18:28.939250 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:18:29.303899 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:18:29.784329 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:29.894967 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:30.005414 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:30.134707 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:18:30.223450 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:30.269008 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:30.295311 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:30.472424 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:18:30.674088 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:30.776614 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:18:30.894242 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:18:31.011849 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:18:31.107441 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:18:31.202316 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:18:31.316036 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:18:31.430955 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:18:31.538267 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:31.621158 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:31.782705 osdx ca-certificates[16712]: Updating certificates in /etc/ssl/certs... May 22 08:18:32.469300 osdx ca-certificates[17696]: 1 added, 0 removed; done. May 22 08:18:32.473399 osdx ca-certificates[17702]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:32.477533 osdx ca-certificates[17704]: done. May 22 08:18:32.540190 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:18:32.542655 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:32.546174 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:32.560776 osdx dnscrypt-proxy[17708]: dnscrypt-proxy 2.0.45 May 22 08:18:32.560867 osdx dnscrypt-proxy[17708]: Network connectivity detected May 22 08:18:32.561305 osdx dnscrypt-proxy[17708]: Dropping privileges May 22 08:18:32.564492 osdx dnscrypt-proxy[17708]: Network connectivity detected May 22 08:18:32.564547 osdx dnscrypt-proxy[17708]: Now listening to 127.0.0.1:53 [UDP] May 22 08:18:32.564557 osdx dnscrypt-proxy[17708]: Now listening to 127.0.0.1:53 [TCP] May 22 08:18:32.564590 osdx dnscrypt-proxy[17708]: Firefox workaround initialized May 22 08:18:32.564600 osdx dnscrypt-proxy[17708]: Loading the set of cloaking rules from [/tmp/tmpEaYIhL] May 22 08:18:32.565604 osdx dnscrypt-proxy[17708]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file May 22 08:18:32.593447 osdx OSDxCLI[18676]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-05-22 08:18:32 UTC, end at Wed 2024-05-22 08:18:38 UTC. -- May 22 08:18:32.931883 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:18:32.965732 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:18:33.350054 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:33.440181 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:18:33.552518 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:18:33.669242 osdx dnscrypt-proxy[17708]: Stopped. May 22 08:18:33.669349 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:18:33.670408 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:18:33.670838 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:18:33.784383 osdx ca-certificates[17781]: Clearing symlinks in /etc/ssl/certs... May 22 08:18:34.161131 osdx ca-certificates[18338]: done. May 22 08:18:34.166418 osdx ca-certificates[18348]: Updating certificates in /etc/ssl/certs... May 22 08:18:34.326043 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:18:34.761104 osdx ca-certificates[19185]: 137 added, 0 removed; done. May 22 08:18:34.765636 osdx ca-certificates[19192]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:34.770496 osdx ca-certificates[19194]: done. May 22 08:18:34.817827 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:34.821294 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:34.853172 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:36.259475 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:36.356031 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:18:36.445762 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:18:36.553518 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:18:36.630258 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:18:36.723140 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:18:36.810750 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. May 22 08:18:36.901168 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:18:37.024018 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:37.111243 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:37.268772 osdx ca-certificates[19238]: Updating certificates in /etc/ssl/certs... May 22 08:18:37.931627 osdx ca-certificates[20225]: 1 added, 0 removed; done. May 22 08:18:37.935838 osdx ca-certificates[20231]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:37.940114 osdx ca-certificates[20233]: done. May 22 08:18:37.958737 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:18:38.105159 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:18:38.108033 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:38.133188 osdx dnscrypt-proxy[20270]: dnscrypt-proxy 2.0.45 May 22 08:18:38.133266 osdx dnscrypt-proxy[20270]: Network connectivity detected May 22 08:18:38.133590 osdx dnscrypt-proxy[20270]: Dropping privileges May 22 08:18:38.136490 osdx dnscrypt-proxy[20270]: Network connectivity detected May 22 08:18:38.136568 osdx dnscrypt-proxy[20270]: Now listening to 127.0.0.1:53 [UDP] May 22 08:18:38.136577 osdx dnscrypt-proxy[20270]: Now listening to 127.0.0.1:53 [TCP] May 22 08:18:38.136625 osdx dnscrypt-proxy[20270]: Firefox workaround initialized May 22 08:18:38.136634 osdx dnscrypt-proxy[20270]: Loading the set of cloaking rules from [/tmp/tmpGAdYzf] May 22 08:18:38.137866 osdx dnscrypt-proxy[20270]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file May 22 08:18:38.159831 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:38.195457 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:38.301979 osdx dnscrypt-proxy[20270]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 May 22 08:18:38.302025 osdx dnscrypt-proxy[20270]: [RD] OK (DoH) - rtt: 126ms May 22 08:18:38.302038 osdx dnscrypt-proxy[20270]: Server with the lowest initial latency: RD (rtt: 126ms) May 22 08:18:38.302047 osdx dnscrypt-proxy[20270]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-05-22 08:18:38 UTC, end at Wed 2024-05-22 08:18:44 UTC. -- May 22 08:18:38.536118 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:18:38.556261 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:18:38.941003 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:39.031851 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:18:39.163129 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:18:39.257137 osdx dnscrypt-proxy[20270]: Stopped. May 22 08:18:39.257264 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:18:39.258225 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:18:39.258588 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:18:39.375576 osdx ca-certificates[20358]: Clearing symlinks in /etc/ssl/certs... May 22 08:18:39.772211 osdx ca-certificates[20915]: done. May 22 08:18:39.778558 osdx ca-certificates[20925]: Updating certificates in /etc/ssl/certs... May 22 08:18:40.400574 osdx ca-certificates[21762]: 137 added, 0 removed; done. May 22 08:18:40.404962 osdx ca-certificates[21769]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:40.409202 osdx ca-certificates[21771]: done. May 22 08:18:40.451714 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:40.455475 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:40.495990 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:41.987048 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:42.082474 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:18:42.176729 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:18:42.293733 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:18:42.377050 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:18:42.482728 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:18:42.595358 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:18:42.714210 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. May 22 08:18:42.814698 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:18:42.963412 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:43.054646 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:43.217576 osdx ca-certificates[21815]: Updating certificates in /etc/ssl/certs... May 22 08:18:43.908547 osdx ca-certificates[22800]: 1 added, 0 removed; done. May 22 08:18:43.912990 osdx ca-certificates[22807]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:43.917366 osdx ca-certificates[22809]: done. May 22 08:18:43.938698 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:18:44.101142 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:18:44.103451 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:44.129720 osdx dnscrypt-proxy[22846]: dnscrypt-proxy 2.0.45 May 22 08:18:44.129801 osdx dnscrypt-proxy[22846]: Network connectivity detected May 22 08:18:44.130208 osdx dnscrypt-proxy[22846]: Dropping privileges May 22 08:18:44.132838 osdx dnscrypt-proxy[22846]: Network connectivity detected May 22 08:18:44.132881 osdx dnscrypt-proxy[22846]: Now listening to 127.0.0.1:53 [UDP] May 22 08:18:44.132887 osdx dnscrypt-proxy[22846]: Now listening to 127.0.0.1:53 [TCP] May 22 08:18:44.132911 osdx dnscrypt-proxy[22846]: Firefox workaround initialized May 22 08:18:44.132917 osdx dnscrypt-proxy[22846]: Loading the set of cloaking rules from [/tmp/tmpWC7aZB] May 22 08:18:44.134148 osdx dnscrypt-proxy[22846]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file May 22 08:18:44.154058 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:44.183353 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:44.303629 osdx dnscrypt-proxy[22846]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 May 22 08:18:44.303651 osdx dnscrypt-proxy[22846]: [RD] OK (DoH) - rtt: 128ms May 22 08:18:44.303662 osdx dnscrypt-proxy[22846]: Server with the lowest initial latency: RD (rtt: 128ms) May 22 08:18:44.303669 osdx dnscrypt-proxy[22846]: dnscrypt-proxy is ready - live servers: 1 May 22 08:18:44.306259 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-05-22 08:18:53 UTC, end at Wed 2024-05-22 08:19:04 UTC. -- May 22 08:18:53.430569 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:18:53.460026 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:18:54.122542 osdx osdx-coredump[24482]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... May 22 08:18:54.130686 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system coredump delete all'. May 22 08:18:55.122719 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:55.260328 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:55.350165 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:55.511131 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:18:55.597329 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:55.638237 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:55.700531 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:55.899488 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 22 08:18:56.103789 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:18:56.210199 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:18:56.331458 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:18:56.442204 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:18:56.526044 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:18:56.649446 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:18:56.741480 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:18:56.842211 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. May 22 08:18:56.999793 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:18:57.098477 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:18:57.227305 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:18:57.366181 osdx ca-certificates[24597]: Updating certificates in /etc/ssl/certs... May 22 08:18:58.064568 osdx ca-certificates[25582]: 1 added, 0 removed; done. May 22 08:18:58.068966 osdx ca-certificates[25589]: Running hooks in /etc/ca-certificates/update.d... May 22 08:18:58.073534 osdx ca-certificates[25591]: done. May 22 08:18:58.148422 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:18:58.150978 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:18:58.155136 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:18:58.169934 osdx dnscrypt-proxy[25595]: dnscrypt-proxy 2.0.45 May 22 08:18:58.170027 osdx dnscrypt-proxy[25595]: Network connectivity detected May 22 08:18:58.170468 osdx dnscrypt-proxy[25595]: Dropping privileges May 22 08:18:58.173268 osdx dnscrypt-proxy[25595]: Network connectivity detected May 22 08:18:58.173348 osdx dnscrypt-proxy[25595]: Now listening to 127.0.0.1:53 [UDP] May 22 08:18:58.173360 osdx dnscrypt-proxy[25595]: Now listening to 127.0.0.1:53 [TCP] May 22 08:18:58.173402 osdx dnscrypt-proxy[25595]: Firefox workaround initialized May 22 08:18:58.173413 osdx dnscrypt-proxy[25595]: Loading the set of cloaking rules from [/tmp/tmpUJezXz] May 22 08:18:58.200151 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:18:59.215323 osdx dnscrypt-proxy[25595]: [RD] may be a lying resolver May 22 08:18:59.215336 osdx dnscrypt-proxy[25595]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 May 22 08:18:59.215350 osdx dnscrypt-proxy[25595]: [RD] OK (DoH) - rtt: 1005ms May 22 08:18:59.215360 osdx dnscrypt-proxy[25595]: Server with the lowest initial latency: RD (rtt: 1005ms) May 22 08:18:59.215366 osdx dnscrypt-proxy[25595]: dnscrypt-proxy is ready - live servers: 1 May 22 08:18:59.495523 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:19:04.375036 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-05-22 08:19:04 UTC, end at Wed 2024-05-22 08:19:16 UTC. -- May 22 08:19:04.642753 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:19:04.671253 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:19:05.021903 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:05.113094 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:19:05.262208 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:19:05.355587 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:19:05.355693 osdx dnscrypt-proxy[25595]: Stopped. May 22 08:19:05.356767 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:19:05.357200 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:19:05.483842 osdx ca-certificates[25679]: Clearing symlinks in /etc/ssl/certs... May 22 08:19:05.873068 osdx ca-certificates[26237]: done. May 22 08:19:05.878938 osdx ca-certificates[26246]: Updating certificates in /etc/ssl/certs... May 22 08:19:06.461600 osdx ca-certificates[27080]: 137 added, 0 removed; done. May 22 08:19:06.467656 osdx ca-certificates[27086]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:06.472554 osdx ca-certificates[27088]: done. May 22 08:19:06.528859 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:06.532732 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:06.566331 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:08.215617 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:08.365526 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:19:08.523095 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:19:08.653331 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:19:08.735766 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:19:08.836310 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:19:08.931420 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:19:09.055552 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. May 22 08:19:09.164823 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:19:09.301272 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:19:09.379018 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:19:09.518907 osdx ca-certificates[27133]: Updating certificates in /etc/ssl/certs... May 22 08:19:10.199823 osdx ca-certificates[28117]: 1 added, 0 removed; done. May 22 08:19:10.204349 osdx ca-certificates[28123]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:10.208527 osdx ca-certificates[28125]: done. May 22 08:19:10.227147 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:19:10.373916 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:19:10.375829 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:10.394537 osdx dnscrypt-proxy[28162]: dnscrypt-proxy 2.0.45 May 22 08:19:10.394629 osdx dnscrypt-proxy[28162]: Network connectivity detected May 22 08:19:10.395043 osdx dnscrypt-proxy[28162]: Dropping privileges May 22 08:19:10.397836 osdx dnscrypt-proxy[28162]: Network connectivity detected May 22 08:19:10.397878 osdx dnscrypt-proxy[28162]: Now listening to 127.0.0.1:53 [UDP] May 22 08:19:10.397885 osdx dnscrypt-proxy[28162]: Now listening to 127.0.0.1:53 [TCP] May 22 08:19:10.397908 osdx dnscrypt-proxy[28162]: Firefox workaround initialized May 22 08:19:10.397915 osdx dnscrypt-proxy[28162]: Loading the set of cloaking rules from [/tmp/tmpW0bqdF] May 22 08:19:10.420961 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:10.452328 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:11.442798 osdx dnscrypt-proxy[28162]: [RD] may be a lying resolver May 22 08:19:11.442814 osdx dnscrypt-proxy[28162]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 May 22 08:19:11.442844 osdx dnscrypt-proxy[28162]: [RD] OK (DoH) - rtt: 1004ms May 22 08:19:11.442858 osdx dnscrypt-proxy[28162]: Server with the lowest initial latency: RD (rtt: 1004ms) May 22 08:19:11.442868 osdx dnscrypt-proxy[28162]: dnscrypt-proxy is ready - live servers: 1 May 22 08:19:14.495614 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:19:16.629215 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-05-22 08:19:16 UTC, end at Wed 2024-05-22 08:19:22 UTC. -- May 22 08:19:16.928823 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:19:16.959913 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:19:17.316386 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:17.432311 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:19:17.544981 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:19:17.632598 osdx dnscrypt-proxy[28162]: Stopped. May 22 08:19:17.632725 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:19:17.634179 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:19:17.634603 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:19:17.758826 osdx ca-certificates[28258]: Clearing symlinks in /etc/ssl/certs... May 22 08:19:18.151461 osdx ca-certificates[28815]: done. May 22 08:19:18.155983 osdx ca-certificates[28823]: Updating certificates in /etc/ssl/certs... May 22 08:19:18.699659 osdx ca-certificates[29659]: 137 added, 0 removed; done. May 22 08:19:18.704286 osdx ca-certificates[29665]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:18.708875 osdx ca-certificates[29667]: done. May 22 08:19:18.749261 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:18.752710 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:18.786267 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:19.514737 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:19:20.136860 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:20.257675 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:19:20.352250 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:19:20.485966 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:19:20.562741 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:19:20.688825 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:19:20.782764 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. May 22 08:19:20.875694 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. May 22 08:19:20.965876 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:19:21.077937 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:19:21.162902 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:19:21.321281 osdx ca-certificates[29712]: Updating certificates in /etc/ssl/certs... May 22 08:19:21.980796 osdx ca-certificates[30696]: 1 added, 0 removed; done. May 22 08:19:21.985092 osdx ca-certificates[30702]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:21.989573 osdx ca-certificates[30704]: done. May 22 08:19:22.007129 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:19:22.159228 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:19:22.161607 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:22.186403 osdx dnscrypt-proxy[30741]: dnscrypt-proxy 2.0.45 May 22 08:19:22.186472 osdx dnscrypt-proxy[30741]: Network connectivity detected May 22 08:19:22.186811 osdx dnscrypt-proxy[30741]: Dropping privileges May 22 08:19:22.189926 osdx dnscrypt-proxy[30741]: Network connectivity detected May 22 08:19:22.189965 osdx dnscrypt-proxy[30741]: Now listening to 127.0.0.1:53 [UDP] May 22 08:19:22.189971 osdx dnscrypt-proxy[30741]: Now listening to 127.0.0.1:53 [TCP] May 22 08:19:22.189995 osdx dnscrypt-proxy[30741]: Firefox workaround initialized May 22 08:19:22.190001 osdx dnscrypt-proxy[30741]: Loading the set of cloaking rules from [/tmp/tmpUCFsyM] May 22 08:19:22.217703 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:22.250130 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:22.354184 osdx dnscrypt-proxy[30741]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 May 22 08:19:22.354235 osdx dnscrypt-proxy[30741]: [RD] OK (DoH) - rtt: 114ms May 22 08:19:22.354248 osdx dnscrypt-proxy[30741]: Server with the lowest initial latency: RD (rtt: 114ms) May 22 08:19:22.354257 osdx dnscrypt-proxy[30741]: dnscrypt-proxy is ready - live servers: 1 May 22 08:19:22.420587 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-05-22 08:19:22 UTC, end at Wed 2024-05-22 08:19:28 UTC. -- May 22 08:19:22.702459 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:19:22.715489 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:19:23.031610 osdx systemd[1]: systemd-timedated.service: Succeeded. May 22 08:19:23.088057 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:23.177952 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:19:23.287677 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:19:23.380786 osdx dnscrypt-proxy[30741]: Stopped. May 22 08:19:23.380906 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:19:23.381990 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:19:23.382432 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:19:23.494739 osdx ca-certificates[30838]: Clearing symlinks in /etc/ssl/certs... May 22 08:19:23.875172 osdx ca-certificates[31395]: done. May 22 08:19:23.880126 osdx ca-certificates[31403]: Updating certificates in /etc/ssl/certs... May 22 08:19:24.441262 osdx ca-certificates[32240]: 137 added, 0 removed; done. May 22 08:19:24.445554 osdx ca-certificates[32246]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:24.449769 osdx ca-certificates[32248]: done. May 22 08:19:24.498949 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:24.502419 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:24.531749 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:25.841835 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:25.939454 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:19:26.080293 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:19:26.188619 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:19:26.280445 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:19:26.399659 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:19:26.483694 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. May 22 08:19:26.604599 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. May 22 08:19:26.691867 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:19:26.799689 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:19:26.922333 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:19:27.055030 osdx ca-certificates[32293]: Updating certificates in /etc/ssl/certs... May 22 08:19:27.762427 osdx ca-certificates[815]: 1 added, 0 removed; done. May 22 08:19:27.766691 osdx ca-certificates[822]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:27.771406 osdx ca-certificates[824]: done. May 22 08:19:27.791148 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:19:27.939652 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:19:27.942215 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:27.968227 osdx dnscrypt-proxy[862]: dnscrypt-proxy 2.0.45 May 22 08:19:27.968323 osdx dnscrypt-proxy[862]: Network connectivity detected May 22 08:19:27.968748 osdx dnscrypt-proxy[862]: Dropping privileges May 22 08:19:27.972156 osdx dnscrypt-proxy[862]: Network connectivity detected May 22 08:19:27.972492 osdx dnscrypt-proxy[862]: Now listening to 127.0.0.1:53 [UDP] May 22 08:19:27.972577 osdx dnscrypt-proxy[862]: Now listening to 127.0.0.1:53 [TCP] May 22 08:19:27.972672 osdx dnscrypt-proxy[862]: Firefox workaround initialized May 22 08:19:27.972747 osdx dnscrypt-proxy[862]: Loading the set of cloaking rules from [/tmp/tmpeaPgrs] May 22 08:19:27.984634 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:28.027322 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:28.138442 osdx dnscrypt-proxy[862]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 May 22 08:19:28.138471 osdx dnscrypt-proxy[862]: [RD] OK (DoH) - rtt: 129ms May 22 08:19:28.138485 osdx dnscrypt-proxy[862]: Server with the lowest initial latency: RD (rtt: 129ms) May 22 08:19:28.138494 osdx dnscrypt-proxy[862]: dnscrypt-proxy is ready - live servers: 1 May 22 08:19:28.191898 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-05-22 08:19:28 UTC, end at Wed 2024-05-22 08:19:33 UTC. -- May 22 08:19:28.468695 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:19:28.498337 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:19:28.862885 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:28.952783 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:19:29.060817 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:19:29.188793 osdx dnscrypt-proxy[862]: Stopped. May 22 08:19:29.188900 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:19:29.190031 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:19:29.190377 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:19:29.311214 osdx ca-certificates[961]: Clearing symlinks in /etc/ssl/certs... May 22 08:19:29.492648 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:19:29.700554 osdx ca-certificates[1544]: done. May 22 08:19:29.706105 osdx ca-certificates[1553]: Updating certificates in /etc/ssl/certs... May 22 08:19:30.270884 osdx ca-certificates[2389]: 137 added, 0 removed; done. May 22 08:19:30.275093 osdx ca-certificates[2395]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:30.279373 osdx ca-certificates[2397]: done. May 22 08:19:30.328032 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:30.331331 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:30.357716 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:31.777483 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:31.877005 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:19:31.969975 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:19:32.078057 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:19:32.154186 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:19:32.274648 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:19:32.362275 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. May 22 08:19:32.453121 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. May 22 08:19:32.543773 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:19:32.646945 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:19:32.728817 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:19:32.884113 osdx ca-certificates[2442]: Updating certificates in /etc/ssl/certs... May 22 08:19:33.557464 osdx ca-certificates[3427]: 1 added, 0 removed; done. May 22 08:19:33.561938 osdx ca-certificates[3433]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:33.566299 osdx ca-certificates[3435]: done. May 22 08:19:33.587130 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:19:33.734292 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:19:33.736208 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:33.756194 osdx dnscrypt-proxy[3473]: dnscrypt-proxy 2.0.45 May 22 08:19:33.756271 osdx dnscrypt-proxy[3473]: Network connectivity detected May 22 08:19:33.756614 osdx dnscrypt-proxy[3473]: Dropping privileges May 22 08:19:33.759132 osdx dnscrypt-proxy[3473]: Network connectivity detected May 22 08:19:33.759186 osdx dnscrypt-proxy[3473]: Now listening to 127.0.0.1:53 [UDP] May 22 08:19:33.759192 osdx dnscrypt-proxy[3473]: Now listening to 127.0.0.1:53 [TCP] May 22 08:19:33.759221 osdx dnscrypt-proxy[3473]: Firefox workaround initialized May 22 08:19:33.759228 osdx dnscrypt-proxy[3473]: Loading the set of cloaking rules from [/tmp/tmpi7exYr] May 22 08:19:33.775836 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:33.817783 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:33.942854 osdx dnscrypt-proxy[3473]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 May 22 08:19:33.942875 osdx dnscrypt-proxy[3473]: [RD] OK (DoH) - rtt: 149ms May 22 08:19:33.942885 osdx dnscrypt-proxy[3473]: Server with the lowest initial latency: RD (rtt: 149ms) May 22 08:19:33.942892 osdx dnscrypt-proxy[3473]: dnscrypt-proxy is ready - live servers: 1 May 22 08:19:33.986359 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-05-22 08:19:34 UTC, end at Wed 2024-05-22 08:19:39 UTC. -- May 22 08:19:34.224028 osdx systemd-journald[1514]: Runtime journal (/run/log/journal/99893f06e2ec475e9e852fdd13370208) is 2.0M, max 16.0M, 14.0M free. May 22 08:19:34.261025 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'system journal clear'. May 22 08:19:34.517736 osdx zebra[1078]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): May 22 08:19:34.616543 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:34.709325 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'delete'. May 22 08:19:34.850841 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. May 22 08:19:34.959698 osdx dnscrypt-proxy[3473]: Stopped. May 22 08:19:34.959723 osdx systemd[1]: Stopping DNSCrypt client proxy... May 22 08:19:34.961104 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. May 22 08:19:34.961593 osdx systemd[1]: Stopped DNSCrypt client proxy. May 22 08:19:35.083789 osdx ca-certificates[3568]: Clearing symlinks in /etc/ssl/certs... May 22 08:19:35.472651 osdx ca-certificates[4125]: done. May 22 08:19:35.477075 osdx ca-certificates[4134]: Updating certificates in /etc/ssl/certs... May 22 08:19:36.048396 osdx ca-certificates[4970]: 137 added, 0 removed; done. May 22 08:19:36.052919 osdx ca-certificates[4976]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:36.057818 osdx ca-certificates[4978]: done. May 22 08:19:36.097217 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:36.100800 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:36.131963 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:37.474984 osdx OSDxCLI[18676]: User 'admin' entered the configuration menu. May 22 08:19:37.583664 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. May 22 08:19:37.712737 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. May 22 08:19:37.827551 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. May 22 08:19:37.933224 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. May 22 08:19:38.051349 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. May 22 08:19:38.140629 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. May 22 08:19:38.232923 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. May 22 08:19:38.322713 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. May 22 08:19:38.433360 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 22 08:19:38.510059 osdx OSDxCLI[18676]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. May 22 08:19:38.671526 osdx ca-certificates[5022]: Updating certificates in /etc/ssl/certs... May 22 08:19:39.350943 osdx ca-certificates[6006]: 1 added, 0 removed; done. May 22 08:19:39.355654 osdx ca-certificates[6013]: Running hooks in /etc/ca-certificates/update.d... May 22 08:19:39.360114 osdx ca-certificates[6015]: done. May 22 08:19:39.379183 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 22 08:19:39.526829 osdx systemd[1]: Started DNSCrypt client proxy. May 22 08:19:39.528536 osdx cfgd[1125]: [18676]Completed change to active configuration May 22 08:19:39.550439 osdx dnscrypt-proxy[6052]: dnscrypt-proxy 2.0.45 May 22 08:19:39.550518 osdx dnscrypt-proxy[6052]: Network connectivity detected May 22 08:19:39.550841 osdx dnscrypt-proxy[6052]: Dropping privileges May 22 08:19:39.554074 osdx dnscrypt-proxy[6052]: Network connectivity detected May 22 08:19:39.554126 osdx dnscrypt-proxy[6052]: Now listening to 127.0.0.1:53 [UDP] May 22 08:19:39.554134 osdx dnscrypt-proxy[6052]: Now listening to 127.0.0.1:53 [TCP] May 22 08:19:39.554173 osdx dnscrypt-proxy[6052]: Firefox workaround initialized May 22 08:19:39.554181 osdx dnscrypt-proxy[6052]: Loading the set of cloaking rules from [/tmp/tmp1SV72J] May 22 08:19:39.569916 osdx OSDxCLI[18676]: User 'admin' committed the configuration. May 22 08:19:39.602422 osdx OSDxCLI[18676]: User 'admin' left the configuration menu. May 22 08:19:39.708554 osdx dnscrypt-proxy[6052]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 May 22 08:19:39.708588 osdx dnscrypt-proxy[6052]: [RD] OK (DoH) - rtt: 114ms May 22 08:19:39.708607 osdx dnscrypt-proxy[6052]: Server with the lowest initial latency: RD (rtt: 114ms) May 22 08:19:39.708621 osdx dnscrypt-proxy[6052]: dnscrypt-proxy is ready - live servers: 1 May 22 08:19:39.783203 osdx OSDxCLI[18676]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.