Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-06-12 21:53:17 UTC, end at Wed 2024-06-12 21:53:22 UTC. -- Jun 12 21:53:17.422821 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:53:17.442765 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:53:18.183462 osdx osdx-coredump[11578]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 21:53:18.195604 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 21:53:19.228999 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:19.373803 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:19.457732 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:19.584508 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:53:19.677944 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:19.718759 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:19.747413 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:19.935650 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 21:53:20.124313 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:20.226185 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:53:20.345352 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:53:20.465382 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:53:20.565523 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:53:20.682642 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:53:20.780419 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 12 21:53:20.894604 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:53:21.048533 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:21.151328 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:21.337747 osdx ca-certificates[11693]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:22.101763 osdx ca-certificates[12676]: 1 added, 0 removed; done. Jun 12 21:53:22.108042 osdx ca-certificates[12683]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:22.115046 osdx ca-certificates[12685]: done. Jun 12 21:53:22.188574 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:53:22.191572 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:22.198274 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:22.227741 osdx dnscrypt-proxy[12689]: dnscrypt-proxy 2.0.45 Jun 12 21:53:22.227842 osdx dnscrypt-proxy[12689]: Network connectivity detected Jun 12 21:53:22.228311 osdx dnscrypt-proxy[12689]: Dropping privileges Jun 12 21:53:22.231895 osdx dnscrypt-proxy[12689]: Network connectivity detected Jun 12 21:53:22.231967 osdx dnscrypt-proxy[12689]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:53:22.231976 osdx dnscrypt-proxy[12689]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:53:22.232033 osdx dnscrypt-proxy[12689]: Firefox workaround initialized Jun 12 21:53:22.232042 osdx dnscrypt-proxy[12689]: Loading the set of cloaking rules from [/tmp/tmpwLOPzP] Jun 12 21:53:22.253643 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:22.420623 osdx dnscrypt-proxy[12689]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 12 21:53:22.420651 osdx dnscrypt-proxy[12689]: [RD] OK (DoH) - rtt: 137ms Jun 12 21:53:22.420664 osdx dnscrypt-proxy[12689]: Server with the lowest initial latency: RD (rtt: 137ms) Jun 12 21:53:22.420674 osdx dnscrypt-proxy[12689]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:53:22.505539 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-06-12 21:53:31 UTC, end at Wed 2024-06-12 21:53:36 UTC. -- Jun 12 21:53:31.424231 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:53:31.450417 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:53:32.020250 osdx osdx-coredump[14318]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 21:53:32.028471 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 21:53:32.915280 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:33.056101 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:33.137857 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:33.285683 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:53:33.381159 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:33.428571 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:33.460463 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:33.637480 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 21:53:33.851600 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:33.947115 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:53:34.037177 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:53:34.152163 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:53:34.248778 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:53:34.381035 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:53:34.475878 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 12 21:53:34.567291 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:53:34.679079 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:34.761386 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:34.929323 osdx ca-certificates[14435]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:35.691420 osdx ca-certificates[15418]: 1 added, 0 removed; done. Jun 12 21:53:35.695933 osdx ca-certificates[15425]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:35.700293 osdx ca-certificates[15427]: done. Jun 12 21:53:35.768946 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:53:35.771474 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:35.775235 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:35.799771 osdx dnscrypt-proxy[15431]: dnscrypt-proxy 2.0.45 Jun 12 21:53:35.799843 osdx dnscrypt-proxy[15431]: Network connectivity detected Jun 12 21:53:35.800159 osdx dnscrypt-proxy[15431]: Dropping privileges Jun 12 21:53:35.802870 osdx dnscrypt-proxy[15431]: Network connectivity detected Jun 12 21:53:35.802925 osdx dnscrypt-proxy[15431]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:53:35.802935 osdx dnscrypt-proxy[15431]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:53:35.802967 osdx dnscrypt-proxy[15431]: Firefox workaround initialized Jun 12 21:53:35.802977 osdx dnscrypt-proxy[15431]: Loading the set of cloaking rules from [/tmp/tmpbLS8Gq] Jun 12 21:53:35.832016 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:35.969212 osdx dnscrypt-proxy[15431]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 12 21:53:35.969239 osdx dnscrypt-proxy[15431]: [RD] OK (DoH) - rtt: 124ms Jun 12 21:53:35.969254 osdx dnscrypt-proxy[15431]: Server with the lowest initial latency: RD (rtt: 124ms) Jun 12 21:53:35.969263 osdx dnscrypt-proxy[15431]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:53:36.024791 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-06-12 21:53:36 UTC, end at Wed 2024-06-12 21:53:42 UTC. -- Jun 12 21:53:36.339470 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:53:36.366742 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:53:36.798185 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:36.893639 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:53:37.013003 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:53:37.103526 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:53:37.103708 osdx dnscrypt-proxy[15431]: Stopped. Jun 12 21:53:37.104885 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:53:37.105166 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:53:37.223926 osdx ca-certificates[15511]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:53:37.616073 osdx ca-certificates[16068]: done. Jun 12 21:53:37.622250 osdx ca-certificates[16077]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:38.235024 osdx ca-certificates[16915]: 137 added, 0 removed; done. Jun 12 21:53:38.240178 osdx ca-certificates[16922]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:38.245310 osdx ca-certificates[16924]: done. Jun 12 21:53:38.299758 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:38.303547 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:38.352475 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:40.000359 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:40.118085 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:53:40.232392 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:53:40.420041 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:53:40.568755 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:53:40.700937 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:53:40.795630 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 12 21:53:40.907208 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:53:41.049058 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:41.147381 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:41.351009 osdx ca-certificates[16969]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:42.087150 osdx ca-certificates[17956]: 1 added, 0 removed; done. Jun 12 21:53:42.093479 osdx ca-certificates[17962]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:42.099859 osdx ca-certificates[17964]: done. Jun 12 21:53:42.125671 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:53:42.312213 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:53:42.314973 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:42.339543 osdx dnscrypt-proxy[18001]: dnscrypt-proxy 2.0.45 Jun 12 21:53:42.339633 osdx dnscrypt-proxy[18001]: Network connectivity detected Jun 12 21:53:42.340034 osdx dnscrypt-proxy[18001]: Dropping privileges Jun 12 21:53:42.343709 osdx dnscrypt-proxy[18001]: Network connectivity detected Jun 12 21:53:42.343764 osdx dnscrypt-proxy[18001]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:53:42.343773 osdx dnscrypt-proxy[18001]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:53:42.343809 osdx dnscrypt-proxy[18001]: Firefox workaround initialized Jun 12 21:53:42.343819 osdx dnscrypt-proxy[18001]: Loading the set of cloaking rules from [/tmp/tmpx_ZVml] Jun 12 21:53:42.372345 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:42.429951 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:42.529636 osdx dnscrypt-proxy[18001]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 12 21:53:42.529684 osdx dnscrypt-proxy[18001]: [RD] OK (DoH) - rtt: 136ms Jun 12 21:53:42.529697 osdx dnscrypt-proxy[18001]: Server with the lowest initial latency: RD (rtt: 136ms) Jun 12 21:53:42.529705 osdx dnscrypt-proxy[18001]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:53:42.617225 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-06-12 21:53:42 UTC, end at Wed 2024-06-12 21:53:49 UTC. -- Jun 12 21:53:42.948105 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:53:42.975715 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:53:43.403598 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:43.500725 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:53:43.646220 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:53:43.751473 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:53:43.752026 osdx dnscrypt-proxy[18001]: Stopped. Jun 12 21:53:43.758226 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:53:43.758682 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:53:43.891938 osdx ca-certificates[18096]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:53:44.300633 osdx ca-certificates[18654]: done. Jun 12 21:53:44.307099 osdx ca-certificates[18666]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:44.954993 osdx ca-certificates[19496]: 137 added, 0 removed; done. Jun 12 21:53:44.961774 osdx ca-certificates[19503]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:44.968341 osdx ca-certificates[19505]: done. Jun 12 21:53:45.028875 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:45.039388 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:45.083404 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:46.571332 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:53:46.669948 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:53:46.775766 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:53:46.936141 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:53:47.037563 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:53:47.165784 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:53:47.291659 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 12 21:53:47.410163 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:53:47.558820 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:53:47.666459 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:53:47.844482 osdx ca-certificates[19549]: Updating certificates in /etc/ssl/certs... Jun 12 21:53:48.559969 osdx ca-certificates[20533]: 1 added, 0 removed; done. Jun 12 21:53:48.566629 osdx ca-certificates[20540]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:53:48.571301 osdx ca-certificates[20542]: done. Jun 12 21:53:48.593771 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:53:48.780612 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:53:48.783013 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:53:48.807865 osdx dnscrypt-proxy[20579]: dnscrypt-proxy 2.0.45 Jun 12 21:53:48.807958 osdx dnscrypt-proxy[20579]: Network connectivity detected Jun 12 21:53:48.808386 osdx dnscrypt-proxy[20579]: Dropping privileges Jun 12 21:53:48.811542 osdx dnscrypt-proxy[20579]: Network connectivity detected Jun 12 21:53:48.811603 osdx dnscrypt-proxy[20579]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:53:48.811614 osdx dnscrypt-proxy[20579]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:53:48.811655 osdx dnscrypt-proxy[20579]: Firefox workaround initialized Jun 12 21:53:48.811665 osdx dnscrypt-proxy[20579]: Loading the set of cloaking rules from [/tmp/tmpnuIJxL] Jun 12 21:53:48.849371 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:53:48.901976 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:53:48.982223 osdx dnscrypt-proxy[20579]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:53:48.982264 osdx dnscrypt-proxy[20579]: [RD] OK (DoH) - rtt: 120ms Jun 12 21:53:48.982279 osdx dnscrypt-proxy[20579]: Server with the lowest initial latency: RD (rtt: 120ms) Jun 12 21:53:48.982289 osdx dnscrypt-proxy[20579]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:53:49.074982 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-06-12 21:53:58 UTC, end at Wed 2024-06-12 21:54:03 UTC. -- Jun 12 21:53:58.391624 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:53:58.413583 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:53:59.003185 osdx osdx-coredump[22223]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 21:53:59.011595 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 21:53:59.924380 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:00.100758 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:00.184978 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:00.369979 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:00.473039 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:00.515688 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:00.548137 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:00.753524 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 21:54:01.022957 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:01.158035 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:01.253137 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:01.368014 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:01.470487 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:01.566950 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:01.680567 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:01.805818 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:01.915507 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:02.001448 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:02.148249 osdx ca-certificates[22343]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:02.857890 osdx ca-certificates[23327]: 1 added, 0 removed; done. Jun 12 21:54:02.863903 osdx ca-certificates[23333]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:02.870058 osdx ca-certificates[23335]: done. Jun 12 21:54:02.931068 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:02.932402 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:02.936113 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:02.952555 osdx dnscrypt-proxy[23339]: dnscrypt-proxy 2.0.45 Jun 12 21:54:02.952664 osdx dnscrypt-proxy[23339]: Network connectivity detected Jun 12 21:54:02.953082 osdx dnscrypt-proxy[23339]: Dropping privileges Jun 12 21:54:02.956418 osdx dnscrypt-proxy[23339]: Network connectivity detected Jun 12 21:54:02.956747 osdx dnscrypt-proxy[23339]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:02.956824 osdx dnscrypt-proxy[23339]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:02.956913 osdx dnscrypt-proxy[23339]: Firefox workaround initialized Jun 12 21:54:02.956985 osdx dnscrypt-proxy[23339]: Loading the set of cloaking rules from [/tmp/tmpg1VHQ9] Jun 12 21:54:02.958153 osdx dnscrypt-proxy[23339]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 12 21:54:02.964190 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:03.109674 osdx dnscrypt-proxy[23339]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:54:03.109719 osdx dnscrypt-proxy[23339]: [RD] OK (DoH) - rtt: 113ms Jun 12 21:54:03.109732 osdx dnscrypt-proxy[23339]: Server with the lowest initial latency: RD (rtt: 113ms) Jun 12 21:54:03.109742 osdx dnscrypt-proxy[23339]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-06-12 21:54:12 UTC, end at Wed 2024-06-12 21:54:16 UTC. -- Jun 12 21:54:12.373064 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:12.412325 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:12.961332 osdx osdx-coredump[24961]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 21:54:12.969312 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 21:54:13.883240 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:14.082529 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:14.162340 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:14.293597 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:14.402540 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:14.445090 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:14.481431 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:14.666416 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 21:54:14.874369 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:14.999351 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:15.127356 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:15.285041 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:15.387874 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:15.499130 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:15.600674 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:15.720383 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:15.878996 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:15.975383 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:16.111556 osdx ca-certificates[25076]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:16.834400 osdx ca-certificates[26059]: 1 added, 0 removed; done. Jun 12 21:54:16.838895 osdx ca-certificates[26066]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:16.844837 osdx ca-certificates[26068]: done. Jun 12 21:54:16.930980 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:16.933468 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:16.937911 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:16.964668 osdx dnscrypt-proxy[26072]: dnscrypt-proxy 2.0.45 Jun 12 21:54:16.964758 osdx dnscrypt-proxy[26072]: Network connectivity detected Jun 12 21:54:16.965234 osdx dnscrypt-proxy[26072]: Dropping privileges Jun 12 21:54:16.968579 osdx dnscrypt-proxy[26072]: Network connectivity detected Jun 12 21:54:16.968639 osdx dnscrypt-proxy[26072]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:16.968650 osdx dnscrypt-proxy[26072]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:16.968693 osdx dnscrypt-proxy[26072]: Firefox workaround initialized Jun 12 21:54:16.968704 osdx dnscrypt-proxy[26072]: Loading the set of cloaking rules from [/tmp/tmpuOA_xz] Jun 12 21:54:16.971512 osdx dnscrypt-proxy[26072]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 12 21:54:16.975682 osdx OSDxCLI[16771]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-06-12 21:54:17 UTC, end at Wed 2024-06-12 21:54:23 UTC. -- Jun 12 21:54:17.363029 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:17.396767 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:17.848571 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:17.939332 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:54:18.081982 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:54:18.172793 osdx dnscrypt-proxy[26072]: Stopped. Jun 12 21:54:18.172872 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:54:18.174340 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:54:18.174703 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:54:18.290803 osdx ca-certificates[26146]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:54:18.701877 osdx ca-certificates[26703]: done. Jun 12 21:54:18.710423 osdx ca-certificates[26713]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:19.338940 osdx ca-certificates[27546]: 137 added, 0 removed; done. Jun 12 21:54:19.345188 osdx ca-certificates[27553]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:19.352275 osdx ca-certificates[27555]: done. Jun 12 21:54:19.393694 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:19.397154 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:19.447862 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:21.147104 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:21.333087 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:21.444294 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:21.611069 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:21.700283 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:21.835901 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:21.949106 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 12 21:54:22.075201 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:22.211418 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:22.324652 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:22.494465 osdx ca-certificates[27600]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:23.219733 osdx ca-certificates[28584]: 1 added, 0 removed; done. Jun 12 21:54:23.226058 osdx ca-certificates[28590]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:23.232542 osdx ca-certificates[28592]: done. Jun 12 21:54:23.253610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:23.416976 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:23.420257 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:23.437300 osdx dnscrypt-proxy[28629]: dnscrypt-proxy 2.0.45 Jun 12 21:54:23.437375 osdx dnscrypt-proxy[28629]: Network connectivity detected Jun 12 21:54:23.437714 osdx dnscrypt-proxy[28629]: Dropping privileges Jun 12 21:54:23.440336 osdx dnscrypt-proxy[28629]: Network connectivity detected Jun 12 21:54:23.440378 osdx dnscrypt-proxy[28629]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:23.440384 osdx dnscrypt-proxy[28629]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:23.440408 osdx dnscrypt-proxy[28629]: Firefox workaround initialized Jun 12 21:54:23.440414 osdx dnscrypt-proxy[28629]: Loading the set of cloaking rules from [/tmp/tmpxWRcSq] Jun 12 21:54:23.441381 osdx dnscrypt-proxy[28629]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 12 21:54:23.478138 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:23.516677 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:23.607873 osdx dnscrypt-proxy[28629]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:54:23.607903 osdx dnscrypt-proxy[28629]: [RD] OK (DoH) - rtt: 125ms Jun 12 21:54:23.607950 osdx dnscrypt-proxy[28629]: Server with the lowest initial latency: RD (rtt: 125ms) Jun 12 21:54:23.607960 osdx dnscrypt-proxy[28629]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-06-12 21:54:23 UTC, end at Wed 2024-06-12 21:54:30 UTC. -- Jun 12 21:54:23.955562 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:23.978085 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:24.439472 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:24.567430 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:54:24.756877 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:54:24.847863 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:54:24.848843 osdx dnscrypt-proxy[28629]: Stopped. Jun 12 21:54:24.858035 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:54:24.858524 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:54:25.026685 osdx ca-certificates[28717]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:54:25.453091 osdx ca-certificates[29274]: done. Jun 12 21:54:25.459422 osdx ca-certificates[29284]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:26.111115 osdx ca-certificates[30117]: 137 added, 0 removed; done. Jun 12 21:54:26.117149 osdx ca-certificates[30124]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:26.123458 osdx ca-certificates[30126]: done. Jun 12 21:54:26.184308 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:26.196113 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:26.249999 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:27.823246 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:27.936145 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:28.090685 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:28.269868 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:28.399417 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:28.527192 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:28.661366 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:28.808717 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 12 21:54:28.922984 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:29.034987 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:29.122301 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:29.275859 osdx ca-certificates[30171]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:29.984338 osdx ca-certificates[31155]: 1 added, 0 removed; done. Jun 12 21:54:29.988816 osdx ca-certificates[31162]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:29.993184 osdx ca-certificates[31164]: done. Jun 12 21:54:30.017602 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:30.177285 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:30.179648 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:30.196384 osdx dnscrypt-proxy[31201]: dnscrypt-proxy 2.0.45 Jun 12 21:54:30.196479 osdx dnscrypt-proxy[31201]: Network connectivity detected Jun 12 21:54:30.196881 osdx dnscrypt-proxy[31201]: Dropping privileges Jun 12 21:54:30.200066 osdx dnscrypt-proxy[31201]: Network connectivity detected Jun 12 21:54:30.200113 osdx dnscrypt-proxy[31201]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:30.200122 osdx dnscrypt-proxy[31201]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:30.200157 osdx dnscrypt-proxy[31201]: Firefox workaround initialized Jun 12 21:54:30.200164 osdx dnscrypt-proxy[31201]: Loading the set of cloaking rules from [/tmp/tmpiYsEqL] Jun 12 21:54:30.201506 osdx dnscrypt-proxy[31201]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 12 21:54:30.225654 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:30.255913 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:30.354892 osdx dnscrypt-proxy[31201]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:54:30.354913 osdx dnscrypt-proxy[31201]: [RD] OK (DoH) - rtt: 117ms Jun 12 21:54:30.354925 osdx dnscrypt-proxy[31201]: Server with the lowest initial latency: RD (rtt: 117ms) Jun 12 21:54:30.354931 osdx dnscrypt-proxy[31201]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-06-12 21:54:39 UTC, end at Wed 2024-06-12 21:54:44 UTC. -- Jun 12 21:54:39.390883 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:39.419700 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:40.102069 osdx osdx-coredump[370]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 12 21:54:40.110384 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system coredump delete all'. Jun 12 21:54:41.060836 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:41.189980 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:41.308139 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:41.457377 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:41.542732 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:41.580362 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:41.632073 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:41.854308 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 12 21:54:42.110656 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:42.244147 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:42.369031 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:42.493147 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:42.576168 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:42.722396 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:42.819003 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:42.944452 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 12 21:54:43.035503 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:43.143914 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:43.230015 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:43.405066 osdx ca-certificates[486]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:44.194532 osdx ca-certificates[1505]: 1 added, 0 removed; done. Jun 12 21:54:44.201534 osdx ca-certificates[1513]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:44.206472 osdx ca-certificates[1515]: done. Jun 12 21:54:44.282203 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:44.283577 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:44.286953 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:44.335754 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:44.341994 osdx dnscrypt-proxy[1519]: dnscrypt-proxy 2.0.45 Jun 12 21:54:44.342082 osdx dnscrypt-proxy[1519]: Network connectivity detected Jun 12 21:54:44.342492 osdx dnscrypt-proxy[1519]: Dropping privileges Jun 12 21:54:44.350987 osdx dnscrypt-proxy[1519]: Network connectivity detected Jun 12 21:54:44.351047 osdx dnscrypt-proxy[1519]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:44.351059 osdx dnscrypt-proxy[1519]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:44.351095 osdx dnscrypt-proxy[1519]: Firefox workaround initialized Jun 12 21:54:44.351106 osdx dnscrypt-proxy[1519]: Loading the set of cloaking rules from [/tmp/tmpxB4vi4] Jun 12 21:54:44.506311 osdx dnscrypt-proxy[1519]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 12 21:54:44.506338 osdx dnscrypt-proxy[1519]: [RD] OK (DoH) - rtt: 113ms Jun 12 21:54:44.506352 osdx dnscrypt-proxy[1519]: Server with the lowest initial latency: RD (rtt: 113ms) Jun 12 21:54:44.506360 osdx dnscrypt-proxy[1519]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:54:44.572228 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-06-12 21:54:44 UTC, end at Wed 2024-06-12 21:54:50 UTC. -- Jun 12 21:54:44.919358 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:44.938805 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:45.378829 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:45.508914 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:54:45.645026 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:54:45.775819 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:54:45.775854 osdx dnscrypt-proxy[1519]: Stopped. Jun 12 21:54:45.776920 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:54:45.777254 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:54:45.915070 osdx ca-certificates[1602]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:54:46.307866 osdx ca-certificates[2160]: done. Jun 12 21:54:46.314062 osdx ca-certificates[2170]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:46.948303 osdx ca-certificates[3004]: 137 added, 0 removed; done. Jun 12 21:54:46.954719 osdx ca-certificates[3010]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:46.960890 osdx ca-certificates[3012]: done. Jun 12 21:54:47.018482 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:47.021905 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:47.051646 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:48.462700 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:48.563544 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:48.687756 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:48.801285 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:48.879633 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:48.978458 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:49.068932 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:49.166100 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 12 21:54:49.262534 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:49.373894 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:49.462474 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:49.627936 osdx ca-certificates[3057]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:50.427543 osdx ca-certificates[4040]: 1 added, 0 removed; done. Jun 12 21:54:50.432022 osdx ca-certificates[4047]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:50.436865 osdx ca-certificates[4049]: done. Jun 12 21:54:50.457390 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:50.622369 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:50.624355 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:50.641751 osdx dnscrypt-proxy[4086]: dnscrypt-proxy 2.0.45 Jun 12 21:54:50.641822 osdx dnscrypt-proxy[4086]: Network connectivity detected Jun 12 21:54:50.642150 osdx dnscrypt-proxy[4086]: Dropping privileges Jun 12 21:54:50.644994 osdx dnscrypt-proxy[4086]: Network connectivity detected Jun 12 21:54:50.645046 osdx dnscrypt-proxy[4086]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:50.645054 osdx dnscrypt-proxy[4086]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:50.645085 osdx dnscrypt-proxy[4086]: Firefox workaround initialized Jun 12 21:54:50.645093 osdx dnscrypt-proxy[4086]: Loading the set of cloaking rules from [/tmp/tmpH7yPBZ] Jun 12 21:54:50.671021 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:50.707931 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:50.803560 osdx dnscrypt-proxy[4086]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 12 21:54:50.803586 osdx dnscrypt-proxy[4086]: [RD] OK (DoH) - rtt: 110ms Jun 12 21:54:50.803599 osdx dnscrypt-proxy[4086]: Server with the lowest initial latency: RD (rtt: 110ms) Jun 12 21:54:50.803608 osdx dnscrypt-proxy[4086]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:54:50.891209 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-06-12 21:54:51 UTC, end at Wed 2024-06-12 21:54:57 UTC. -- Jun 12 21:54:51.181637 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:51.211934 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:51.589651 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:51.678781 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:54:51.787263 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:54:51.882775 osdx dnscrypt-proxy[4086]: Stopped. Jun 12 21:54:51.882866 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:54:51.884001 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:54:51.884348 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:54:52.005441 osdx ca-certificates[4181]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:54:52.402182 osdx ca-certificates[4738]: done. Jun 12 21:54:52.408641 osdx ca-certificates[4751]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:52.981255 osdx ca-certificates[5581]: 137 added, 0 removed; done. Jun 12 21:54:52.987505 osdx ca-certificates[5588]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:52.992208 osdx ca-certificates[5590]: done. Jun 12 21:54:53.034031 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:53.038015 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:53.074898 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:54.650532 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:54.759890 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:54:54.938546 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:54:55.131817 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:54:55.271935 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:54:55.420935 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:54:55.537504 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 12 21:54:55.642112 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 12 21:54:55.753428 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:54:55.897070 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:54:56.001091 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:54:56.190722 osdx ca-certificates[5635]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:56.890874 osdx ca-certificates[6618]: 1 added, 0 removed; done. Jun 12 21:54:56.897174 osdx ca-certificates[6625]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:56.901676 osdx ca-certificates[6627]: done. Jun 12 21:54:56.921429 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:54:57.094100 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:54:57.099137 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:57.123252 osdx dnscrypt-proxy[6664]: dnscrypt-proxy 2.0.45 Jun 12 21:54:57.123326 osdx dnscrypt-proxy[6664]: Network connectivity detected Jun 12 21:54:57.123657 osdx dnscrypt-proxy[6664]: Dropping privileges Jun 12 21:54:57.127002 osdx dnscrypt-proxy[6664]: Network connectivity detected Jun 12 21:54:57.127060 osdx dnscrypt-proxy[6664]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:54:57.127071 osdx dnscrypt-proxy[6664]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:54:57.127105 osdx dnscrypt-proxy[6664]: Firefox workaround initialized Jun 12 21:54:57.127114 osdx dnscrypt-proxy[6664]: Loading the set of cloaking rules from [/tmp/tmphtnqWL] Jun 12 21:54:57.154989 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:57.204687 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:54:57.301782 osdx dnscrypt-proxy[6664]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:54:57.301810 osdx dnscrypt-proxy[6664]: [RD] OK (DoH) - rtt: 125ms Jun 12 21:54:57.301823 osdx dnscrypt-proxy[6664]: Server with the lowest initial latency: RD (rtt: 125ms) Jun 12 21:54:57.301832 osdx dnscrypt-proxy[6664]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:54:57.416517 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-06-12 21:54:57 UTC, end at Wed 2024-06-12 21:55:03 UTC. -- Jun 12 21:54:57.736153 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:54:57.749444 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:54:58.207336 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:54:58.310796 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:54:58.457460 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:54:58.572026 osdx dnscrypt-proxy[6664]: Stopped. Jun 12 21:54:58.572116 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:54:58.576461 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:54:58.576824 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:54:58.715840 osdx ca-certificates[6760]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:54:59.093633 osdx ca-certificates[7318]: done. Jun 12 21:54:59.101765 osdx ca-certificates[7327]: Updating certificates in /etc/ssl/certs... Jun 12 21:54:59.695454 osdx ca-certificates[8162]: 137 added, 0 removed; done. Jun 12 21:54:59.699992 osdx ca-certificates[8168]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:54:59.706448 osdx ca-certificates[8170]: done. Jun 12 21:54:59.772392 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:54:59.776455 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:54:59.805712 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:01.315149 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:55:01.441295 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:55:01.584295 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:55:01.704954 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:55:01.811692 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:55:01.923954 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:55:02.013536 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 12 21:55:02.138980 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 12 21:55:02.241545 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:55:02.377572 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:55:02.461564 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:55:02.618773 osdx ca-certificates[8222]: Updating certificates in /etc/ssl/certs... Jun 12 21:55:03.354190 osdx ca-certificates[9206]: 1 added, 0 removed; done. Jun 12 21:55:03.361054 osdx ca-certificates[9213]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:55:03.365887 osdx ca-certificates[9215]: done. Jun 12 21:55:03.385407 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:55:03.574260 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:55:03.576727 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:55:03.603169 osdx dnscrypt-proxy[9252]: dnscrypt-proxy 2.0.45 Jun 12 21:55:03.603255 osdx dnscrypt-proxy[9252]: Network connectivity detected Jun 12 21:55:03.603675 osdx dnscrypt-proxy[9252]: Dropping privileges Jun 12 21:55:03.607677 osdx dnscrypt-proxy[9252]: Network connectivity detected Jun 12 21:55:03.607739 osdx dnscrypt-proxy[9252]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:55:03.607755 osdx dnscrypt-proxy[9252]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:55:03.607791 osdx dnscrypt-proxy[9252]: Firefox workaround initialized Jun 12 21:55:03.607799 osdx dnscrypt-proxy[9252]: Loading the set of cloaking rules from [/tmp/tmpTOaW9L] Jun 12 21:55:03.617831 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:55:03.672035 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:03.781673 osdx dnscrypt-proxy[9252]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 12 21:55:03.781702 osdx dnscrypt-proxy[9252]: [RD] OK (DoH) - rtt: 111ms Jun 12 21:55:03.781715 osdx dnscrypt-proxy[9252]: Server with the lowest initial latency: RD (rtt: 111ms) Jun 12 21:55:03.781725 osdx dnscrypt-proxy[9252]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:55:03.888052 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-06-12 21:55:04 UTC, end at Wed 2024-06-12 21:55:10 UTC. -- Jun 12 21:55:04.155850 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:55:04.175432 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:55:04.550239 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:55:04.652425 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:55:04.786638 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:55:04.889463 osdx dnscrypt-proxy[9252]: Stopped. Jun 12 21:55:04.889562 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:55:04.890897 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:55:04.891239 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:55:05.011426 osdx ca-certificates[9345]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:55:05.395092 osdx ca-certificates[9903]: done. Jun 12 21:55:05.401680 osdx ca-certificates[9915]: Updating certificates in /etc/ssl/certs... Jun 12 21:55:06.058754 osdx ca-certificates[10746]: 137 added, 0 removed; done. Jun 12 21:55:06.065282 osdx ca-certificates[10753]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:55:06.072189 osdx ca-certificates[10755]: done. Jun 12 21:55:06.115324 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:55:06.119442 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:55:06.152016 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:07.620453 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:55:07.741587 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:55:07.837122 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:55:07.963405 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:55:08.049114 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:55:08.145639 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:55:08.237908 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 12 21:55:08.333088 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 12 21:55:08.436559 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:55:08.542058 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:55:08.653138 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:55:08.825200 osdx ca-certificates[10799]: Updating certificates in /etc/ssl/certs... Jun 12 21:55:09.030558 osdx systemd[1]: systemd-timedated.service: Succeeded. Jun 12 21:55:09.549607 osdx ca-certificates[11786]: 1 added, 0 removed; done. Jun 12 21:55:09.553931 osdx ca-certificates[11792]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:55:09.558547 osdx ca-certificates[11794]: done. Jun 12 21:55:09.577422 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:55:09.765641 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:55:09.767529 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:55:09.795345 osdx dnscrypt-proxy[11831]: dnscrypt-proxy 2.0.45 Jun 12 21:55:09.795436 osdx dnscrypt-proxy[11831]: Network connectivity detected Jun 12 21:55:09.795888 osdx dnscrypt-proxy[11831]: Dropping privileges Jun 12 21:55:09.799302 osdx dnscrypt-proxy[11831]: Network connectivity detected Jun 12 21:55:09.799361 osdx dnscrypt-proxy[11831]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:55:09.799371 osdx dnscrypt-proxy[11831]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:55:09.799407 osdx dnscrypt-proxy[11831]: Firefox workaround initialized Jun 12 21:55:09.799417 osdx dnscrypt-proxy[11831]: Loading the set of cloaking rules from [/tmp/tmpxYb37O] Jun 12 21:55:09.819987 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:55:09.858277 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:09.977168 osdx dnscrypt-proxy[11831]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 12 21:55:09.977198 osdx dnscrypt-proxy[11831]: [RD] OK (DoH) - rtt: 118ms Jun 12 21:55:09.977213 osdx dnscrypt-proxy[11831]: Server with the lowest initial latency: RD (rtt: 118ms) Jun 12 21:55:09.977223 osdx dnscrypt-proxy[11831]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:55:10.039443 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-06-12 21:55:10 UTC, end at Wed 2024-06-12 21:55:16 UTC. -- Jun 12 21:55:10.314104 osdx systemd-journald[1508]: Runtime journal (/run/log/journal/f8d19df27e8d4f24a0b0e24ed9aec425) is 2.0M, max 16.0M, 14.0M free. Jun 12 21:55:10.333579 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'system journal clear'. Jun 12 21:55:10.784549 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:55:10.883863 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'delete'. Jun 12 21:55:11.020841 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 12 21:55:11.124357 osdx dnscrypt-proxy[11831]: Stopped. Jun 12 21:55:11.124372 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 12 21:55:11.125601 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 12 21:55:11.126017 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 12 21:55:11.243241 osdx ca-certificates[11925]: Clearing symlinks in /etc/ssl/certs... Jun 12 21:55:11.621945 osdx ca-certificates[12482]: done. Jun 12 21:55:11.628444 osdx ca-certificates[12491]: Updating certificates in /etc/ssl/certs... Jun 12 21:55:12.198447 osdx ca-certificates[13327]: 137 added, 0 removed; done. Jun 12 21:55:12.203142 osdx ca-certificates[13333]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:55:12.207846 osdx ca-certificates[13335]: done. Jun 12 21:55:12.253365 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:55:12.257171 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:55:12.283342 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:13.818755 osdx OSDxCLI[16771]: User 'admin' entered the configuration menu. Jun 12 21:55:13.936440 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 12 21:55:14.053702 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 12 21:55:14.180184 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 12 21:55:14.342271 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 12 21:55:14.499089 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 12 21:55:14.612499 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 12 21:55:14.777237 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 12 21:55:14.953353 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 12 21:55:15.114012 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 12 21:55:15.221638 osdx OSDxCLI[16771]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 12 21:55:15.447537 osdx ca-certificates[13380]: Updating certificates in /etc/ssl/certs... Jun 12 21:55:16.180917 osdx ca-certificates[14364]: 1 added, 0 removed; done. Jun 12 21:55:16.187522 osdx ca-certificates[14370]: Running hooks in /etc/ca-certificates/update.d... Jun 12 21:55:16.192013 osdx ca-certificates[14372]: done. Jun 12 21:55:16.213384 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 12 21:55:16.421543 osdx systemd[1]: Started DNSCrypt client proxy. Jun 12 21:55:16.426116 osdx cfgd[1122]: [16771]Completed change to active configuration Jun 12 21:55:16.451900 osdx dnscrypt-proxy[14409]: dnscrypt-proxy 2.0.45 Jun 12 21:55:16.452008 osdx dnscrypt-proxy[14409]: Network connectivity detected Jun 12 21:55:16.452498 osdx dnscrypt-proxy[14409]: Dropping privileges Jun 12 21:55:16.456717 osdx dnscrypt-proxy[14409]: Network connectivity detected Jun 12 21:55:16.456777 osdx dnscrypt-proxy[14409]: Now listening to 127.0.0.1:53 [UDP] Jun 12 21:55:16.456786 osdx dnscrypt-proxy[14409]: Now listening to 127.0.0.1:53 [TCP] Jun 12 21:55:16.456824 osdx dnscrypt-proxy[14409]: Firefox workaround initialized Jun 12 21:55:16.456834 osdx dnscrypt-proxy[14409]: Loading the set of cloaking rules from [/tmp/tmp9VAP2j] Jun 12 21:55:16.490045 osdx OSDxCLI[16771]: User 'admin' committed the configuration. Jun 12 21:55:16.546811 osdx OSDxCLI[16771]: User 'admin' left the configuration menu. Jun 12 21:55:16.636810 osdx dnscrypt-proxy[14409]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 12 21:55:16.636841 osdx dnscrypt-proxy[14409]: [RD] OK (DoH) - rtt: 130ms Jun 12 21:55:16.636854 osdx dnscrypt-proxy[14409]: Server with the lowest initial latency: RD (rtt: 130ms) Jun 12 21:55:16.636863 osdx dnscrypt-proxy[14409]: dnscrypt-proxy is ready - live servers: 1 Jun 12 21:55:16.742886 osdx OSDxCLI[16771]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.