Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-06-24 12:27:44 UTC, end at Mon 2024-06-24 12:27:55 UTC. -- Jun 24 12:27:44.410893 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:27:44.437481 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:27:45.208049 osdx osdx-coredump[30397]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:27:45.218078 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:27:46.117922 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:27:46.267341 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:27:46.367868 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:27:46.540348 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:27:46.637161 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:27:46.688339 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:27:46.714783 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:27:46.889198 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:27:47.068835 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:27:47.171881 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:27:47.290134 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:27:47.415446 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:27:47.552838 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:27:47.653021 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:27:47.761194 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 24 12:27:47.894760 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:27:47.994867 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:27:48.100709 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:27:48.256052 osdx ca-certificates[30512]: Updating certificates in /etc/ssl/certs... Jun 24 12:27:48.926514 osdx ca-certificates[31495]: 1 added, 0 removed; done. Jun 24 12:27:48.933142 osdx ca-certificates[31502]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:27:48.937890 osdx ca-certificates[31504]: done. Jun 24 12:27:49.016469 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:27:49.018997 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:27:49.023500 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:27:49.044137 osdx dnscrypt-proxy[31508]: dnscrypt-proxy 2.0.45 Jun 24 12:27:49.044247 osdx dnscrypt-proxy[31508]: Network connectivity detected Jun 24 12:27:49.044709 osdx dnscrypt-proxy[31508]: Dropping privileges Jun 24 12:27:49.048209 osdx dnscrypt-proxy[31508]: Network connectivity detected Jun 24 12:27:49.048250 osdx dnscrypt-proxy[31508]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:27:49.048257 osdx dnscrypt-proxy[31508]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:27:49.048281 osdx dnscrypt-proxy[31508]: Firefox workaround initialized Jun 24 12:27:49.048287 osdx dnscrypt-proxy[31508]: Loading the set of cloaking rules from [/tmp/tmpBLGezO] Jun 24 12:27:49.062876 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:27:49.261991 osdx dnscrypt-proxy[31508]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 24 12:27:49.262013 osdx dnscrypt-proxy[31508]: [RD] OK (DoH) - rtt: 131ms Jun 24 12:27:49.262024 osdx dnscrypt-proxy[31508]: Server with the lowest initial latency: RD (rtt: 131ms) Jun 24 12:27:49.262030 osdx dnscrypt-proxy[31508]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:27:55.232788 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-06-24 12:28:04 UTC, end at Mon 2024-06-24 12:28:09 UTC. -- Jun 24 12:28:04.378019 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:04.409233 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:05.110733 osdx osdx-coredump[676]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:28:05.122051 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:28:06.114161 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:06.261159 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:06.366805 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:06.527082 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:06.619611 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:06.658417 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:06.682721 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:06.862022 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:28:07.050430 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:07.145040 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:07.248647 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:07.398430 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:07.483753 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:07.601672 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:07.686967 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 24 12:28:07.775166 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:07.876517 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:07.954526 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:08.134472 osdx ca-certificates[796]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:08.867832 osdx ca-certificates[1809]: 1 added, 0 removed; done. Jun 24 12:28:08.872756 osdx ca-certificates[1816]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:08.879609 osdx ca-certificates[1818]: done. Jun 24 12:28:08.950508 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:08.952303 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:08.956060 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:08.972190 osdx dnscrypt-proxy[1822]: dnscrypt-proxy 2.0.45 Jun 24 12:28:08.972289 osdx dnscrypt-proxy[1822]: Network connectivity detected Jun 24 12:28:08.972729 osdx dnscrypt-proxy[1822]: Dropping privileges Jun 24 12:28:08.976392 osdx dnscrypt-proxy[1822]: Network connectivity detected Jun 24 12:28:08.976451 osdx dnscrypt-proxy[1822]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:08.976460 osdx dnscrypt-proxy[1822]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:08.976492 osdx dnscrypt-proxy[1822]: Firefox workaround initialized Jun 24 12:28:08.976500 osdx dnscrypt-proxy[1822]: Loading the set of cloaking rules from [/tmp/tmpC5Sgn_] Jun 24 12:28:09.009777 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:09.129248 osdx dnscrypt-proxy[1822]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 24 12:28:09.129453 osdx dnscrypt-proxy[1822]: [RD] OK (DoH) - rtt: 111ms Jun 24 12:28:09.129553 osdx dnscrypt-proxy[1822]: Server with the lowest initial latency: RD (rtt: 111ms) Jun 24 12:28:09.129636 osdx dnscrypt-proxy[1822]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:28:09.165704 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-06-24 12:28:09 UTC, end at Mon 2024-06-24 12:28:15 UTC. -- Jun 24 12:28:09.452968 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:09.479339 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:09.835808 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:09.921295 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:28:10.054999 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:28:10.139997 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:28:10.140122 osdx dnscrypt-proxy[1822]: Stopped. Jun 24 12:28:10.141180 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:28:10.141531 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:28:10.264697 osdx ca-certificates[1902]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:28:10.653580 osdx ca-certificates[2459]: done. Jun 24 12:28:10.659312 osdx ca-certificates[2468]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:11.249192 osdx ca-certificates[3304]: 137 added, 0 removed; done. Jun 24 12:28:11.253732 osdx ca-certificates[3310]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:11.260016 osdx ca-certificates[3312]: done. Jun 24 12:28:11.302516 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:11.305963 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:11.359159 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:12.873617 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:12.967118 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:13.060800 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:13.192857 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:13.293096 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:13.389091 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:13.493053 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 24 12:28:13.583921 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:13.697950 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:13.804376 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:13.971473 osdx ca-certificates[3354]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:14.623854 osdx ca-certificates[4337]: 1 added, 0 removed; done. Jun 24 12:28:14.628184 osdx ca-certificates[4344]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:14.632843 osdx ca-certificates[4346]: done. Jun 24 12:28:14.651063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:14.805471 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:14.807497 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:14.833709 osdx dnscrypt-proxy[4385]: dnscrypt-proxy 2.0.45 Jun 24 12:28:14.833800 osdx dnscrypt-proxy[4385]: Network connectivity detected Jun 24 12:28:14.834195 osdx dnscrypt-proxy[4385]: Dropping privileges Jun 24 12:28:14.837461 osdx dnscrypt-proxy[4385]: Network connectivity detected Jun 24 12:28:14.837513 osdx dnscrypt-proxy[4385]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:14.837522 osdx dnscrypt-proxy[4385]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:14.837552 osdx dnscrypt-proxy[4385]: Firefox workaround initialized Jun 24 12:28:14.837561 osdx dnscrypt-proxy[4385]: Loading the set of cloaking rules from [/tmp/tmpFgSQkN] Jun 24 12:28:14.853177 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:14.905475 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:15.002078 osdx dnscrypt-proxy[4385]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 24 12:28:15.002099 osdx dnscrypt-proxy[4385]: [RD] OK (DoH) - rtt: 124ms Jun 24 12:28:15.002110 osdx dnscrypt-proxy[4385]: Server with the lowest initial latency: RD (rtt: 124ms) Jun 24 12:28:15.002116 osdx dnscrypt-proxy[4385]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:28:15.098868 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-06-24 12:28:15 UTC, end at Mon 2024-06-24 12:28:21 UTC. -- Jun 24 12:28:15.376492 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:15.410027 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:15.757657 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:15.847211 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:28:15.989679 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:28:16.082533 osdx dnscrypt-proxy[4385]: Stopped. Jun 24 12:28:16.082637 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:28:16.083878 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:28:16.084254 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:28:16.206039 osdx ca-certificates[4480]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:28:16.599181 osdx ca-certificates[5037]: done. Jun 24 12:28:16.606457 osdx ca-certificates[5047]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:17.212869 osdx ca-certificates[5884]: 137 added, 0 removed; done. Jun 24 12:28:17.220114 osdx ca-certificates[5891]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:17.226464 osdx ca-certificates[5893]: done. Jun 24 12:28:17.289490 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:17.293857 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:17.335211 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:18.732650 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:18.834112 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:18.950538 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:19.060521 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:19.207507 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:19.338580 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:19.422736 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 24 12:28:19.508191 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:19.642394 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:19.736700 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:19.877694 osdx ca-certificates[5935]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:20.608330 osdx ca-certificates[6919]: 1 added, 0 removed; done. Jun 24 12:28:20.614022 osdx ca-certificates[6926]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:20.620015 osdx ca-certificates[6928]: done. Jun 24 12:28:20.639074 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:20.787341 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:20.789090 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:20.813207 osdx dnscrypt-proxy[6967]: dnscrypt-proxy 2.0.45 Jun 24 12:28:20.813740 osdx dnscrypt-proxy[6967]: Network connectivity detected Jun 24 12:28:20.814300 osdx dnscrypt-proxy[6967]: Dropping privileges Jun 24 12:28:20.818105 osdx dnscrypt-proxy[6967]: Network connectivity detected Jun 24 12:28:20.818171 osdx dnscrypt-proxy[6967]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:20.818182 osdx dnscrypt-proxy[6967]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:20.818217 osdx dnscrypt-proxy[6967]: Firefox workaround initialized Jun 24 12:28:20.818227 osdx dnscrypt-proxy[6967]: Loading the set of cloaking rules from [/tmp/tmp6GFKqZ] Jun 24 12:28:20.841651 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:20.890953 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:20.983385 osdx dnscrypt-proxy[6967]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:28:20.983417 osdx dnscrypt-proxy[6967]: [RD] OK (DoH) - rtt: 117ms Jun 24 12:28:20.983431 osdx dnscrypt-proxy[6967]: Server with the lowest initial latency: RD (rtt: 117ms) Jun 24 12:28:20.983440 osdx dnscrypt-proxy[6967]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:28:21.090120 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-06-24 12:28:29 UTC, end at Mon 2024-06-24 12:28:34 UTC. -- Jun 24 12:28:29.378900 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:29.396072 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:30.000898 osdx osdx-coredump[8610]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:28:30.009995 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:28:30.973174 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:31.117326 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:31.221691 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:31.381084 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:31.472033 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:31.520808 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:31.546172 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:31.720925 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:28:31.904333 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:32.006865 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:32.129817 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:32.253934 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:32.357629 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:32.478304 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:32.619783 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:28:32.704926 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:32.803858 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:32.888389 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:33.037403 osdx ca-certificates[8725]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:33.770655 osdx ca-certificates[9709]: 1 added, 0 removed; done. Jun 24 12:28:33.775762 osdx ca-certificates[9716]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:33.780571 osdx ca-certificates[9718]: done. Jun 24 12:28:33.846168 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:33.847829 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:33.852974 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:33.877384 osdx dnscrypt-proxy[9722]: dnscrypt-proxy 2.0.45 Jun 24 12:28:33.877484 osdx dnscrypt-proxy[9722]: Network connectivity detected Jun 24 12:28:33.877946 osdx dnscrypt-proxy[9722]: Dropping privileges Jun 24 12:28:33.881412 osdx dnscrypt-proxy[9722]: Network connectivity detected Jun 24 12:28:33.881471 osdx dnscrypt-proxy[9722]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:33.881480 osdx dnscrypt-proxy[9722]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:33.881519 osdx dnscrypt-proxy[9722]: Firefox workaround initialized Jun 24 12:28:33.881530 osdx dnscrypt-proxy[9722]: Loading the set of cloaking rules from [/tmp/tmpvXBbWT] Jun 24 12:28:33.882499 osdx dnscrypt-proxy[9722]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 24 12:28:33.898758 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:34.039674 osdx dnscrypt-proxy[9722]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:28:34.039707 osdx dnscrypt-proxy[9722]: [RD] OK (DoH) - rtt: 122ms Jun 24 12:28:34.039723 osdx dnscrypt-proxy[9722]: Server with the lowest initial latency: RD (rtt: 122ms) Jun 24 12:28:34.039732 osdx dnscrypt-proxy[9722]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-06-24 12:28:43 UTC, end at Mon 2024-06-24 12:28:47 UTC. -- Jun 24 12:28:43.439825 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:43.469642 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:44.161611 osdx osdx-coredump[11346]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:28:44.172534 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:28:44.994964 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:45.130926 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:45.213831 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:45.369071 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:45.461736 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:45.510920 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:45.534357 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:45.701669 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:28:45.878670 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:45.969708 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:46.058268 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:46.205080 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:46.293713 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:46.414863 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:46.496998 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:28:46.610930 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:46.739744 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:46.848105 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:46.985167 osdx ca-certificates[11461]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:47.681581 osdx ca-certificates[12446]: 1 added, 0 removed; done. Jun 24 12:28:47.686372 osdx ca-certificates[12453]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:47.691111 osdx ca-certificates[12455]: done. Jun 24 12:28:47.752906 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:47.755591 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:47.759932 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:47.776499 osdx dnscrypt-proxy[12459]: dnscrypt-proxy 2.0.45 Jun 24 12:28:47.776605 osdx dnscrypt-proxy[12459]: Network connectivity detected Jun 24 12:28:47.777113 osdx dnscrypt-proxy[12459]: Dropping privileges Jun 24 12:28:47.780264 osdx dnscrypt-proxy[12459]: Network connectivity detected Jun 24 12:28:47.780321 osdx dnscrypt-proxy[12459]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:47.780330 osdx dnscrypt-proxy[12459]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:47.780367 osdx dnscrypt-proxy[12459]: Firefox workaround initialized Jun 24 12:28:47.780376 osdx dnscrypt-proxy[12459]: Loading the set of cloaking rules from [/tmp/tmpbaPep9] Jun 24 12:28:47.781410 osdx dnscrypt-proxy[12459]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 24 12:28:47.785529 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:47.944357 osdx dnscrypt-proxy[12459]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:28:47.944385 osdx dnscrypt-proxy[12459]: [RD] OK (DoH) - rtt: 127ms Jun 24 12:28:47.944400 osdx dnscrypt-proxy[12459]: Server with the lowest initial latency: RD (rtt: 127ms) Jun 24 12:28:47.944410 osdx dnscrypt-proxy[12459]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-06-24 12:28:48 UTC, end at Mon 2024-06-24 12:28:53 UTC. -- Jun 24 12:28:48.132248 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:48.147992 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:48.518704 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:48.613831 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:28:48.750739 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:28:48.843465 osdx dnscrypt-proxy[12459]: Stopped. Jun 24 12:28:48.843558 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:28:48.844753 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:28:48.845145 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:28:48.955717 osdx ca-certificates[12533]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:28:49.357642 osdx ca-certificates[13090]: done. Jun 24 12:28:49.364578 osdx ca-certificates[13103]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:49.987511 osdx ca-certificates[13934]: 137 added, 0 removed; done. Jun 24 12:28:49.992189 osdx ca-certificates[13940]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:49.996724 osdx ca-certificates[13942]: done. Jun 24 12:28:50.039568 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:50.043505 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:50.125208 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:51.550715 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:51.671476 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:51.788565 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:51.923230 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:51.999221 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:52.121990 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:52.207876 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 24 12:28:52.305384 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:52.448610 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:52.544276 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:52.683624 osdx ca-certificates[13984]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:53.413962 osdx ca-certificates[14967]: 1 added, 0 removed; done. Jun 24 12:28:53.420018 osdx ca-certificates[14974]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:53.424523 osdx ca-certificates[14976]: done. Jun 24 12:28:53.449069 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:53.614797 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:53.617190 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:53.642089 osdx dnscrypt-proxy[15015]: dnscrypt-proxy 2.0.45 Jun 24 12:28:53.642177 osdx dnscrypt-proxy[15015]: Network connectivity detected Jun 24 12:28:53.642558 osdx dnscrypt-proxy[15015]: Dropping privileges Jun 24 12:28:53.645503 osdx dnscrypt-proxy[15015]: Network connectivity detected Jun 24 12:28:53.645563 osdx dnscrypt-proxy[15015]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:53.645587 osdx dnscrypt-proxy[15015]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:53.645623 osdx dnscrypt-proxy[15015]: Firefox workaround initialized Jun 24 12:28:53.645633 osdx dnscrypt-proxy[15015]: Loading the set of cloaking rules from [/tmp/tmpO35NBN] Jun 24 12:28:53.646719 osdx dnscrypt-proxy[15015]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 24 12:28:53.666416 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:53.714505 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:53.834086 osdx dnscrypt-proxy[15015]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:28:53.834117 osdx dnscrypt-proxy[15015]: [RD] OK (DoH) - rtt: 139ms Jun 24 12:28:53.834133 osdx dnscrypt-proxy[15015]: Server with the lowest initial latency: RD (rtt: 139ms) Jun 24 12:28:53.834144 osdx dnscrypt-proxy[15015]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2024-06-24 12:28:54 UTC, end at Mon 2024-06-24 12:28:59 UTC. -- Jun 24 12:28:54.043093 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:28:54.073809 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:28:54.445871 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:54.535863 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:28:54.649249 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:28:54.840219 osdx dnscrypt-proxy[15015]: Stopped. Jun 24 12:28:54.840299 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:28:54.841114 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:28:54.841517 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:28:54.963538 osdx ca-certificates[15103]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:28:55.354781 osdx ca-certificates[15660]: done. Jun 24 12:28:55.359872 osdx ca-certificates[15668]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:55.929974 osdx ca-certificates[16505]: 137 added, 0 removed; done. Jun 24 12:28:55.936214 osdx ca-certificates[16511]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:55.942975 osdx ca-certificates[16513]: done. Jun 24 12:28:55.986467 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:55.989873 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:56.019076 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:57.361938 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:28:57.486646 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:28:57.574822 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:28:57.696899 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:28:57.798264 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:28:57.893971 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:28:57.975301 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:28:58.110070 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 24 12:28:58.215744 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:28:58.372366 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:28:58.449206 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:28:58.663841 osdx ca-certificates[16556]: Updating certificates in /etc/ssl/certs... Jun 24 12:28:59.374992 osdx ca-certificates[17540]: 1 added, 0 removed; done. Jun 24 12:28:59.381739 osdx ca-certificates[17547]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:28:59.388415 osdx ca-certificates[17549]: done. Jun 24 12:28:59.409063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:28:59.560491 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:28:59.562715 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:28:59.594478 osdx dnscrypt-proxy[17588]: dnscrypt-proxy 2.0.45 Jun 24 12:28:59.594579 osdx dnscrypt-proxy[17588]: Network connectivity detected Jun 24 12:28:59.595143 osdx dnscrypt-proxy[17588]: Dropping privileges Jun 24 12:28:59.598494 osdx dnscrypt-proxy[17588]: Network connectivity detected Jun 24 12:28:59.598537 osdx dnscrypt-proxy[17588]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:28:59.598545 osdx dnscrypt-proxy[17588]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:28:59.598577 osdx dnscrypt-proxy[17588]: Firefox workaround initialized Jun 24 12:28:59.598583 osdx dnscrypt-proxy[17588]: Loading the set of cloaking rules from [/tmp/tmpgDFeTA] Jun 24 12:28:59.599700 osdx dnscrypt-proxy[17588]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 24 12:28:59.625121 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:28:59.674639 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:28:59.774529 osdx dnscrypt-proxy[17588]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:28:59.774558 osdx dnscrypt-proxy[17588]: [RD] OK (DoH) - rtt: 124ms Jun 24 12:28:59.774572 osdx dnscrypt-proxy[17588]: Server with the lowest initial latency: RD (rtt: 124ms) Jun 24 12:28:59.774583 osdx dnscrypt-proxy[17588]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-06-24 12:29:08 UTC, end at Mon 2024-06-24 12:29:19 UTC. -- Jun 24 12:29:08.363560 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:08.390105 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:08.969583 osdx osdx-coredump[19235]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 24 12:29:08.980169 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system coredump delete all'. Jun 24 12:29:09.895381 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:10.012927 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:10.090829 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:10.209048 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:10.301380 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:10.348877 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:10.375159 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:10.560532 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 24 12:29:10.738083 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:10.831236 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:10.959363 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:11.065878 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:11.142652 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:11.255704 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:11.337982 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:29:11.429655 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 24 12:29:11.571349 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:11.701946 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:11.803388 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:11.965563 osdx ca-certificates[19351]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:12.688757 osdx ca-certificates[20336]: 1 added, 0 removed; done. Jun 24 12:29:12.695229 osdx ca-certificates[20342]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:12.701631 osdx ca-certificates[20344]: done. Jun 24 12:29:12.769237 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:12.771606 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:12.775408 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:12.798095 osdx dnscrypt-proxy[20348]: dnscrypt-proxy 2.0.45 Jun 24 12:29:12.798198 osdx dnscrypt-proxy[20348]: Network connectivity detected Jun 24 12:29:12.798630 osdx dnscrypt-proxy[20348]: Dropping privileges Jun 24 12:29:12.801747 osdx dnscrypt-proxy[20348]: Network connectivity detected Jun 24 12:29:12.801806 osdx dnscrypt-proxy[20348]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:12.801817 osdx dnscrypt-proxy[20348]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:12.801853 osdx dnscrypt-proxy[20348]: Firefox workaround initialized Jun 24 12:29:12.801864 osdx dnscrypt-proxy[20348]: Loading the set of cloaking rules from [/tmp/tmp5tyhdZ] Jun 24 12:29:12.814522 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:13.031881 osdx dnscrypt-proxy[20348]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 24 12:29:13.031901 osdx dnscrypt-proxy[20348]: [RD] OK (DoH) - rtt: 197ms Jun 24 12:29:13.031912 osdx dnscrypt-proxy[20348]: Server with the lowest initial latency: RD (rtt: 197ms) Jun 24 12:29:13.031919 osdx dnscrypt-proxy[20348]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:19.015181 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-06-24 12:29:19 UTC, end at Mon 2024-06-24 12:29:25 UTC. -- Jun 24 12:29:19.306944 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:19.322672 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:19.684080 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:19.780961 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:29:19.919429 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:29:20.012782 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:29:20.013098 osdx dnscrypt-proxy[20348]: Stopped. Jun 24 12:29:20.014264 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:29:20.014590 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:29:20.120108 osdx ca-certificates[20427]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:29:20.497036 osdx ca-certificates[20984]: done. Jun 24 12:29:20.502520 osdx ca-certificates[20993]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:21.077349 osdx ca-certificates[21827]: 137 added, 0 removed; done. Jun 24 12:29:21.082145 osdx ca-certificates[21834]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:21.088852 osdx ca-certificates[21836]: done. Jun 24 12:29:21.130428 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:21.133829 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:21.174214 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:22.625621 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:22.731493 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:22.863985 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:22.985666 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:23.080403 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:23.201481 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:23.318934 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:29:23.423021 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 24 12:29:23.545985 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:23.648877 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:23.764315 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:23.914249 osdx ca-certificates[21879]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:24.648062 osdx ca-certificates[22863]: 1 added, 0 removed; done. Jun 24 12:29:24.654490 osdx ca-certificates[22869]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:24.661049 osdx ca-certificates[22871]: done. Jun 24 12:29:24.685012 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:24.871275 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:24.873577 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:24.901152 osdx dnscrypt-proxy[22910]: dnscrypt-proxy 2.0.45 Jun 24 12:29:24.901249 osdx dnscrypt-proxy[22910]: Network connectivity detected Jun 24 12:29:24.901685 osdx dnscrypt-proxy[22910]: Dropping privileges Jun 24 12:29:24.905062 osdx dnscrypt-proxy[22910]: Network connectivity detected Jun 24 12:29:24.905441 osdx dnscrypt-proxy[22910]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:24.905537 osdx dnscrypt-proxy[22910]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:24.905656 osdx dnscrypt-proxy[22910]: Firefox workaround initialized Jun 24 12:29:24.905741 osdx dnscrypt-proxy[22910]: Loading the set of cloaking rules from [/tmp/tmpwTXmZM] Jun 24 12:29:24.932020 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:24.984362 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:25.089977 osdx dnscrypt-proxy[22910]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 24 12:29:25.090009 osdx dnscrypt-proxy[22910]: [RD] OK (DoH) - rtt: 125ms Jun 24 12:29:25.090024 osdx dnscrypt-proxy[22910]: Server with the lowest initial latency: RD (rtt: 125ms) Jun 24 12:29:25.090033 osdx dnscrypt-proxy[22910]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:25.154046 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-06-24 12:29:25 UTC, end at Mon 2024-06-24 12:29:31 UTC. -- Jun 24 12:29:25.422903 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:25.444771 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:25.820883 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:25.909383 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:29:26.011745 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:29:26.108251 osdx dnscrypt-proxy[22910]: Stopped. Jun 24 12:29:26.108341 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:29:26.109803 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:29:26.110129 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:29:26.223981 osdx ca-certificates[23005]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:29:26.651840 osdx ca-certificates[23563]: done. Jun 24 12:29:26.657702 osdx ca-certificates[23566]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:27.321711 osdx ca-certificates[24408]: 137 added, 0 removed; done. Jun 24 12:29:27.327923 osdx ca-certificates[24413]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:27.332551 osdx ca-certificates[24415]: done. Jun 24 12:29:27.375678 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:27.379336 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:27.416529 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:28.790518 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:28.915956 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:29.021195 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:29.209192 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:29.300603 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:29.418077 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:29.527973 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 24 12:29:29.672365 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 24 12:29:29.794589 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:29.955883 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:30.049113 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:30.242952 osdx ca-certificates[24458]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:31.008376 osdx ca-certificates[25441]: 1 added, 0 removed; done. Jun 24 12:29:31.012868 osdx ca-certificates[25448]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:31.017933 osdx ca-certificates[25450]: done. Jun 24 12:29:31.037034 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:31.212773 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:31.215094 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:31.233104 osdx dnscrypt-proxy[25489]: dnscrypt-proxy 2.0.45 Jun 24 12:29:31.233193 osdx dnscrypt-proxy[25489]: Network connectivity detected Jun 24 12:29:31.233587 osdx dnscrypt-proxy[25489]: Dropping privileges Jun 24 12:29:31.240193 osdx dnscrypt-proxy[25489]: Network connectivity detected Jun 24 12:29:31.240248 osdx dnscrypt-proxy[25489]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:31.240258 osdx dnscrypt-proxy[25489]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:31.240297 osdx dnscrypt-proxy[25489]: Firefox workaround initialized Jun 24 12:29:31.240306 osdx dnscrypt-proxy[25489]: Loading the set of cloaking rules from [/tmp/tmpe78voi] Jun 24 12:29:31.262952 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:31.319824 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:31.418595 osdx dnscrypt-proxy[25489]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:29:31.418621 osdx dnscrypt-proxy[25489]: [RD] OK (DoH) - rtt: 132ms Jun 24 12:29:31.418635 osdx dnscrypt-proxy[25489]: Server with the lowest initial latency: RD (rtt: 132ms) Jun 24 12:29:31.418644 osdx dnscrypt-proxy[25489]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:31.512618 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2024-06-24 12:29:31 UTC, end at Mon 2024-06-24 12:29:37 UTC. -- Jun 24 12:29:31.798084 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:31.832247 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:32.202895 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:32.292392 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:29:32.449390 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:29:32.602406 osdx dnscrypt-proxy[25489]: Stopped. Jun 24 12:29:32.602502 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:29:32.603922 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:29:32.604298 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:29:32.738636 osdx ca-certificates[25584]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:29:33.129741 osdx ca-certificates[26140]: done. Jun 24 12:29:33.135123 osdx ca-certificates[26150]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:33.740085 osdx ca-certificates[26985]: 137 added, 0 removed; done. Jun 24 12:29:33.746432 osdx ca-certificates[26992]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:33.753102 osdx ca-certificates[26994]: done. Jun 24 12:29:33.813233 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:33.817129 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:33.855086 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:35.393391 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:35.489742 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:35.604627 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:35.717188 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:35.795412 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:35.913734 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:36.038690 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 24 12:29:36.197930 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 24 12:29:36.292300 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:36.432053 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:36.510312 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:36.655336 osdx ca-certificates[27037]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:37.354566 osdx ca-certificates[28022]: 1 added, 0 removed; done. Jun 24 12:29:37.360745 osdx ca-certificates[28029]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:37.367270 osdx ca-certificates[28031]: done. Jun 24 12:29:37.393046 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:37.560111 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:37.562092 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:37.581914 osdx dnscrypt-proxy[28070]: dnscrypt-proxy 2.0.45 Jun 24 12:29:37.582003 osdx dnscrypt-proxy[28070]: Network connectivity detected Jun 24 12:29:37.582415 osdx dnscrypt-proxy[28070]: Dropping privileges Jun 24 12:29:37.586574 osdx dnscrypt-proxy[28070]: Network connectivity detected Jun 24 12:29:37.586987 osdx dnscrypt-proxy[28070]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:37.587091 osdx dnscrypt-proxy[28070]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:37.587217 osdx dnscrypt-proxy[28070]: Firefox workaround initialized Jun 24 12:29:37.587311 osdx dnscrypt-proxy[28070]: Loading the set of cloaking rules from [/tmp/tmpcWYi64] Jun 24 12:29:37.612412 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:37.641862 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:37.746784 osdx dnscrypt-proxy[28070]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 24 12:29:37.746817 osdx dnscrypt-proxy[28070]: [RD] OK (DoH) - rtt: 116ms Jun 24 12:29:37.746841 osdx dnscrypt-proxy[28070]: Server with the lowest initial latency: RD (rtt: 116ms) Jun 24 12:29:37.746850 osdx dnscrypt-proxy[28070]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:37.813308 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2024-06-24 12:29:38 UTC, end at Mon 2024-06-24 12:29:44 UTC. -- Jun 24 12:29:38.088743 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:38.118600 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:38.490452 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:38.578350 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:29:38.716770 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:29:38.855048 osdx dnscrypt-proxy[28070]: Stopped. Jun 24 12:29:38.855126 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:29:38.856562 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:29:38.856923 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:29:38.972291 osdx ca-certificates[28167]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:29:39.348737 osdx ca-certificates[28725]: done. Jun 24 12:29:39.353836 osdx ca-certificates[28734]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:39.942089 osdx ca-certificates[29570]: 137 added, 0 removed; done. Jun 24 12:29:39.946518 osdx ca-certificates[29575]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:39.950682 osdx ca-certificates[29577]: done. Jun 24 12:29:39.992660 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:39.995905 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:40.061847 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:41.450904 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:41.559707 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:41.674926 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:41.838932 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:41.928702 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:42.041172 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:42.133209 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 24 12:29:42.259117 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 24 12:29:42.367719 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:42.496409 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:42.601492 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:42.754917 osdx ca-certificates[29620]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:43.527557 osdx ca-certificates[30603]: 1 added, 0 removed; done. Jun 24 12:29:43.532637 osdx ca-certificates[30610]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:43.538756 osdx ca-certificates[30612]: done. Jun 24 12:29:43.561047 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:43.740145 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:43.743589 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:43.772473 osdx dnscrypt-proxy[30651]: dnscrypt-proxy 2.0.45 Jun 24 12:29:43.772568 osdx dnscrypt-proxy[30651]: Network connectivity detected Jun 24 12:29:43.773025 osdx dnscrypt-proxy[30651]: Dropping privileges Jun 24 12:29:43.780400 osdx dnscrypt-proxy[30651]: Network connectivity detected Jun 24 12:29:43.780473 osdx dnscrypt-proxy[30651]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:43.780483 osdx dnscrypt-proxy[30651]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:43.780535 osdx dnscrypt-proxy[30651]: Firefox workaround initialized Jun 24 12:29:43.780545 osdx dnscrypt-proxy[30651]: Loading the set of cloaking rules from [/tmp/tmpLnz1VP] Jun 24 12:29:43.815370 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:43.856529 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:43.994282 osdx dnscrypt-proxy[30651]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 24 12:29:43.994301 osdx dnscrypt-proxy[30651]: [RD] OK (DoH) - rtt: 143ms Jun 24 12:29:43.994311 osdx dnscrypt-proxy[30651]: Server with the lowest initial latency: RD (rtt: 143ms) Jun 24 12:29:43.994318 osdx dnscrypt-proxy[30651]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:44.066290 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2024-06-24 12:29:44 UTC, end at Mon 2024-06-24 12:29:50 UTC. -- Jun 24 12:29:44.419551 osdx systemd-journald[596]: Runtime journal (/run/log/journal/9a819f3302304ea795867ea7c248068f) is 2.0M, max 16.0M, 14.0M free. Jun 24 12:29:44.432448 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'system journal clear'. Jun 24 12:29:44.866986 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:44.966184 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'delete'. Jun 24 12:29:45.160158 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 24 12:29:45.251608 osdx dnscrypt-proxy[30651]: Stopped. Jun 24 12:29:45.251709 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 24 12:29:45.252928 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 24 12:29:45.253326 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 24 12:29:45.374958 osdx ca-certificates[30745]: Clearing symlinks in /etc/ssl/certs... Jun 24 12:29:45.793616 osdx ca-certificates[31303]: done. Jun 24 12:29:45.800509 osdx ca-certificates[31312]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:46.438512 osdx ca-certificates[32146]: 137 added, 0 removed; done. Jun 24 12:29:46.444631 osdx ca-certificates[32152]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:46.449680 osdx ca-certificates[32154]: done. Jun 24 12:29:46.503265 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:46.506923 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:46.533427 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:47.926709 osdx OSDxCLI[18080]: User 'admin' entered the configuration menu. Jun 24 12:29:48.038257 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 24 12:29:48.142317 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 24 12:29:48.278156 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 24 12:29:48.397650 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 24 12:29:48.496847 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 24 12:29:48.577167 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 24 12:29:48.693678 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 24 12:29:48.778183 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 24 12:29:48.912478 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 24 12:29:49.020429 osdx OSDxCLI[18080]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 24 12:29:49.151606 osdx ca-certificates[32198]: Updating certificates in /etc/ssl/certs... Jun 24 12:29:49.833862 osdx ca-certificates[720]: 1 added, 0 removed; done. Jun 24 12:29:49.838658 osdx ca-certificates[726]: Running hooks in /etc/ca-certificates/update.d... Jun 24 12:29:49.843458 osdx ca-certificates[728]: done. Jun 24 12:29:49.865085 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 24 12:29:50.054182 osdx systemd[1]: Started DNSCrypt client proxy. Jun 24 12:29:50.059004 osdx cfgd[1115]: [18080]Completed change to active configuration Jun 24 12:29:50.083903 osdx dnscrypt-proxy[767]: dnscrypt-proxy 2.0.45 Jun 24 12:29:50.084000 osdx dnscrypt-proxy[767]: Network connectivity detected Jun 24 12:29:50.084454 osdx dnscrypt-proxy[767]: Dropping privileges Jun 24 12:29:50.088413 osdx dnscrypt-proxy[767]: Network connectivity detected Jun 24 12:29:50.088475 osdx dnscrypt-proxy[767]: Now listening to 127.0.0.1:53 [UDP] Jun 24 12:29:50.088485 osdx dnscrypt-proxy[767]: Now listening to 127.0.0.1:53 [TCP] Jun 24 12:29:50.088520 osdx dnscrypt-proxy[767]: Firefox workaround initialized Jun 24 12:29:50.088530 osdx dnscrypt-proxy[767]: Loading the set of cloaking rules from [/tmp/tmp51mSja] Jun 24 12:29:50.114226 osdx OSDxCLI[18080]: User 'admin' committed the configuration. Jun 24 12:29:50.151162 osdx OSDxCLI[18080]: User 'admin' left the configuration menu. Jun 24 12:29:50.274478 osdx dnscrypt-proxy[767]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 24 12:29:50.274510 osdx dnscrypt-proxy[767]: [RD] OK (DoH) - rtt: 132ms Jun 24 12:29:50.274524 osdx dnscrypt-proxy[767]: Server with the lowest initial latency: RD (rtt: 132ms) Jun 24 12:29:50.274535 osdx dnscrypt-proxy[767]: dnscrypt-proxy is ready - live servers: 1 Jun 24 12:29:50.375344 osdx OSDxCLI[18080]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.