Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 07:13:10 UTC, end at Thu 2024-10-10 07:13:19 UTC. -- Oct 10 07:13:10.277726 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:13:10.314918 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:13:10.681733 osdx osdx-coredump[4965]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 07:13:10.689820 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 07:13:11.282957 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:11.403570 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:11.492100 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:11.569178 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:13:11.629282 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:11.655378 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:11.670522 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:11.807370 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 07:13:11.926380 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:11.984912 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:13:12.079891 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:13:12.148337 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:13:12.226764 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:13:12.281902 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:13:12.369929 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 07:13:12.418541 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:13:12.513676 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:12.567430 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:12.697849 osdx ca-certificates[5080]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:13.168453 osdx ca-certificates[6062]: 1 added, 0 removed; done. Oct 10 07:13:13.171301 osdx ca-certificates[6070]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:13.175182 osdx ca-certificates[6072]: done. Oct 10 07:13:13.226152 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:13:13.227429 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:13.229845 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:13.246477 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:13.428555 osdx dnscrypt-proxy[6076]: dnscrypt-proxy 2.0.45 Oct 10 07:13:13.428611 osdx dnscrypt-proxy[6076]: Network connectivity detected Oct 10 07:13:13.428854 osdx dnscrypt-proxy[6076]: Dropping privileges Oct 10 07:13:13.431174 osdx dnscrypt-proxy[6076]: Network connectivity detected Oct 10 07:13:13.431208 osdx dnscrypt-proxy[6076]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:13:13.431212 osdx dnscrypt-proxy[6076]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:13:13.431232 osdx dnscrypt-proxy[6076]: Firefox workaround initialized Oct 10 07:13:13.431236 osdx dnscrypt-proxy[6076]: Loading the set of cloaking rules from [/tmp/tmpCPI9Ie] Oct 10 07:13:13.580635 osdx dnscrypt-proxy[6076]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 07:13:13.580649 osdx dnscrypt-proxy[6076]: [RD] OK (DoH) - rtt: 116ms Oct 10 07:13:13.580660 osdx dnscrypt-proxy[6076]: Server with the lowest initial latency: RD (rtt: 116ms) Oct 10 07:13:13.580667 osdx dnscrypt-proxy[6076]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:13:19.383853 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 07:13:25 UTC, end at Thu 2024-10-10 07:13:34 UTC. -- Oct 10 07:13:25.304330 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:13:25.325726 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:13:25.701011 osdx osdx-coredump[7704]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 07:13:25.707322 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 07:13:26.254951 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:26.326153 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:26.410277 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:26.493426 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:13:26.553343 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:26.593517 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:26.644186 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:26.777788 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 07:13:26.938484 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:26.996900 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:13:27.111379 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:13:27.182659 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:13:27.254143 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:13:27.310821 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:13:27.399142 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 07:13:27.452096 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:13:27.556495 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:27.607929 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:27.732706 osdx ca-certificates[7818]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:28.165301 osdx ca-certificates[8803]: 1 added, 0 removed; done. Oct 10 07:13:28.170972 osdx ca-certificates[8809]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:28.176806 osdx ca-certificates[8811]: done. Oct 10 07:13:28.217976 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:13:28.219166 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:28.221785 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:28.237082 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:28.237371 osdx dnscrypt-proxy[8815]: dnscrypt-proxy 2.0.45 Oct 10 07:13:28.237464 osdx dnscrypt-proxy[8815]: Network connectivity detected Oct 10 07:13:28.237756 osdx dnscrypt-proxy[8815]: Dropping privileges Oct 10 07:13:28.239911 osdx dnscrypt-proxy[8815]: Network connectivity detected Oct 10 07:13:28.239939 osdx dnscrypt-proxy[8815]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:13:28.239943 osdx dnscrypt-proxy[8815]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:13:28.239961 osdx dnscrypt-proxy[8815]: Firefox workaround initialized Oct 10 07:13:28.239965 osdx dnscrypt-proxy[8815]: Loading the set of cloaking rules from [/tmp/tmpl7lD89] Oct 10 07:13:28.487000 osdx dnscrypt-proxy[8815]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 07:13:28.487015 osdx dnscrypt-proxy[8815]: [RD] OK (DoH) - rtt: 222ms Oct 10 07:13:28.487023 osdx dnscrypt-proxy[8815]: Server with the lowest initial latency: RD (rtt: 222ms) Oct 10 07:13:28.487028 osdx dnscrypt-proxy[8815]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:13:34.390922 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 07:13:34 UTC, end at Thu 2024-10-10 07:13:44 UTC. -- Oct 10 07:13:34.567299 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:13:34.594512 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:13:34.830558 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:34.880598 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:13:34.989994 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:13:35.046343 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:13:35.046414 osdx dnscrypt-proxy[8815]: Stopped. Oct 10 07:13:35.047107 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:13:35.047382 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:13:35.125163 osdx ca-certificates[8895]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:13:35.383230 osdx ca-certificates[9452]: done. Oct 10 07:13:35.386514 osdx ca-certificates[9460]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:35.752812 osdx ca-certificates[10300]: 137 added, 0 removed; done. Oct 10 07:13:35.755660 osdx ca-certificates[10306]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:35.758758 osdx ca-certificates[10308]: done. Oct 10 07:13:35.797157 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:35.799620 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:35.820290 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:36.799091 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:36.894816 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:13:36.945410 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:13:37.049760 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:13:37.097857 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:13:37.192638 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:13:37.241324 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 07:13:37.330777 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:13:37.395098 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:37.492021 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:37.571765 osdx ca-certificates[10350]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:38.029742 osdx ca-certificates[11334]: 1 added, 0 removed; done. Oct 10 07:13:38.032653 osdx ca-certificates[11340]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:38.035660 osdx ca-certificates[11342]: done. Oct 10 07:13:38.049397 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:13:38.143905 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:13:38.145296 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:38.158309 osdx dnscrypt-proxy[11381]: dnscrypt-proxy 2.0.45 Oct 10 07:13:38.158366 osdx dnscrypt-proxy[11381]: Network connectivity detected Oct 10 07:13:38.158598 osdx dnscrypt-proxy[11381]: Dropping privileges Oct 10 07:13:38.160624 osdx dnscrypt-proxy[11381]: Network connectivity detected Oct 10 07:13:38.160803 osdx dnscrypt-proxy[11381]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:13:38.160845 osdx dnscrypt-proxy[11381]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:13:38.160894 osdx dnscrypt-proxy[11381]: Firefox workaround initialized Oct 10 07:13:38.160931 osdx dnscrypt-proxy[11381]: Loading the set of cloaking rules from [/tmp/tmpd9mda4] Oct 10 07:13:38.175853 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:38.193133 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:38.331045 osdx dnscrypt-proxy[11381]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 07:13:38.331060 osdx dnscrypt-proxy[11381]: [RD] OK (DoH) - rtt: 141ms Oct 10 07:13:38.331068 osdx dnscrypt-proxy[11381]: Server with the lowest initial latency: RD (rtt: 141ms) Oct 10 07:13:38.331072 osdx dnscrypt-proxy[11381]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:13:44.327336 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 07:13:44 UTC, end at Thu 2024-10-10 07:13:54 UTC. -- Oct 10 07:13:44.515841 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:13:44.543701 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:13:44.797728 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:44.850023 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:13:44.958359 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:13:45.015881 osdx dnscrypt-proxy[11381]: Stopped. Oct 10 07:13:45.015912 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:13:45.016951 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:13:45.017179 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:13:45.091434 osdx ca-certificates[11476]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:13:45.333638 osdx ca-certificates[12033]: done. Oct 10 07:13:45.337037 osdx ca-certificates[12041]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:45.704940 osdx ca-certificates[12876]: 137 added, 0 removed; done. Oct 10 07:13:45.707918 osdx ca-certificates[12883]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:45.712122 osdx ca-certificates[12885]: done. Oct 10 07:13:45.741392 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:45.744054 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:45.767177 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:46.765362 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:13:46.860711 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:13:46.913941 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:13:47.016074 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:13:47.070285 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:13:47.165508 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:13:47.215088 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 07:13:47.305614 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:13:47.366905 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:13:47.451254 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:13:47.531851 osdx ca-certificates[12926]: Updating certificates in /etc/ssl/certs... Oct 10 07:13:47.975085 osdx ca-certificates[13911]: 1 added, 0 removed; done. Oct 10 07:13:47.978182 osdx ca-certificates[13918]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:13:47.981337 osdx ca-certificates[13920]: done. Oct 10 07:13:47.993404 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:13:48.086615 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:13:48.088087 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:13:48.105495 osdx dnscrypt-proxy[13959]: dnscrypt-proxy 2.0.45 Oct 10 07:13:48.105578 osdx dnscrypt-proxy[13959]: Network connectivity detected Oct 10 07:13:48.105946 osdx dnscrypt-proxy[13959]: Dropping privileges Oct 10 07:13:48.108941 osdx dnscrypt-proxy[13959]: Network connectivity detected Oct 10 07:13:48.108990 osdx dnscrypt-proxy[13959]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:13:48.108999 osdx dnscrypt-proxy[13959]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:13:48.109028 osdx dnscrypt-proxy[13959]: Firefox workaround initialized Oct 10 07:13:48.109036 osdx dnscrypt-proxy[13959]: Loading the set of cloaking rules from [/tmp/tmp2Tkbvs] Oct 10 07:13:48.124676 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:13:48.142017 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:13:48.262876 osdx dnscrypt-proxy[13959]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 07:13:48.262889 osdx dnscrypt-proxy[13959]: [RD] OK (DoH) - rtt: 121ms Oct 10 07:13:48.262896 osdx dnscrypt-proxy[13959]: Server with the lowest initial latency: RD (rtt: 121ms) Oct 10 07:13:48.262901 osdx dnscrypt-proxy[13959]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:13:54.268701 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 07:14:00 UTC, end at Thu 2024-10-10 07:14:03 UTC. -- Oct 10 07:14:00.289611 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:00.320118 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:00.757905 osdx osdx-coredump[15604]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 07:14:00.764400 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 07:14:01.356240 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:01.422397 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:01.511356 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:01.586347 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:01.653573 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:01.685572 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:01.706405 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:01.850539 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 07:14:02.012539 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:02.066798 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:02.164813 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:02.237685 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:02.363959 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:02.422351 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:02.516208 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:02.571114 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:02.679853 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:02.735322 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:02.846238 osdx ca-certificates[15724]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:03.297716 osdx ca-certificates[16708]: 1 added, 0 removed; done. Oct 10 07:14:03.300827 osdx ca-certificates[16714]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:03.303916 osdx ca-certificates[16716]: done. Oct 10 07:14:03.346916 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:03.348292 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:03.351112 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:03.362208 osdx dnscrypt-proxy[16720]: dnscrypt-proxy 2.0.45 Oct 10 07:14:03.362267 osdx dnscrypt-proxy[16720]: Network connectivity detected Oct 10 07:14:03.362595 osdx dnscrypt-proxy[16720]: Dropping privileges Oct 10 07:14:03.364445 osdx dnscrypt-proxy[16720]: Network connectivity detected Oct 10 07:14:03.364476 osdx dnscrypt-proxy[16720]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:03.364482 osdx dnscrypt-proxy[16720]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:03.364503 osdx dnscrypt-proxy[16720]: Firefox workaround initialized Oct 10 07:14:03.364508 osdx dnscrypt-proxy[16720]: Loading the set of cloaking rules from [/tmp/tmp6xA3P3] Oct 10 07:14:03.365461 osdx dnscrypt-proxy[16720]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 07:14:03.366939 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 07:14:09 UTC, end at Thu 2024-10-10 07:14:12 UTC. -- Oct 10 07:14:09.308879 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:09.330769 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:09.723006 osdx osdx-coredump[18346]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 07:14:09.729350 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 07:14:10.302413 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:10.367807 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:10.454520 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:10.530374 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:10.589885 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:10.626097 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:10.647516 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:10.784327 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 07:14:10.943130 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:10.999330 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:11.089520 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:11.151705 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:11.233722 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:11.286910 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:11.377379 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:11.428683 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:11.532095 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:11.583766 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:11.703371 osdx ca-certificates[18461]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:12.157421 osdx ca-certificates[19445]: 1 added, 0 removed; done. Oct 10 07:14:12.160554 osdx ca-certificates[19451]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:12.163497 osdx ca-certificates[19453]: done. Oct 10 07:14:12.221494 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:12.222728 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:12.225542 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:12.236645 osdx dnscrypt-proxy[19457]: dnscrypt-proxy 2.0.45 Oct 10 07:14:12.236719 osdx dnscrypt-proxy[19457]: Network connectivity detected Oct 10 07:14:12.237015 osdx dnscrypt-proxy[19457]: Dropping privileges Oct 10 07:14:12.239718 osdx dnscrypt-proxy[19457]: Network connectivity detected Oct 10 07:14:12.239755 osdx dnscrypt-proxy[19457]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:12.239761 osdx dnscrypt-proxy[19457]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:12.239788 osdx dnscrypt-proxy[19457]: Firefox workaround initialized Oct 10 07:14:12.239793 osdx dnscrypt-proxy[19457]: Loading the set of cloaking rules from [/tmp/tmpr20Ijf] Oct 10 07:14:12.240977 osdx dnscrypt-proxy[19457]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 07:14:12.243193 osdx OSDxCLI[22192]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 07:14:12 UTC, end at Thu 2024-10-10 07:14:16 UTC. -- Oct 10 07:14:12.473796 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:12.495045 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:12.723712 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:12.777374 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:14:12.887410 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:14:12.942002 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:14:12.942059 osdx dnscrypt-proxy[19457]: Stopped. Oct 10 07:14:12.942743 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:14:12.943008 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:14:13.018487 osdx ca-certificates[19531]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:14:13.259616 osdx ca-certificates[20089]: done. Oct 10 07:14:13.262798 osdx ca-certificates[20098]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:13.631174 osdx ca-certificates[20931]: 137 added, 0 removed; done. Oct 10 07:14:13.634108 osdx ca-certificates[20938]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:13.636946 osdx ca-certificates[20941]: done. Oct 10 07:14:13.670224 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:13.672608 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:13.688742 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:14.681471 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:14.738676 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:14.837758 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:14.907165 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:14.989161 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:15.061903 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:15.150512 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 07:14:15.198066 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:15.302003 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:15.353687 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:15.474479 osdx ca-certificates[20983]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:15.916932 osdx ca-certificates[21968]: 1 added, 0 removed; done. Oct 10 07:14:15.921079 osdx ca-certificates[21974]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:15.924046 osdx ca-certificates[21976]: done. Oct 10 07:14:15.938373 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:16.033613 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:16.034743 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:16.050897 osdx dnscrypt-proxy[22015]: dnscrypt-proxy 2.0.45 Oct 10 07:14:16.051230 osdx dnscrypt-proxy[22015]: Network connectivity detected Oct 10 07:14:16.051592 osdx dnscrypt-proxy[22015]: Dropping privileges Oct 10 07:14:16.054084 osdx dnscrypt-proxy[22015]: Network connectivity detected Oct 10 07:14:16.054118 osdx dnscrypt-proxy[22015]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:16.054123 osdx dnscrypt-proxy[22015]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:16.054144 osdx dnscrypt-proxy[22015]: Firefox workaround initialized Oct 10 07:14:16.054150 osdx dnscrypt-proxy[22015]: Loading the set of cloaking rules from [/tmp/tmp5yQgo2] Oct 10 07:14:16.055116 osdx dnscrypt-proxy[22015]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 07:14:16.062750 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:16.079056 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:16.188225 osdx dnscrypt-proxy[22015]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 07:14:16.188248 osdx dnscrypt-proxy[22015]: [RD] OK (DoH) - rtt: 103ms Oct 10 07:14:16.188260 osdx dnscrypt-proxy[22015]: Server with the lowest initial latency: RD (rtt: 103ms) Oct 10 07:14:16.188268 osdx dnscrypt-proxy[22015]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 07:14:16 UTC, end at Thu 2024-10-10 07:14:20 UTC. -- Oct 10 07:14:16.292701 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:16.306898 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:16.535350 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:16.594009 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:14:16.721376 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:14:16.779733 osdx dnscrypt-proxy[22015]: Stopped. Oct 10 07:14:16.779744 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:14:16.780428 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:14:16.780730 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:14:16.850058 osdx ca-certificates[22104]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:14:17.080726 osdx ca-certificates[22665]: done. Oct 10 07:14:17.084391 osdx ca-certificates[22674]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:17.450327 osdx ca-certificates[23511]: 137 added, 0 removed; done. Oct 10 07:14:17.453320 osdx ca-certificates[23517]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:17.456368 osdx ca-certificates[23519]: done. Oct 10 07:14:17.484180 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:17.486692 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:17.510378 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:18.535629 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:18.596727 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:18.694865 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:18.772720 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:18.844173 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:18.945729 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:18.999535 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:19.096314 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 07:14:19.163326 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:19.270244 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:19.340151 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:19.473115 osdx ca-certificates[23562]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:19.908544 osdx ca-certificates[24546]: 1 added, 0 removed; done. Oct 10 07:14:19.912179 osdx ca-certificates[24552]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:19.914799 osdx ca-certificates[24554]: done. Oct 10 07:14:19.930399 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:20.051289 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:20.052800 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:20.066313 osdx dnscrypt-proxy[24593]: dnscrypt-proxy 2.0.45 Oct 10 07:14:20.066410 osdx dnscrypt-proxy[24593]: Network connectivity detected Oct 10 07:14:20.066754 osdx dnscrypt-proxy[24593]: Dropping privileges Oct 10 07:14:20.069065 osdx dnscrypt-proxy[24593]: Network connectivity detected Oct 10 07:14:20.069094 osdx dnscrypt-proxy[24593]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:20.069099 osdx dnscrypt-proxy[24593]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:20.069118 osdx dnscrypt-proxy[24593]: Firefox workaround initialized Oct 10 07:14:20.069122 osdx dnscrypt-proxy[24593]: Loading the set of cloaking rules from [/tmp/tmpYf_VTI] Oct 10 07:14:20.069860 osdx dnscrypt-proxy[24593]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 07:14:20.081427 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:20.097664 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:20.214949 osdx dnscrypt-proxy[24593]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 07:14:20.214972 osdx dnscrypt-proxy[24593]: [RD] OK (DoH) - rtt: 120ms Oct 10 07:14:20.214983 osdx dnscrypt-proxy[24593]: Server with the lowest initial latency: RD (rtt: 120ms) Oct 10 07:14:20.214989 osdx dnscrypt-proxy[24593]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 07:14:26 UTC, end at Thu 2024-10-10 07:14:35 UTC. -- Oct 10 07:14:26.288301 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:26.307690 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:26.684742 osdx osdx-coredump[26233]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 07:14:26.692159 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 07:14:27.217261 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:27.278463 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:27.369914 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:27.439569 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:27.498237 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:27.524396 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:27.547120 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:27.671675 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 07:14:27.784695 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:27.841392 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:27.953759 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:28.027737 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:28.105780 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:28.171180 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:28.254936 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:28.306002 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 07:14:28.401886 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:28.460606 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:28.548541 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:28.644184 osdx ca-certificates[26349]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:29.138691 osdx ca-certificates[27333]: 1 added, 0 removed; done. Oct 10 07:14:29.141737 osdx ca-certificates[27339]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:29.144951 osdx ca-certificates[27341]: done. Oct 10 07:14:29.194257 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:29.195638 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:29.198529 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:29.209883 osdx dnscrypt-proxy[27345]: dnscrypt-proxy 2.0.45 Oct 10 07:14:29.209950 osdx dnscrypt-proxy[27345]: Network connectivity detected Oct 10 07:14:29.210258 osdx dnscrypt-proxy[27345]: Dropping privileges Oct 10 07:14:29.212157 osdx dnscrypt-proxy[27345]: Network connectivity detected Oct 10 07:14:29.212193 osdx dnscrypt-proxy[27345]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:29.212199 osdx dnscrypt-proxy[27345]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:29.212221 osdx dnscrypt-proxy[27345]: Firefox workaround initialized Oct 10 07:14:29.212226 osdx dnscrypt-proxy[27345]: Loading the set of cloaking rules from [/tmp/tmpnEdsrA] Oct 10 07:14:29.222687 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:29.359743 osdx dnscrypt-proxy[27345]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 07:14:29.359767 osdx dnscrypt-proxy[27345]: [RD] OK (DoH) - rtt: 120ms Oct 10 07:14:29.359776 osdx dnscrypt-proxy[27345]: Server with the lowest initial latency: RD (rtt: 120ms) Oct 10 07:14:29.359783 osdx dnscrypt-proxy[27345]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:14:35.354938 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 07:14:35 UTC, end at Thu 2024-10-10 07:14:39 UTC. -- Oct 10 07:14:35.564013 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:35.597225 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:35.843328 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:35.896649 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:14:36.004838 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:14:36.066501 osdx dnscrypt-proxy[27345]: Stopped. Oct 10 07:14:36.066558 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:14:36.067415 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:14:36.067713 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:14:36.149973 osdx ca-certificates[27424]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:14:36.397646 osdx ca-certificates[27981]: done. Oct 10 07:14:36.401320 osdx ca-certificates[27991]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:36.780501 osdx ca-certificates[28825]: 137 added, 0 removed; done. Oct 10 07:14:36.783372 osdx ca-certificates[28831]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:36.786049 osdx ca-certificates[28833]: done. Oct 10 07:14:36.823865 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:36.826271 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:36.844439 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:37.906896 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:37.966154 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:38.061563 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:38.131132 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:38.248154 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:38.340937 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:38.478249 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:38.578408 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 07:14:38.673744 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:38.739542 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:38.830518 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:38.916200 osdx ca-certificates[28876]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:39.375977 osdx ca-certificates[29860]: 1 added, 0 removed; done. Oct 10 07:14:39.378558 osdx ca-certificates[29866]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:39.381386 osdx ca-certificates[29868]: done. Oct 10 07:14:39.395576 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:39.503333 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:39.504913 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:39.516948 osdx dnscrypt-proxy[29907]: dnscrypt-proxy 2.0.45 Oct 10 07:14:39.517005 osdx dnscrypt-proxy[29907]: Network connectivity detected Oct 10 07:14:39.517237 osdx dnscrypt-proxy[29907]: Dropping privileges Oct 10 07:14:39.519121 osdx dnscrypt-proxy[29907]: Network connectivity detected Oct 10 07:14:39.519148 osdx dnscrypt-proxy[29907]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:39.519153 osdx dnscrypt-proxy[29907]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:39.519169 osdx dnscrypt-proxy[29907]: Firefox workaround initialized Oct 10 07:14:39.519174 osdx dnscrypt-proxy[29907]: Loading the set of cloaking rules from [/tmp/tmp9VtAgv] Oct 10 07:14:39.540646 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:39.557542 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:39.672937 osdx dnscrypt-proxy[29907]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 07:14:39.672959 osdx dnscrypt-proxy[29907]: [RD] OK (DoH) - rtt: 125ms Oct 10 07:14:39.672969 osdx dnscrypt-proxy[29907]: Server with the lowest initial latency: RD (rtt: 125ms) Oct 10 07:14:39.672976 osdx dnscrypt-proxy[29907]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:14:39.688385 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 07:14:39 UTC, end at Thu 2024-10-10 07:14:49 UTC. -- Oct 10 07:14:39.878655 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:39.886410 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:40.147019 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:40.199591 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:14:40.301058 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:14:40.358707 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:14:40.358794 osdx dnscrypt-proxy[29907]: Stopped. Oct 10 07:14:40.359417 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:14:40.359653 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:14:40.442403 osdx ca-certificates[30002]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:14:40.689332 osdx ca-certificates[30558]: done. Oct 10 07:14:40.692864 osdx ca-certificates[30568]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:41.070725 osdx ca-certificates[31403]: 137 added, 0 removed; done. Oct 10 07:14:41.073716 osdx ca-certificates[31409]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:41.076869 osdx ca-certificates[31411]: done. Oct 10 07:14:41.110985 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:41.113589 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:41.140035 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:42.200925 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:42.255094 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:42.350082 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:42.425125 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:42.507979 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:42.564419 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:42.657013 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 07:14:42.712018 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 07:14:42.805612 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:42.869356 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:42.957140 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:43.040167 osdx ca-certificates[31454]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:43.485087 osdx ca-certificates[32437]: 1 added, 0 removed; done. Oct 10 07:14:43.488065 osdx ca-certificates[32444]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:43.491046 osdx ca-certificates[32446]: done. Oct 10 07:14:43.503567 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:43.603850 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:43.605326 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:43.618620 osdx dnscrypt-proxy[32485]: dnscrypt-proxy 2.0.45 Oct 10 07:14:43.618685 osdx dnscrypt-proxy[32485]: Network connectivity detected Oct 10 07:14:43.618953 osdx dnscrypt-proxy[32485]: Dropping privileges Oct 10 07:14:43.620692 osdx dnscrypt-proxy[32485]: Network connectivity detected Oct 10 07:14:43.620720 osdx dnscrypt-proxy[32485]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:43.620724 osdx dnscrypt-proxy[32485]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:43.620743 osdx dnscrypt-proxy[32485]: Firefox workaround initialized Oct 10 07:14:43.620747 osdx dnscrypt-proxy[32485]: Loading the set of cloaking rules from [/tmp/tmpJ1TKap] Oct 10 07:14:43.631996 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:43.648086 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:43.874204 osdx dnscrypt-proxy[32485]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 07:14:43.874219 osdx dnscrypt-proxy[32485]: [RD] OK (DoH) - rtt: 226ms Oct 10 07:14:43.874227 osdx dnscrypt-proxy[32485]: Server with the lowest initial latency: RD (rtt: 226ms) Oct 10 07:14:43.874232 osdx dnscrypt-proxy[32485]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:14:49.780549 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 07:14:49 UTC, end at Thu 2024-10-10 07:14:59 UTC. -- Oct 10 07:14:49.985319 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:14:50.021549 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:14:50.254993 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:50.351994 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:14:50.415306 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:14:50.502558 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:14:50.502649 osdx dnscrypt-proxy[32485]: Stopped. Oct 10 07:14:50.503390 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:14:50.503653 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:14:50.580971 osdx ca-certificates[32580]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:14:50.822164 osdx ca-certificates[670]: done. Oct 10 07:14:50.825858 osdx ca-certificates[680]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:51.227115 osdx ca-certificates[1550]: 137 added, 0 removed; done. Oct 10 07:14:51.230348 osdx ca-certificates[1556]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:51.233045 osdx ca-certificates[1558]: done. Oct 10 07:14:51.273914 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:51.276726 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:51.292421 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:52.270009 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:14:52.327297 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:14:52.419194 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:14:52.485291 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:14:52.567798 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:14:52.624502 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:14:52.713533 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 07:14:52.767458 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 07:14:52.860535 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:14:52.923791 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:14:53.007676 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:14:53.091915 osdx ca-certificates[1601]: Updating certificates in /etc/ssl/certs... Oct 10 07:14:53.551300 osdx ca-certificates[2587]: 1 added, 0 removed; done. Oct 10 07:14:53.554521 osdx ca-certificates[2593]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:14:53.557162 osdx ca-certificates[2595]: done. Oct 10 07:14:53.571569 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:14:53.667788 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:14:53.669147 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:14:53.686726 osdx dnscrypt-proxy[2634]: dnscrypt-proxy 2.0.45 Oct 10 07:14:53.686784 osdx dnscrypt-proxy[2634]: Network connectivity detected Oct 10 07:14:53.687022 osdx dnscrypt-proxy[2634]: Dropping privileges Oct 10 07:14:53.688760 osdx dnscrypt-proxy[2634]: Network connectivity detected Oct 10 07:14:53.688786 osdx dnscrypt-proxy[2634]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:14:53.688790 osdx dnscrypt-proxy[2634]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:14:53.688809 osdx dnscrypt-proxy[2634]: Firefox workaround initialized Oct 10 07:14:53.688813 osdx dnscrypt-proxy[2634]: Loading the set of cloaking rules from [/tmp/tmpKDgHfq] Oct 10 07:14:53.696839 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:14:53.723585 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:14:53.878285 osdx dnscrypt-proxy[2634]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 07:14:53.878341 osdx dnscrypt-proxy[2634]: [RD] OK (DoH) - rtt: 166ms Oct 10 07:14:53.878366 osdx dnscrypt-proxy[2634]: Server with the lowest initial latency: RD (rtt: 166ms) Oct 10 07:14:53.878381 osdx dnscrypt-proxy[2634]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:14:56.031354 osdx systemd[1]: systemd-timedated.service: Succeeded. Oct 10 07:14:59.853562 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 07:15:00 UTC, end at Thu 2024-10-10 07:15:04 UTC. -- Oct 10 07:15:00.045142 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:15:00.055342 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:15:00.285194 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:15:00.338182 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:15:00.450625 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:15:00.511425 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:15:00.511560 osdx dnscrypt-proxy[2634]: Stopped. Oct 10 07:15:00.512337 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:15:00.512573 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:15:00.596807 osdx ca-certificates[2732]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:15:00.870129 osdx ca-certificates[3289]: done. Oct 10 07:15:00.873500 osdx ca-certificates[3297]: Updating certificates in /etc/ssl/certs... Oct 10 07:15:01.261306 osdx ca-certificates[4132]: 137 added, 0 removed; done. Oct 10 07:15:01.264311 osdx ca-certificates[4139]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:15:01.267417 osdx ca-certificates[4141]: done. Oct 10 07:15:01.296723 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:15:01.299263 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:15:01.322195 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:15:02.408050 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:15:02.504377 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:15:02.558257 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:15:02.663003 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:15:02.714218 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:15:02.809333 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:15:02.873186 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 07:15:02.973589 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 07:15:03.024888 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:15:03.130280 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:15:03.184374 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:15:03.307258 osdx ca-certificates[4190]: Updating certificates in /etc/ssl/certs... Oct 10 07:15:03.734806 osdx ca-certificates[5174]: 1 added, 0 removed; done. Oct 10 07:15:03.738733 osdx ca-certificates[5181]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:15:03.741750 osdx ca-certificates[5183]: done. Oct 10 07:15:03.755570 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:15:03.851192 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:15:03.852488 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:15:03.865617 osdx dnscrypt-proxy[5222]: dnscrypt-proxy 2.0.45 Oct 10 07:15:03.865674 osdx dnscrypt-proxy[5222]: Network connectivity detected Oct 10 07:15:03.865920 osdx dnscrypt-proxy[5222]: Dropping privileges Oct 10 07:15:03.868050 osdx dnscrypt-proxy[5222]: Network connectivity detected Oct 10 07:15:03.868082 osdx dnscrypt-proxy[5222]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:15:03.868087 osdx dnscrypt-proxy[5222]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:15:03.868107 osdx dnscrypt-proxy[5222]: Firefox workaround initialized Oct 10 07:15:03.868112 osdx dnscrypt-proxy[5222]: Loading the set of cloaking rules from [/tmp/tmpqRyFw3] Oct 10 07:15:03.880892 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:15:03.906329 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:15:04.019746 osdx dnscrypt-proxy[5222]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 07:15:04.019766 osdx dnscrypt-proxy[5222]: [RD] OK (DoH) - rtt: 127ms Oct 10 07:15:04.019777 osdx dnscrypt-proxy[5222]: Server with the lowest initial latency: RD (rtt: 127ms) Oct 10 07:15:04.019784 osdx dnscrypt-proxy[5222]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:15:04.037624 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 07:15:04 UTC, end at Thu 2024-10-10 07:15:08 UTC. -- Oct 10 07:15:04.230387 osdx systemd-journald[1707]: Runtime journal (/run/log/journal/0478719b9ca24dfc881db6c3460ca916) is 2.0M, max 16.0M, 14.0M free. Oct 10 07:15:04.256964 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'system journal clear'. Oct 10 07:15:04.510325 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:15:04.624585 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'delete'. Oct 10 07:15:04.710736 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 07:15:04.804645 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 07:15:04.804797 osdx dnscrypt-proxy[5222]: Stopped. Oct 10 07:15:04.805515 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 07:15:04.805761 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 07:15:04.876422 osdx ca-certificates[5317]: Clearing symlinks in /etc/ssl/certs... Oct 10 07:15:05.107032 osdx ca-certificates[5874]: done. Oct 10 07:15:05.110395 osdx ca-certificates[5883]: Updating certificates in /etc/ssl/certs... Oct 10 07:15:05.477319 osdx ca-certificates[6719]: 137 added, 0 removed; done. Oct 10 07:15:05.480332 osdx ca-certificates[6725]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:15:05.483016 osdx ca-certificates[6727]: done. Oct 10 07:15:05.518754 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:15:05.520918 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:15:05.539533 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:15:06.522947 osdx OSDxCLI[22192]: User 'admin' entered the configuration menu. Oct 10 07:15:06.579705 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 07:15:06.677466 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 07:15:06.745581 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 07:15:06.826161 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 07:15:06.881369 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 10 07:15:06.971646 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 07:15:07.024089 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 07:15:07.110779 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 07:15:07.169594 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 07:15:07.257696 osdx OSDxCLI[22192]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 07:15:07.333234 osdx ca-certificates[6770]: Updating certificates in /etc/ssl/certs... Oct 10 07:15:07.800407 osdx ca-certificates[7754]: 1 added, 0 removed; done. Oct 10 07:15:07.803836 osdx ca-certificates[7760]: Running hooks in /etc/ca-certificates/update.d... Oct 10 07:15:07.806405 osdx ca-certificates[7762]: done. Oct 10 07:15:07.819647 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 07:15:07.917312 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 07:15:07.918503 osdx cfgd[1323]: [22192]Completed change to active configuration Oct 10 07:15:07.931235 osdx dnscrypt-proxy[7801]: dnscrypt-proxy 2.0.45 Oct 10 07:15:07.931290 osdx dnscrypt-proxy[7801]: Network connectivity detected Oct 10 07:15:07.931510 osdx dnscrypt-proxy[7801]: Dropping privileges Oct 10 07:15:07.933369 osdx dnscrypt-proxy[7801]: Network connectivity detected Oct 10 07:15:07.933400 osdx dnscrypt-proxy[7801]: Now listening to 127.0.0.1:53 [UDP] Oct 10 07:15:07.933405 osdx dnscrypt-proxy[7801]: Now listening to 127.0.0.1:53 [TCP] Oct 10 07:15:07.933426 osdx dnscrypt-proxy[7801]: Firefox workaround initialized Oct 10 07:15:07.933431 osdx dnscrypt-proxy[7801]: Loading the set of cloaking rules from [/tmp/tmpdBissR] Oct 10 07:15:07.947580 osdx OSDxCLI[22192]: User 'admin' committed the configuration. Oct 10 07:15:07.972629 osdx OSDxCLI[22192]: User 'admin' left the configuration menu. Oct 10 07:15:08.074696 osdx dnscrypt-proxy[7801]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 07:15:08.074712 osdx dnscrypt-proxy[7801]: [RD] OK (DoH) - rtt: 118ms Oct 10 07:15:08.074722 osdx dnscrypt-proxy[7801]: Server with the lowest initial latency: RD (rtt: 118ms) Oct 10 07:15:08.074728 osdx dnscrypt-proxy[7801]: dnscrypt-proxy is ready - live servers: 1 Oct 10 07:15:08.113352 osdx OSDxCLI[22192]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.