Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 06:55:40 UTC, end at Thu 2024-10-10 06:55:45 UTC. -- Oct 10 06:55:40.414647 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:55:40.433632 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:55:41.057620 osdx osdx-coredump[1452]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:55:41.065959 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:55:41.967476 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:55:42.081895 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:55:42.160355 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:55:42.388637 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:55:42.428988 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:55:42.463698 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:55:42.639121 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:55:42.885822 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:55:43.017950 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:55:43.139607 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:55:43.304236 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:55:43.394881 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:55:43.567836 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:55:43.697291 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 06:55:43.818037 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:55:43.961496 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:55:44.054202 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:55:44.208868 osdx ca-certificates[1566]: Updating certificates in /etc/ssl/certs... Oct 10 06:55:44.931837 osdx ca-certificates[2561]: 1 added, 0 removed; done. Oct 10 06:55:44.936336 osdx ca-certificates[2567]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:55:44.941016 osdx ca-certificates[2569]: done. Oct 10 06:55:45.017691 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:55:45.019337 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:55:45.022697 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:55:45.038931 osdx dnscrypt-proxy[2573]: dnscrypt-proxy 2.0.45 Oct 10 06:55:45.039042 osdx dnscrypt-proxy[2573]: Network connectivity detected Oct 10 06:55:45.039484 osdx dnscrypt-proxy[2573]: Dropping privileges Oct 10 06:55:45.042825 osdx dnscrypt-proxy[2573]: Network connectivity detected Oct 10 06:55:45.042882 osdx dnscrypt-proxy[2573]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:55:45.042892 osdx dnscrypt-proxy[2573]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:55:45.042923 osdx dnscrypt-proxy[2573]: Firefox workaround initialized Oct 10 06:55:45.042932 osdx dnscrypt-proxy[2573]: Loading the set of cloaking rules from [/tmp/tmpI2YaED] Oct 10 06:55:45.068058 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:55:45.200260 osdx dnscrypt-proxy[2573]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 06:55:45.200479 osdx dnscrypt-proxy[2573]: [RD] OK (DoH) - rtt: 120ms Oct 10 06:55:45.200569 osdx dnscrypt-proxy[2573]: Server with the lowest initial latency: RD (rtt: 120ms) Oct 10 06:55:45.200650 osdx dnscrypt-proxy[2573]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:55:45.259515 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 06:55:54 UTC, end at Thu 2024-10-10 06:56:05 UTC. -- Oct 10 06:55:54.405695 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:55:54.434961 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:55:55.016673 osdx osdx-coredump[4201]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:55:55.027253 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:55:55.959437 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:55:56.100675 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:55:56.204450 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:55:56.443804 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:55:56.482935 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:55:56.509400 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:55:56.713429 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:55:56.949697 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:55:57.044954 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:55:57.145220 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:55:57.283833 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:55:57.369325 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:55:57.493611 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:55:57.584582 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 06:55:57.677410 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:55:57.779010 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:55:57.890922 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:55:58.024737 osdx ca-certificates[4317]: Updating certificates in /etc/ssl/certs... Oct 10 06:55:58.735517 osdx ca-certificates[5300]: 1 added, 0 removed; done. Oct 10 06:55:58.741614 osdx ca-certificates[5307]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:55:58.746148 osdx ca-certificates[5309]: done. Oct 10 06:55:58.812136 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:55:58.813850 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:55:58.817209 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:55:58.844793 osdx dnscrypt-proxy[5313]: dnscrypt-proxy 2.0.45 Oct 10 06:55:58.844889 osdx dnscrypt-proxy[5313]: Network connectivity detected Oct 10 06:55:58.845304 osdx dnscrypt-proxy[5313]: Dropping privileges Oct 10 06:55:58.848869 osdx dnscrypt-proxy[5313]: Network connectivity detected Oct 10 06:55:58.849286 osdx dnscrypt-proxy[5313]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:55:58.849397 osdx dnscrypt-proxy[5313]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:55:58.849515 osdx dnscrypt-proxy[5313]: Firefox workaround initialized Oct 10 06:55:58.849619 osdx dnscrypt-proxy[5313]: Loading the set of cloaking rules from [/tmp/tmpcFr6JP] Oct 10 06:55:58.862108 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:55:59.160166 osdx dnscrypt-proxy[5313]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 06:55:59.160189 osdx dnscrypt-proxy[5313]: [RD] OK (DoH) - rtt: 263ms Oct 10 06:55:59.160200 osdx dnscrypt-proxy[5313]: Server with the lowest initial latency: RD (rtt: 263ms) Oct 10 06:55:59.160208 osdx dnscrypt-proxy[5313]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:56:05.041137 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 06:56:05 UTC, end at Thu 2024-10-10 06:56:17 UTC. -- Oct 10 06:56:05.373617 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:05.405535 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:05.868625 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:05.964029 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:56:06.116790 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:56:06.207372 osdx dnscrypt-proxy[5313]: Stopped. Oct 10 06:56:06.207485 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:56:06.208555 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:56:06.208865 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:56:06.336921 osdx ca-certificates[5399]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:56:06.728397 osdx ca-certificates[5956]: done. Oct 10 06:56:06.734754 osdx ca-certificates[5966]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:07.301122 osdx ca-certificates[6801]: 137 added, 0 removed; done. Oct 10 06:56:07.307309 osdx ca-certificates[6807]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:07.313371 osdx ca-certificates[6809]: done. Oct 10 06:56:07.359711 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:07.363538 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:07.389399 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:09.025477 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:09.122425 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:56:09.217367 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:56:09.333707 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:56:09.439711 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:56:09.559820 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:56:09.650532 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 06:56:09.744811 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:56:09.858683 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:09.962270 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:10.124264 osdx ca-certificates[6850]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:10.804199 osdx ca-certificates[7834]: 1 added, 0 removed; done. Oct 10 06:56:10.809136 osdx ca-certificates[7841]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:10.815791 osdx ca-certificates[7843]: done. Oct 10 06:56:11.005866 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:56:11.007435 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:11.033949 osdx dnscrypt-proxy[7882]: dnscrypt-proxy 2.0.45 Oct 10 06:56:11.034041 osdx dnscrypt-proxy[7882]: Network connectivity detected Oct 10 06:56:11.034447 osdx dnscrypt-proxy[7882]: Dropping privileges Oct 10 06:56:11.037537 osdx dnscrypt-proxy[7882]: Network connectivity detected Oct 10 06:56:11.037595 osdx dnscrypt-proxy[7882]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:56:11.037603 osdx dnscrypt-proxy[7882]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:56:11.037632 osdx dnscrypt-proxy[7882]: Firefox workaround initialized Oct 10 06:56:11.037640 osdx dnscrypt-proxy[7882]: Loading the set of cloaking rules from [/tmp/tmpIiaT76] Oct 10 06:56:11.057190 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:11.084787 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:11.309311 osdx dnscrypt-proxy[7882]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 06:56:11.309339 osdx dnscrypt-proxy[7882]: [RD] OK (DoH) - rtt: 229ms Oct 10 06:56:11.309353 osdx dnscrypt-proxy[7882]: Server with the lowest initial latency: RD (rtt: 229ms) Oct 10 06:56:11.309362 osdx dnscrypt-proxy[7882]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:56:17.258964 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 06:56:17 UTC, end at Thu 2024-10-10 06:56:23 UTC. -- Oct 10 06:56:17.534321 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:17.565889 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:17.975003 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:18.066818 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:56:18.223855 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:56:18.313030 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:56:18.313243 osdx dnscrypt-proxy[7882]: Stopped. Oct 10 06:56:18.314209 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:56:18.314477 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:56:18.442010 osdx ca-certificates[7978]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:56:18.831965 osdx ca-certificates[8535]: done. Oct 10 06:56:18.840353 osdx ca-certificates[8543]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:19.432578 osdx ca-certificates[9379]: 137 added, 0 removed; done. Oct 10 06:56:19.437241 osdx ca-certificates[9385]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:19.441314 osdx ca-certificates[9387]: done. Oct 10 06:56:19.482936 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:19.486088 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:19.512041 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:21.008158 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:21.145541 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:56:21.257134 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:56:21.409321 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:56:21.531286 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:56:21.670342 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:56:21.786583 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 06:56:21.882584 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:56:21.995817 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:22.082421 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:22.235294 osdx ca-certificates[9428]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:22.932974 osdx ca-certificates[10413]: 1 added, 0 removed; done. Oct 10 06:56:22.937142 osdx ca-certificates[10419]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:22.941337 osdx ca-certificates[10421]: done. Oct 10 06:56:23.115558 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:56:23.118254 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:23.134403 osdx dnscrypt-proxy[10460]: dnscrypt-proxy 2.0.45 Oct 10 06:56:23.134477 osdx dnscrypt-proxy[10460]: Network connectivity detected Oct 10 06:56:23.134864 osdx dnscrypt-proxy[10460]: Dropping privileges Oct 10 06:56:23.137407 osdx dnscrypt-proxy[10460]: Network connectivity detected Oct 10 06:56:23.137449 osdx dnscrypt-proxy[10460]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:56:23.137455 osdx dnscrypt-proxy[10460]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:56:23.137476 osdx dnscrypt-proxy[10460]: Firefox workaround initialized Oct 10 06:56:23.137482 osdx dnscrypt-proxy[10460]: Loading the set of cloaking rules from [/tmp/tmpVQlX8D] Oct 10 06:56:23.162573 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:23.195762 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:23.299023 osdx dnscrypt-proxy[10460]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:56:23.299050 osdx dnscrypt-proxy[10460]: [RD] OK (DoH) - rtt: 120ms Oct 10 06:56:23.299066 osdx dnscrypt-proxy[10460]: Server with the lowest initial latency: RD (rtt: 120ms) Oct 10 06:56:23.299075 osdx dnscrypt-proxy[10460]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:56:23.382226 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 06:56:33 UTC, end at Thu 2024-10-10 06:56:38 UTC. -- Oct 10 06:56:33.412867 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:33.451838 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:34.116881 osdx osdx-coredump[12108]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:56:34.127812 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:56:35.070881 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:35.206820 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:35.290399 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:35.570509 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:35.609204 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:35.658777 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:35.832327 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:56:36.020089 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:36.121950 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:56:36.241275 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:56:36.364926 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:56:36.457615 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:56:36.581732 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:56:36.710890 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:56:36.848255 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:56:36.955626 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:37.039544 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:37.213397 osdx ca-certificates[12223]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:37.927161 osdx ca-certificates[13206]: 1 added, 0 removed; done. Oct 10 06:56:37.933670 osdx ca-certificates[13213]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:37.940000 osdx ca-certificates[13215]: done. Oct 10 06:56:38.020862 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:56:38.022324 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:38.025829 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:38.050586 osdx dnscrypt-proxy[13219]: dnscrypt-proxy 2.0.45 Oct 10 06:56:38.051145 osdx dnscrypt-proxy[13219]: Network connectivity detected Oct 10 06:56:38.051700 osdx dnscrypt-proxy[13219]: Dropping privileges Oct 10 06:56:38.056458 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:38.058840 osdx dnscrypt-proxy[13219]: Network connectivity detected Oct 10 06:56:38.058895 osdx dnscrypt-proxy[13219]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:56:38.058904 osdx dnscrypt-proxy[13219]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:56:38.058935 osdx dnscrypt-proxy[13219]: Firefox workaround initialized Oct 10 06:56:38.058943 osdx dnscrypt-proxy[13219]: Loading the set of cloaking rules from [/tmp/tmp13CfIr] Oct 10 06:56:38.063520 osdx dnscrypt-proxy[13219]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 06:56:47 UTC, end at Thu 2024-10-10 06:56:52 UTC. -- Oct 10 06:56:47.367681 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:47.389595 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:48.040619 osdx osdx-coredump[14842]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:56:48.049113 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:56:48.916483 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:49.057825 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:49.144328 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:49.385281 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:49.437815 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:49.490202 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:49.663883 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:56:49.951279 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:50.068715 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:56:50.195927 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:56:50.364619 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:56:50.492065 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:56:50.602093 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:56:50.725936 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:56:50.849243 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:56:50.985657 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:51.122080 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:51.307591 osdx ca-certificates[14957]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:52.044364 osdx ca-certificates[15940]: 1 added, 0 removed; done. Oct 10 06:56:52.049480 osdx ca-certificates[15947]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:52.054000 osdx ca-certificates[15949]: done. Oct 10 06:56:52.140572 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:56:52.142721 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:52.146803 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:52.162459 osdx dnscrypt-proxy[15953]: dnscrypt-proxy 2.0.45 Oct 10 06:56:52.162909 osdx dnscrypt-proxy[15953]: Network connectivity detected Oct 10 06:56:52.163425 osdx dnscrypt-proxy[15953]: Dropping privileges Oct 10 06:56:52.166931 osdx dnscrypt-proxy[15953]: Network connectivity detected Oct 10 06:56:52.167308 osdx dnscrypt-proxy[15953]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:56:52.167410 osdx dnscrypt-proxy[15953]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:56:52.167551 osdx dnscrypt-proxy[15953]: Firefox workaround initialized Oct 10 06:56:52.167654 osdx dnscrypt-proxy[15953]: Loading the set of cloaking rules from [/tmp/tmpNpFCbt] Oct 10 06:56:52.168845 osdx dnscrypt-proxy[15953]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 06:56:52.191480 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:52.338127 osdx dnscrypt-proxy[15953]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:56:52.338154 osdx dnscrypt-proxy[15953]: [RD] OK (DoH) - rtt: 122ms Oct 10 06:56:52.338168 osdx dnscrypt-proxy[15953]: Server with the lowest initial latency: RD (rtt: 122ms) Oct 10 06:56:52.338177 osdx dnscrypt-proxy[15953]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 06:56:52 UTC, end at Thu 2024-10-10 06:56:58 UTC. -- Oct 10 06:56:52.582299 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:52.614753 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:53.037906 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:53.147352 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:56:53.305406 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:56:53.439573 osdx dnscrypt-proxy[15953]: Stopped. Oct 10 06:56:53.439632 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:56:53.441071 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:56:53.441381 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:56:53.549141 osdx ca-certificates[16026]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:56:53.955538 osdx ca-certificates[16583]: done. Oct 10 06:56:53.961461 osdx ca-certificates[16593]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:54.586575 osdx ca-certificates[17427]: 137 added, 0 removed; done. Oct 10 06:56:54.590876 osdx ca-certificates[17433]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:54.595251 osdx ca-certificates[17435]: done. Oct 10 06:56:54.634944 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:54.637846 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:54.700103 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:56.220834 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:56.316271 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:56:56.416343 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:56:56.555767 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:56:56.633699 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:56:56.757630 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:56:56.845005 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 06:56:56.936915 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:56:57.048124 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:56:57.130598 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:56:57.309164 osdx ca-certificates[17477]: Updating certificates in /etc/ssl/certs... Oct 10 06:56:58.037787 osdx ca-certificates[18460]: 1 added, 0 removed; done. Oct 10 06:56:58.044250 osdx ca-certificates[18467]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:56:58.050688 osdx ca-certificates[18469]: done. Oct 10 06:56:58.262338 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:56:58.264108 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:56:58.291246 osdx dnscrypt-proxy[18508]: dnscrypt-proxy 2.0.45 Oct 10 06:56:58.291344 osdx dnscrypt-proxy[18508]: Network connectivity detected Oct 10 06:56:58.291810 osdx dnscrypt-proxy[18508]: Dropping privileges Oct 10 06:56:58.295150 osdx dnscrypt-proxy[18508]: Network connectivity detected Oct 10 06:56:58.295204 osdx dnscrypt-proxy[18508]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:56:58.295213 osdx dnscrypt-proxy[18508]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:56:58.295252 osdx dnscrypt-proxy[18508]: Firefox workaround initialized Oct 10 06:56:58.295261 osdx dnscrypt-proxy[18508]: Loading the set of cloaking rules from [/tmp/tmpJDWD31] Oct 10 06:56:58.296355 osdx dnscrypt-proxy[18508]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 06:56:58.305097 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:56:58.376970 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:56:58.470270 osdx dnscrypt-proxy[18508]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:56:58.470317 osdx dnscrypt-proxy[18508]: [RD] OK (DoH) - rtt: 119ms Oct 10 06:56:58.470333 osdx dnscrypt-proxy[18508]: Server with the lowest initial latency: RD (rtt: 119ms) Oct 10 06:56:58.470343 osdx dnscrypt-proxy[18508]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-10-10 06:56:58 UTC, end at Thu 2024-10-10 06:57:04 UTC. -- Oct 10 06:56:58.729297 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:56:58.743774 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:56:59.105982 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:56:59.234391 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:56:59.382796 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:56:59.504462 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:56:59.504497 osdx dnscrypt-proxy[18508]: Stopped. Oct 10 06:56:59.505502 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:56:59.505883 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:56:59.634744 osdx ca-certificates[18596]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:00.030183 osdx ca-certificates[19153]: done. Oct 10 06:57:00.036037 osdx ca-certificates[19161]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:00.660478 osdx ca-certificates[19997]: 137 added, 0 removed; done. Oct 10 06:57:00.666764 osdx ca-certificates[20003]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:00.671860 osdx ca-certificates[20005]: done. Oct 10 06:57:00.731736 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:00.735239 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:00.762881 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:02.301460 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:02.396453 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:02.527661 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:02.654561 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:02.757898 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:02.862435 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:02.974434 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:57:03.076089 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 06:57:03.193928 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:03.309011 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:03.419852 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:03.587685 osdx ca-certificates[20053]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:04.284933 osdx ca-certificates[21037]: 1 added, 0 removed; done. Oct 10 06:57:04.291748 osdx ca-certificates[21043]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:04.298689 osdx ca-certificates[21045]: done. Oct 10 06:57:04.480532 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:04.487341 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:04.513577 osdx dnscrypt-proxy[21084]: dnscrypt-proxy 2.0.45 Oct 10 06:57:04.513683 osdx dnscrypt-proxy[21084]: Network connectivity detected Oct 10 06:57:04.514132 osdx dnscrypt-proxy[21084]: Dropping privileges Oct 10 06:57:04.517900 osdx dnscrypt-proxy[21084]: Network connectivity detected Oct 10 06:57:04.517956 osdx dnscrypt-proxy[21084]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:04.517965 osdx dnscrypt-proxy[21084]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:04.517999 osdx dnscrypt-proxy[21084]: Firefox workaround initialized Oct 10 06:57:04.518008 osdx dnscrypt-proxy[21084]: Loading the set of cloaking rules from [/tmp/tmpsJik5_] Oct 10 06:57:04.519410 osdx dnscrypt-proxy[21084]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 06:57:04.541621 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:04.581092 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:04.724210 osdx dnscrypt-proxy[21084]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:57:04.724238 osdx dnscrypt-proxy[21084]: [RD] OK (DoH) - rtt: 153ms Oct 10 06:57:04.724254 osdx dnscrypt-proxy[21084]: Server with the lowest initial latency: RD (rtt: 153ms) Oct 10 06:57:04.724263 osdx dnscrypt-proxy[21084]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 06:57:13 UTC, end at Thu 2024-10-10 06:57:18 UTC. -- Oct 10 06:57:13.369943 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:13.387215 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:14.082243 osdx osdx-coredump[22722]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 10 06:57:14.091170 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 06:57:15.069243 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:15.187842 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:15.298203 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:15.533406 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:15.571782 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:15.611913 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:15.807965 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 06:57:16.071640 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:16.211091 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:16.334072 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:16.478851 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:16.585174 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:16.685685 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:16.785492 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:57:16.886808 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 06:57:17.010081 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:17.175610 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:17.304680 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:17.460325 osdx ca-certificates[22837]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:18.211141 osdx ca-certificates[23822]: 1 added, 0 removed; done. Oct 10 06:57:18.217219 osdx ca-certificates[23828]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:18.223089 osdx ca-certificates[23830]: done. Oct 10 06:57:18.291516 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:18.293208 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:18.296335 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:18.313164 osdx dnscrypt-proxy[23834]: dnscrypt-proxy 2.0.45 Oct 10 06:57:18.313253 osdx dnscrypt-proxy[23834]: Network connectivity detected Oct 10 06:57:18.313620 osdx dnscrypt-proxy[23834]: Dropping privileges Oct 10 06:57:18.316324 osdx dnscrypt-proxy[23834]: Network connectivity detected Oct 10 06:57:18.316366 osdx dnscrypt-proxy[23834]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:18.316372 osdx dnscrypt-proxy[23834]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:18.316401 osdx dnscrypt-proxy[23834]: Firefox workaround initialized Oct 10 06:57:18.316408 osdx dnscrypt-proxy[23834]: Loading the set of cloaking rules from [/tmp/tmp4DzI_w] Oct 10 06:57:18.335902 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:18.465949 osdx dnscrypt-proxy[23834]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 06:57:18.465980 osdx dnscrypt-proxy[23834]: [RD] OK (DoH) - rtt: 115ms Oct 10 06:57:18.465994 osdx dnscrypt-proxy[23834]: Server with the lowest initial latency: RD (rtt: 115ms) Oct 10 06:57:18.466004 osdx dnscrypt-proxy[23834]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:18.531163 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 06:57:18 UTC, end at Thu 2024-10-10 06:57:24 UTC. -- Oct 10 06:57:18.826029 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:18.853526 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:19.220741 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:19.321022 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:57:19.467796 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:57:19.583365 osdx dnscrypt-proxy[23834]: Stopped. Oct 10 06:57:19.583458 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:57:19.584862 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:57:19.585268 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:57:19.705464 osdx ca-certificates[23915]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:20.093043 osdx ca-certificates[24472]: done. Oct 10 06:57:20.099878 osdx ca-certificates[24482]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:20.711527 osdx ca-certificates[25315]: 137 added, 0 removed; done. Oct 10 06:57:20.715748 osdx ca-certificates[25322]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:20.721740 osdx ca-certificates[25324]: done. Oct 10 06:57:20.764370 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:20.768262 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:20.804231 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:22.303788 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:22.411274 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:22.532539 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:22.660844 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:22.788104 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:22.906057 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:23.036891 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:57:23.135046 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 06:57:23.253229 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:23.389841 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:23.484934 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:23.627242 osdx ca-certificates[25367]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:24.358114 osdx ca-certificates[26351]: 1 added, 0 removed; done. Oct 10 06:57:24.364812 osdx ca-certificates[26357]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:24.370649 osdx ca-certificates[26359]: done. Oct 10 06:57:24.567077 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:24.569581 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:24.593665 osdx dnscrypt-proxy[26398]: dnscrypt-proxy 2.0.45 Oct 10 06:57:24.593766 osdx dnscrypt-proxy[26398]: Network connectivity detected Oct 10 06:57:24.594180 osdx dnscrypt-proxy[26398]: Dropping privileges Oct 10 06:57:24.597708 osdx dnscrypt-proxy[26398]: Network connectivity detected Oct 10 06:57:24.597761 osdx dnscrypt-proxy[26398]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:24.597770 osdx dnscrypt-proxy[26398]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:24.597802 osdx dnscrypt-proxy[26398]: Firefox workaround initialized Oct 10 06:57:24.597810 osdx dnscrypt-proxy[26398]: Loading the set of cloaking rules from [/tmp/tmpQaa6SH] Oct 10 06:57:24.622157 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:24.670374 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:24.765234 osdx dnscrypt-proxy[26398]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 06:57:24.765262 osdx dnscrypt-proxy[26398]: [RD] OK (DoH) - rtt: 118ms Oct 10 06:57:24.765276 osdx dnscrypt-proxy[26398]: Server with the lowest initial latency: RD (rtt: 118ms) Oct 10 06:57:24.765285 osdx dnscrypt-proxy[26398]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:24.929437 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 06:57:25 UTC, end at Thu 2024-10-10 06:57:37 UTC. -- Oct 10 06:57:25.210745 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:25.248061 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:25.669272 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:25.774279 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:57:25.919269 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:57:26.012551 osdx dnscrypt-proxy[26398]: Stopped. Oct 10 06:57:26.012664 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:57:26.014055 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:57:26.014419 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:57:26.123611 osdx ca-certificates[26492]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:26.525272 osdx ca-certificates[27049]: done. Oct 10 06:57:26.529849 osdx ca-certificates[27058]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:27.153784 osdx ca-certificates[27893]: 137 added, 0 removed; done. Oct 10 06:57:27.158088 osdx ca-certificates[27899]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:27.162831 osdx ca-certificates[27901]: done. Oct 10 06:57:27.210503 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:27.214063 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:27.265825 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:28.766746 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:28.865873 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:28.988881 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:29.109993 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:29.192180 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:29.303782 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:29.441623 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 06:57:29.559381 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 06:57:29.651228 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:29.762904 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:29.850998 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:30.016357 osdx ca-certificates[27944]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:30.695929 osdx ca-certificates[28928]: 1 added, 0 removed; done. Oct 10 06:57:30.700562 osdx ca-certificates[28934]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:30.705029 osdx ca-certificates[28936]: done. Oct 10 06:57:30.876388 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:30.878036 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:30.904661 osdx dnscrypt-proxy[28975]: dnscrypt-proxy 2.0.45 Oct 10 06:57:30.904752 osdx dnscrypt-proxy[28975]: Network connectivity detected Oct 10 06:57:30.905149 osdx dnscrypt-proxy[28975]: Dropping privileges Oct 10 06:57:30.908527 osdx dnscrypt-proxy[28975]: Network connectivity detected Oct 10 06:57:30.908582 osdx dnscrypt-proxy[28975]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:30.908591 osdx dnscrypt-proxy[28975]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:30.908623 osdx dnscrypt-proxy[28975]: Firefox workaround initialized Oct 10 06:57:30.908631 osdx dnscrypt-proxy[28975]: Loading the set of cloaking rules from [/tmp/tmpY_iNmU] Oct 10 06:57:30.921613 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:30.966997 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:31.136539 osdx dnscrypt-proxy[28975]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:57:31.136561 osdx dnscrypt-proxy[28975]: [RD] OK (DoH) - rtt: 191ms Oct 10 06:57:31.136571 osdx dnscrypt-proxy[28975]: Server with the lowest initial latency: RD (rtt: 191ms) Oct 10 06:57:31.136579 osdx dnscrypt-proxy[28975]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:37.135454 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-10-10 06:57:37 UTC, end at Thu 2024-10-10 06:57:43 UTC. -- Oct 10 06:57:37.448914 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:37.480605 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:37.951386 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:38.048133 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:57:38.184765 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:57:38.287950 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:57:38.288237 osdx dnscrypt-proxy[28975]: Stopped. Oct 10 06:57:38.289147 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:57:38.289543 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:57:38.417481 osdx ca-certificates[29069]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:38.800473 osdx ca-certificates[29626]: done. Oct 10 06:57:38.806325 osdx ca-certificates[29636]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:39.396650 osdx ca-certificates[30469]: 137 added, 0 removed; done. Oct 10 06:57:39.401051 osdx ca-certificates[30476]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:39.405307 osdx ca-certificates[30478]: done. Oct 10 06:57:39.447753 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:39.450977 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:39.491530 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:40.902760 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:41.002696 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:41.136125 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:41.257235 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:41.365203 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:41.471959 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:41.585585 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 06:57:41.687770 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 06:57:41.785586 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:41.915176 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:42.010619 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:42.154510 osdx ca-certificates[30521]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:42.879722 osdx ca-certificates[31504]: 1 added, 0 removed; done. Oct 10 06:57:42.885857 osdx ca-certificates[31511]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:42.892308 osdx ca-certificates[31513]: done. Oct 10 06:57:43.018924 osdx systemd[1]: systemd-timedated.service: Succeeded. Oct 10 06:57:43.128140 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:43.130324 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:43.155890 osdx dnscrypt-proxy[31554]: dnscrypt-proxy 2.0.45 Oct 10 06:57:43.155994 osdx dnscrypt-proxy[31554]: Network connectivity detected Oct 10 06:57:43.156427 osdx dnscrypt-proxy[31554]: Dropping privileges Oct 10 06:57:43.159780 osdx dnscrypt-proxy[31554]: Network connectivity detected Oct 10 06:57:43.160421 osdx dnscrypt-proxy[31554]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:43.160526 osdx dnscrypt-proxy[31554]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:43.160653 osdx dnscrypt-proxy[31554]: Firefox workaround initialized Oct 10 06:57:43.160749 osdx dnscrypt-proxy[31554]: Loading the set of cloaking rules from [/tmp/tmpL0ooJO] Oct 10 06:57:43.189478 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:43.227809 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:43.344870 osdx dnscrypt-proxy[31554]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 06:57:43.344898 osdx dnscrypt-proxy[31554]: [RD] OK (DoH) - rtt: 129ms Oct 10 06:57:43.344915 osdx dnscrypt-proxy[31554]: Server with the lowest initial latency: RD (rtt: 129ms) Oct 10 06:57:43.344926 osdx dnscrypt-proxy[31554]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:43.438442 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-10-10 06:57:43 UTC, end at Thu 2024-10-10 06:57:50 UTC. -- Oct 10 06:57:43.899511 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:43.942380 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:44.509911 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:44.602807 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:57:44.754267 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:57:44.848206 osdx dnscrypt-proxy[31554]: Stopped. Oct 10 06:57:44.848283 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:57:44.849292 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:57:44.849630 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:57:44.971849 osdx ca-certificates[31648]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:45.370297 osdx ca-certificates[32205]: done. Oct 10 06:57:45.376930 osdx ca-certificates[32215]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:45.965662 osdx ca-certificates[580]: 137 added, 0 removed; done. Oct 10 06:57:45.970135 osdx ca-certificates[587]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:45.974675 osdx ca-certificates[589]: done. Oct 10 06:57:46.021445 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:46.024899 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:46.074778 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:47.592202 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:47.694095 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:47.797997 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:47.949355 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:48.109966 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:48.260102 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:48.380844 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 06:57:48.474413 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 06:57:48.586745 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:48.726810 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:48.834366 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:48.962141 osdx ca-certificates[633]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:49.665205 osdx ca-certificates[1654]: 1 added, 0 removed; done. Oct 10 06:57:49.671180 osdx ca-certificates[1661]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:49.677532 osdx ca-certificates[1663]: done. Oct 10 06:57:49.848482 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:49.850078 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:49.866517 osdx dnscrypt-proxy[1702]: dnscrypt-proxy 2.0.45 Oct 10 06:57:49.866603 osdx dnscrypt-proxy[1702]: Network connectivity detected Oct 10 06:57:49.867005 osdx dnscrypt-proxy[1702]: Dropping privileges Oct 10 06:57:49.872494 osdx dnscrypt-proxy[1702]: Network connectivity detected Oct 10 06:57:49.872548 osdx dnscrypt-proxy[1702]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:49.872556 osdx dnscrypt-proxy[1702]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:49.872587 osdx dnscrypt-proxy[1702]: Firefox workaround initialized Oct 10 06:57:49.872596 osdx dnscrypt-proxy[1702]: Loading the set of cloaking rules from [/tmp/tmpeQPVVK] Oct 10 06:57:49.901713 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:49.959123 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:50.081287 osdx dnscrypt-proxy[1702]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 06:57:50.081310 osdx dnscrypt-proxy[1702]: [RD] OK (DoH) - rtt: 163ms Oct 10 06:57:50.081320 osdx dnscrypt-proxy[1702]: Server with the lowest initial latency: RD (rtt: 163ms) Oct 10 06:57:50.081326 osdx dnscrypt-proxy[1702]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:50.141157 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-10-10 06:57:50 UTC, end at Thu 2024-10-10 06:57:56 UTC. -- Oct 10 06:57:50.473596 osdx systemd-journald[1712]: Runtime journal (/run/log/journal/c2d6011d26b547ba87daa360869210a1) is 2.0M, max 16.0M, 14.0M free. Oct 10 06:57:50.493015 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'system journal clear'. Oct 10 06:57:50.928787 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:51.031171 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'delete'. Oct 10 06:57:51.173813 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 06:57:51.294899 osdx dnscrypt-proxy[1702]: Stopped. Oct 10 06:57:51.294955 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 10 06:57:51.296419 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 10 06:57:51.296713 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 10 06:57:51.413805 osdx ca-certificates[1802]: Clearing symlinks in /etc/ssl/certs... Oct 10 06:57:51.801095 osdx ca-certificates[2363]: done. Oct 10 06:57:51.808434 osdx ca-certificates[2373]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:52.386864 osdx ca-certificates[3208]: 137 added, 0 removed; done. Oct 10 06:57:52.391209 osdx ca-certificates[3214]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:52.396032 osdx ca-certificates[3216]: done. Oct 10 06:57:52.449046 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:52.452218 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:52.521989 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:54.013863 osdx OSDxCLI[1889]: User 'admin' entered the configuration menu. Oct 10 06:57:54.117006 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 06:57:54.236267 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 06:57:54.379577 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 06:57:54.465551 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 06:57:54.570887 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 9318e2e56982477fc6b475380974063c5118b284c903c789dc529dd2081e79b9'. Oct 10 06:57:54.667339 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 06:57:54.824676 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 06:57:54.948193 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 06:57:55.093361 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 06:57:55.203249 osdx OSDxCLI[1889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 06:57:55.343121 osdx ca-certificates[3259]: Updating certificates in /etc/ssl/certs... Oct 10 06:57:56.069353 osdx ca-certificates[4244]: 1 added, 0 removed; done. Oct 10 06:57:56.073890 osdx ca-certificates[4250]: Running hooks in /etc/ca-certificates/update.d... Oct 10 06:57:56.080193 osdx ca-certificates[4252]: done. Oct 10 06:57:56.300792 osdx systemd[1]: Started DNSCrypt client proxy. Oct 10 06:57:56.302354 osdx cfgd[1328]: [1889]Completed change to active configuration Oct 10 06:57:56.330681 osdx dnscrypt-proxy[4291]: dnscrypt-proxy 2.0.45 Oct 10 06:57:56.331214 osdx dnscrypt-proxy[4291]: Network connectivity detected Oct 10 06:57:56.331833 osdx dnscrypt-proxy[4291]: Dropping privileges Oct 10 06:57:56.335295 osdx dnscrypt-proxy[4291]: Network connectivity detected Oct 10 06:57:56.335706 osdx dnscrypt-proxy[4291]: Now listening to 127.0.0.1:53 [UDP] Oct 10 06:57:56.335815 osdx dnscrypt-proxy[4291]: Now listening to 127.0.0.1:53 [TCP] Oct 10 06:57:56.335932 osdx dnscrypt-proxy[4291]: Firefox workaround initialized Oct 10 06:57:56.336031 osdx dnscrypt-proxy[4291]: Loading the set of cloaking rules from [/tmp/tmpQ_ys2N] Oct 10 06:57:56.345747 osdx OSDxCLI[1889]: User 'admin' committed the configuration. Oct 10 06:57:56.384246 osdx OSDxCLI[1889]: User 'admin' left the configuration menu. Oct 10 06:57:56.511124 osdx dnscrypt-proxy[4291]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 06:57:56.511148 osdx dnscrypt-proxy[4291]: [RD] OK (DoH) - rtt: 121ms Oct 10 06:57:56.511160 osdx dnscrypt-proxy[4291]: Server with the lowest initial latency: RD (rtt: 121ms) Oct 10 06:57:56.511167 osdx dnscrypt-proxy[4291]: dnscrypt-proxy is ready - live servers: 1 Oct 10 06:57:56.602644 osdx OSDxCLI[1889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.