Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-10-09 08:50:01 UTC, end at Wed 2024-10-09 08:50:10 UTC. -- Oct 09 08:50:01.289121 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:01.310342 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:01.659418 osdx osdx-coredump[23617]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:50:01.665320 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:50:02.150509 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:02.222662 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:02.300146 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:02.380691 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:02.449417 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:02.477105 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:02.493263 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:02.625463 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:50:02.740928 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:02.797894 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:02.889400 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:02.954209 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:03.034770 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:03.087574 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:03.176496 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 09 08:50:03.223961 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:03.319161 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:03.369944 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:03.483265 osdx ca-certificates[23762]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:03.887470 osdx ca-certificates[24746]: 1 added, 0 removed; done. Oct 09 08:50:03.890285 osdx ca-certificates[24753]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:03.893146 osdx ca-certificates[24755]: done. Oct 09 08:50:03.929774 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:03.930827 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:03.933569 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:03.944954 osdx dnscrypt-proxy[24759]: dnscrypt-proxy 2.0.45 Oct 09 08:50:03.945016 osdx dnscrypt-proxy[24759]: Network connectivity detected Oct 09 08:50:03.945263 osdx dnscrypt-proxy[24759]: Dropping privileges Oct 09 08:50:03.947380 osdx dnscrypt-proxy[24759]: Network connectivity detected Oct 09 08:50:03.947410 osdx dnscrypt-proxy[24759]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:03.947414 osdx dnscrypt-proxy[24759]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:03.947431 osdx dnscrypt-proxy[24759]: Firefox workaround initialized Oct 09 08:50:03.947435 osdx dnscrypt-proxy[24759]: Loading the set of cloaking rules from [/tmp/tmpdFTks5] Oct 09 08:50:03.950620 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:04.101337 osdx dnscrypt-proxy[24759]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 09 08:50:04.101363 osdx dnscrypt-proxy[24759]: [RD] OK (DoH) - rtt: 130ms Oct 09 08:50:04.101378 osdx dnscrypt-proxy[24759]: Server with the lowest initial latency: RD (rtt: 130ms) Oct 09 08:50:04.101386 osdx dnscrypt-proxy[24759]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:50:04.585149 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:09.584343 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:09.622988 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:10.086401 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-10-09 08:50:16 UTC, end at Wed 2024-10-09 08:50:25 UTC. -- Oct 09 08:50:16.299000 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:16.327718 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:16.729905 osdx osdx-coredump[26390]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:50:16.735864 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:50:17.347915 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:17.432111 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:17.518997 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:17.593151 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:17.670439 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:17.698653 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:17.713473 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:17.846156 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:50:18.064351 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:18.159471 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:18.209278 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:18.319809 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:18.369599 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:18.463232 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:18.510213 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 09 08:50:18.604189 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:18.659967 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:18.746017 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:18.820040 osdx ca-certificates[26530]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:19.268535 osdx ca-certificates[27514]: 1 added, 0 removed; done. Oct 09 08:50:19.271914 osdx ca-certificates[27520]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:19.274513 osdx ca-certificates[27522]: done. Oct 09 08:50:19.311405 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:19.312939 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:19.315667 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:19.326832 osdx dnscrypt-proxy[27526]: dnscrypt-proxy 2.0.45 Oct 09 08:50:19.326890 osdx dnscrypt-proxy[27526]: Network connectivity detected Oct 09 08:50:19.327119 osdx dnscrypt-proxy[27526]: Dropping privileges Oct 09 08:50:19.329037 osdx dnscrypt-proxy[27526]: Network connectivity detected Oct 09 08:50:19.329066 osdx dnscrypt-proxy[27526]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:19.329071 osdx dnscrypt-proxy[27526]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:19.329088 osdx dnscrypt-proxy[27526]: Firefox workaround initialized Oct 09 08:50:19.329092 osdx dnscrypt-proxy[27526]: Loading the set of cloaking rules from [/tmp/tmpo8kWUD] Oct 09 08:50:19.333731 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:19.497630 osdx dnscrypt-proxy[27526]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 09 08:50:19.497645 osdx dnscrypt-proxy[27526]: [RD] OK (DoH) - rtt: 145ms Oct 09 08:50:19.497653 osdx dnscrypt-proxy[27526]: Server with the lowest initial latency: RD (rtt: 145ms) Oct 09 08:50:19.497658 osdx dnscrypt-proxy[27526]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:50:20.078995 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:25.078365 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:25.117842 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:25.464812 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-10-09 08:50:25 UTC, end at Wed 2024-10-09 08:50:29 UTC. -- Oct 09 08:50:25.655539 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:25.678044 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:25.910931 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:25.970760 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:50:26.081531 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:50:26.141354 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:50:26.141436 osdx dnscrypt-proxy[27526]: Stopped. Oct 09 08:50:26.142508 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:50:26.142758 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:50:26.220434 osdx ca-certificates[27606]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:50:26.467646 osdx ca-certificates[28163]: done. Oct 09 08:50:26.470921 osdx ca-certificates[28172]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:26.835065 osdx ca-certificates[29007]: 137 added, 0 removed; done. Oct 09 08:50:26.838230 osdx ca-certificates[29013]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:26.841488 osdx ca-certificates[29015]: done. Oct 09 08:50:26.871926 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:26.874697 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:26.890587 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:27.874465 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:27.928488 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:28.018516 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:28.083031 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:28.162874 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:28.216734 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:28.303306 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 09 08:50:28.351892 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:28.452516 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:28.501687 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:28.617552 osdx ca-certificates[29057]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:29.059194 osdx ca-certificates[30042]: 1 added, 0 removed; done. Oct 09 08:50:29.062038 osdx ca-certificates[30048]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:29.065009 osdx ca-certificates[30050]: done. Oct 09 08:50:29.081194 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:29.193475 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:29.194431 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:29.210319 osdx dnscrypt-proxy[30114]: dnscrypt-proxy 2.0.45 Oct 09 08:50:29.210377 osdx dnscrypt-proxy[30114]: Network connectivity detected Oct 09 08:50:29.210591 osdx dnscrypt-proxy[30114]: Dropping privileges Oct 09 08:50:29.212834 osdx dnscrypt-proxy[30114]: Network connectivity detected Oct 09 08:50:29.212869 osdx dnscrypt-proxy[30114]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:29.212875 osdx dnscrypt-proxy[30114]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:29.212896 osdx dnscrypt-proxy[30114]: Firefox workaround initialized Oct 09 08:50:29.212901 osdx dnscrypt-proxy[30114]: Loading the set of cloaking rules from [/tmp/tmpvsBCUf] Oct 09 08:50:29.222479 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:29.246137 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:29.348168 osdx dnscrypt-proxy[30114]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 09 08:50:29.348182 osdx dnscrypt-proxy[30114]: [RD] OK (DoH) - rtt: 107ms Oct 09 08:50:29.348190 osdx dnscrypt-proxy[30114]: Server with the lowest initial latency: RD (rtt: 107ms) Oct 09 08:50:29.348195 osdx dnscrypt-proxy[30114]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:50:29.376101 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-10-09 08:50:29 UTC, end at Wed 2024-10-09 08:50:33 UTC. -- Oct 09 08:50:29.564213 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:29.589688 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:29.810554 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:29.902607 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:50:29.965003 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:50:30.061264 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:50:30.061306 osdx dnscrypt-proxy[30114]: Stopped. Oct 09 08:50:30.062105 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:50:30.062430 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:50:30.136425 osdx ca-certificates[30208]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:50:30.398498 osdx ca-certificates[30764]: done. Oct 09 08:50:30.402892 osdx ca-certificates[30774]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:30.782255 osdx ca-certificates[31610]: 137 added, 0 removed; done. Oct 09 08:50:30.785351 osdx ca-certificates[31615]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:30.788603 osdx ca-certificates[31617]: done. Oct 09 08:50:30.819796 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:30.822688 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:30.838257 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:31.813211 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:31.869529 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:31.962978 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:32.031720 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:32.112374 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:32.167942 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:32.256480 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 09 08:50:32.306451 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:32.408717 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:32.461961 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:32.572957 osdx ca-certificates[31658]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:33.023572 osdx ca-certificates[32644]: 1 added, 0 removed; done. Oct 09 08:50:33.026594 osdx ca-certificates[32650]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:33.029470 osdx ca-certificates[32652]: done. Oct 09 08:50:33.045189 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:33.160985 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:33.162199 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:33.181046 osdx dnscrypt-proxy[32716]: dnscrypt-proxy 2.0.45 Oct 09 08:50:33.181124 osdx dnscrypt-proxy[32716]: Network connectivity detected Oct 09 08:50:33.181505 osdx dnscrypt-proxy[32716]: Dropping privileges Oct 09 08:50:33.184066 osdx dnscrypt-proxy[32716]: Network connectivity detected Oct 09 08:50:33.184103 osdx dnscrypt-proxy[32716]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:33.184108 osdx dnscrypt-proxy[32716]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:33.184132 osdx dnscrypt-proxy[32716]: Firefox workaround initialized Oct 09 08:50:33.184138 osdx dnscrypt-proxy[32716]: Loading the set of cloaking rules from [/tmp/tmpPWk9zc] Oct 09 08:50:33.197747 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:33.216317 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:33.340456 osdx dnscrypt-proxy[32716]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 09 08:50:33.340477 osdx dnscrypt-proxy[32716]: [RD] OK (DoH) - rtt: 127ms Oct 09 08:50:33.340488 osdx dnscrypt-proxy[32716]: Server with the lowest initial latency: RD (rtt: 127ms) Oct 09 08:50:33.340494 osdx dnscrypt-proxy[32716]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:50:33.349969 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-10-09 08:50:38 UTC, end at Wed 2024-10-09 08:50:41 UTC. -- Oct 09 08:50:38.263483 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:38.294468 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:38.646433 osdx osdx-coredump[1933]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:50:38.652377 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:50:39.208052 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:39.274483 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:39.280295 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:39.312924 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:39.370442 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:39.450927 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:39.531463 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:39.562579 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:39.577380 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:39.712084 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:50:39.837532 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:39.895738 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:40.006460 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:40.138163 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:40.193452 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:40.292064 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:40.345481 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:50:40.438181 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:40.498998 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:40.583281 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:40.664829 osdx ca-certificates[2072]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:41.112462 osdx ca-certificates[3057]: 1 added, 0 removed; done. Oct 09 08:50:41.115422 osdx ca-certificates[3063]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:41.118519 osdx ca-certificates[3065]: done. Oct 09 08:50:41.161755 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:41.162727 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:41.165442 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:41.176047 osdx dnscrypt-proxy[3069]: dnscrypt-proxy 2.0.45 Oct 09 08:50:41.176120 osdx dnscrypt-proxy[3069]: Network connectivity detected Oct 09 08:50:41.176416 osdx dnscrypt-proxy[3069]: Dropping privileges Oct 09 08:50:41.178760 osdx dnscrypt-proxy[3069]: Network connectivity detected Oct 09 08:50:41.178789 osdx dnscrypt-proxy[3069]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:41.178793 osdx dnscrypt-proxy[3069]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:41.178812 osdx dnscrypt-proxy[3069]: Firefox workaround initialized Oct 09 08:50:41.178816 osdx dnscrypt-proxy[3069]: Loading the set of cloaking rules from [/tmp/tmpEQcir7] Oct 09 08:50:41.179779 osdx dnscrypt-proxy[3069]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 09 08:50:41.182688 osdx OSDxCLI[25194]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-10-09 08:50:47 UTC, end at Wed 2024-10-09 08:50:50 UTC. -- Oct 09 08:50:47.287732 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:47.316517 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:47.696131 osdx osdx-coredump[4690]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:50:47.702647 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:50:48.226260 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:48.306794 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:48.397128 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:48.494449 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:48.564017 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:48.589615 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:48.624090 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:48.754953 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:50:48.905771 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:48.964661 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:49.064520 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:49.149858 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:49.239049 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:49.298714 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:49.386769 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:50:49.442836 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:49.543108 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:49.569999 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:49.596848 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:49.712715 osdx ca-certificates[4830]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:50.134194 osdx ca-certificates[5816]: 1 added, 0 removed; done. Oct 09 08:50:50.137297 osdx ca-certificates[5822]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:50.141196 osdx ca-certificates[5824]: done. Oct 09 08:50:50.189720 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:50.191446 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:50.194063 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:50.205754 osdx dnscrypt-proxy[5828]: dnscrypt-proxy 2.0.45 Oct 09 08:50:50.205822 osdx dnscrypt-proxy[5828]: Network connectivity detected Oct 09 08:50:50.206088 osdx dnscrypt-proxy[5828]: Dropping privileges Oct 09 08:50:50.208142 osdx dnscrypt-proxy[5828]: Network connectivity detected Oct 09 08:50:50.208324 osdx dnscrypt-proxy[5828]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:50.208365 osdx dnscrypt-proxy[5828]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:50.208418 osdx dnscrypt-proxy[5828]: Firefox workaround initialized Oct 09 08:50:50.208452 osdx dnscrypt-proxy[5828]: Loading the set of cloaking rules from [/tmp/tmpmVDMcK] Oct 09 08:50:50.209342 osdx dnscrypt-proxy[5828]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 09 08:50:50.219521 osdx OSDxCLI[25194]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-10-09 08:50:50 UTC, end at Wed 2024-10-09 08:50:54 UTC. -- Oct 09 08:50:50.456343 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:50.478692 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:50.734148 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:50.836759 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:50:50.911458 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:50:51.017967 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:50:51.018108 osdx dnscrypt-proxy[5828]: Stopped. Oct 09 08:50:51.018972 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:50:51.019202 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:50:51.095437 osdx ca-certificates[5903]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:50:51.333846 osdx ca-certificates[6461]: done. Oct 09 08:50:51.337271 osdx ca-certificates[6472]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:51.711026 osdx ca-certificates[7305]: 137 added, 0 removed; done. Oct 09 08:50:51.713829 osdx ca-certificates[7311]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:51.717718 osdx ca-certificates[7313]: done. Oct 09 08:50:51.750518 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:51.753037 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:51.770180 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:52.749533 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:52.805986 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:52.897516 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:52.966542 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:53.045186 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:53.097384 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:53.191353 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 09 08:50:53.241222 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:53.341452 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:53.392798 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:53.510804 osdx ca-certificates[7355]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:53.923665 osdx ca-certificates[8339]: 1 added, 0 removed; done. Oct 09 08:50:53.926607 osdx ca-certificates[8345]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:53.929527 osdx ca-certificates[8347]: done. Oct 09 08:50:53.942453 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:54.049891 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:54.050826 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:54.064565 osdx dnscrypt-proxy[8411]: dnscrypt-proxy 2.0.45 Oct 09 08:50:54.064626 osdx dnscrypt-proxy[8411]: Network connectivity detected Oct 09 08:50:54.064852 osdx dnscrypt-proxy[8411]: Dropping privileges Oct 09 08:50:54.066766 osdx dnscrypt-proxy[8411]: Network connectivity detected Oct 09 08:50:54.066794 osdx dnscrypt-proxy[8411]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:54.066798 osdx dnscrypt-proxy[8411]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:54.066822 osdx dnscrypt-proxy[8411]: Firefox workaround initialized Oct 09 08:50:54.066826 osdx dnscrypt-proxy[8411]: Loading the set of cloaking rules from [/tmp/tmp8XKEzS] Oct 09 08:50:54.067536 osdx dnscrypt-proxy[8411]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 09 08:50:54.079420 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:54.109675 osdx OSDxCLI[25194]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-10-09 08:50:54 UTC, end at Wed 2024-10-09 08:50:58 UTC. -- Oct 09 08:50:54.332022 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:50:54.344961 osdx dnscrypt-proxy[8411]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 09 08:50:54.344979 osdx dnscrypt-proxy[8411]: [RD] OK (DoH) - rtt: 255ms Oct 09 08:50:54.344989 osdx dnscrypt-proxy[8411]: Server with the lowest initial latency: RD (rtt: 255ms) Oct 09 08:50:54.344995 osdx dnscrypt-proxy[8411]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:50:54.351020 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:50:54.572267 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:54.590231 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:54.610643 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:50:54.683180 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:50:54.753070 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:50:54.844450 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:50:54.844467 osdx dnscrypt-proxy[8411]: Stopped. Oct 09 08:50:54.845118 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:50:54.845405 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:50:54.935218 osdx ca-certificates[8499]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:50:55.185095 osdx ca-certificates[9059]: done. Oct 09 08:50:55.188526 osdx ca-certificates[9070]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:55.566581 osdx ca-certificates[9904]: 137 added, 0 removed; done. Oct 09 08:50:55.569367 osdx ca-certificates[9910]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:55.572487 osdx ca-certificates[9912]: done. Oct 09 08:50:55.598938 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:55.601578 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:55.616376 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:56.557057 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:50:56.609625 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:50:56.698627 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:50:56.762254 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:50:56.846953 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:50:56.900697 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:50:56.990165 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:50:57.038144 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 09 08:50:57.131487 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:50:57.188282 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:50:57.272772 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:50:57.352025 osdx ca-certificates[9955]: Updating certificates in /etc/ssl/certs... Oct 09 08:50:57.807810 osdx ca-certificates[10942]: 1 added, 0 removed; done. Oct 09 08:50:57.811193 osdx ca-certificates[10949]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:50:57.814277 osdx ca-certificates[10951]: done. Oct 09 08:50:57.830505 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:50:57.942957 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:50:57.944301 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:50:57.957948 osdx dnscrypt-proxy[11015]: dnscrypt-proxy 2.0.45 Oct 09 08:50:57.958009 osdx dnscrypt-proxy[11015]: Network connectivity detected Oct 09 08:50:57.958268 osdx dnscrypt-proxy[11015]: Dropping privileges Oct 09 08:50:57.960310 osdx dnscrypt-proxy[11015]: Network connectivity detected Oct 09 08:50:57.960339 osdx dnscrypt-proxy[11015]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:50:57.960343 osdx dnscrypt-proxy[11015]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:50:57.960364 osdx dnscrypt-proxy[11015]: Firefox workaround initialized Oct 09 08:50:57.960369 osdx dnscrypt-proxy[11015]: Loading the set of cloaking rules from [/tmp/tmp5Dshsl] Oct 09 08:50:57.961293 osdx dnscrypt-proxy[11015]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 09 08:50:57.986905 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:50:58.004940 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:50:58.091721 osdx dnscrypt-proxy[11015]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 09 08:50:58.091735 osdx dnscrypt-proxy[11015]: [RD] OK (DoH) - rtt: 108ms Oct 09 08:50:58.091743 osdx dnscrypt-proxy[11015]: Server with the lowest initial latency: RD (rtt: 108ms) Oct 09 08:50:58.091748 osdx dnscrypt-proxy[11015]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-10-09 08:51:04 UTC, end at Wed 2024-10-09 08:51:13 UTC. -- Oct 09 08:51:04.368139 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:04.392674 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:04.753694 osdx osdx-coredump[12658]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 09 08:51:04.760049 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system coredump delete all'. Oct 09 08:51:05.023493 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:05.312520 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:05.375492 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:05.460774 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:05.531421 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:05.600273 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:05.626306 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:05.654555 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:05.778727 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 09 08:51:05.890132 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:05.955468 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:06.044628 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:06.108978 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:06.194386 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:06.249250 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:06.337448 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:51:06.391972 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 09 08:51:06.482103 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:06.540309 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:06.630694 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:06.702154 osdx ca-certificates[12799]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:07.117347 osdx ca-certificates[13782]: 1 added, 0 removed; done. Oct 09 08:51:07.120159 osdx ca-certificates[13789]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:07.123216 osdx ca-certificates[13791]: done. Oct 09 08:51:07.167174 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:07.168162 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:07.170542 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:07.183602 osdx dnscrypt-proxy[13795]: dnscrypt-proxy 2.0.45 Oct 09 08:51:07.183928 osdx dnscrypt-proxy[13795]: Network connectivity detected Oct 09 08:51:07.184305 osdx dnscrypt-proxy[13795]: Dropping privileges Oct 09 08:51:07.186919 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:07.188584 osdx dnscrypt-proxy[13795]: Network connectivity detected Oct 09 08:51:07.188766 osdx dnscrypt-proxy[13795]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:07.188808 osdx dnscrypt-proxy[13795]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:07.188858 osdx dnscrypt-proxy[13795]: Firefox workaround initialized Oct 09 08:51:07.188895 osdx dnscrypt-proxy[13795]: Loading the set of cloaking rules from [/tmp/tmpNALB2y] Oct 09 08:51:07.327114 osdx dnscrypt-proxy[13795]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 09 08:51:07.327127 osdx dnscrypt-proxy[13795]: [RD] OK (DoH) - rtt: 114ms Oct 09 08:51:07.327135 osdx dnscrypt-proxy[13795]: Server with the lowest initial latency: RD (rtt: 114ms) Oct 09 08:51:07.327139 osdx dnscrypt-proxy[13795]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:10.026560 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:10.063760 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:13.314100 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-10-09 08:51:13 UTC, end at Wed 2024-10-09 08:51:17 UTC. -- Oct 09 08:51:13.506242 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:13.528266 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:13.757224 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:13.809097 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:51:13.917362 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:51:13.974524 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:51:13.974637 osdx dnscrypt-proxy[13795]: Stopped. Oct 09 08:51:13.975511 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:51:13.975823 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:51:14.050920 osdx ca-certificates[13874]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:51:14.292248 osdx ca-certificates[14433]: done. Oct 09 08:51:14.295165 osdx ca-certificates[14442]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:14.635110 osdx ca-certificates[15276]: 137 added, 0 removed; done. Oct 09 08:51:14.638024 osdx ca-certificates[15282]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:14.640947 osdx ca-certificates[15284]: done. Oct 09 08:51:14.669829 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:14.672326 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:14.687511 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:15.667823 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:15.722401 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:15.807421 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:15.877339 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:15.967712 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:16.021768 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:16.108910 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:51:16.171110 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 09 08:51:16.261951 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:16.331241 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:16.424685 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:16.510461 osdx ca-certificates[15326]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:16.947305 osdx ca-certificates[16311]: 1 added, 0 removed; done. Oct 09 08:51:16.950545 osdx ca-certificates[16316]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:16.953436 osdx ca-certificates[16319]: done. Oct 09 08:51:16.967424 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:17.081670 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:17.082728 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:17.096406 osdx dnscrypt-proxy[16383]: dnscrypt-proxy 2.0.45 Oct 09 08:51:17.096477 osdx dnscrypt-proxy[16383]: Network connectivity detected Oct 09 08:51:17.096751 osdx dnscrypt-proxy[16383]: Dropping privileges Oct 09 08:51:17.099088 osdx dnscrypt-proxy[16383]: Network connectivity detected Oct 09 08:51:17.099120 osdx dnscrypt-proxy[16383]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:17.099125 osdx dnscrypt-proxy[16383]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:17.099144 osdx dnscrypt-proxy[16383]: Firefox workaround initialized Oct 09 08:51:17.099149 osdx dnscrypt-proxy[16383]: Loading the set of cloaking rules from [/tmp/tmpYfEgjb] Oct 09 08:51:17.125685 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:17.144237 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:17.237978 osdx dnscrypt-proxy[16383]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 09 08:51:17.238001 osdx dnscrypt-proxy[16383]: [RD] OK (DoH) - rtt: 113ms Oct 09 08:51:17.238013 osdx dnscrypt-proxy[16383]: Server with the lowest initial latency: RD (rtt: 113ms) Oct 09 08:51:17.238020 osdx dnscrypt-proxy[16383]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:17.264812 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-10-09 08:51:17 UTC, end at Wed 2024-10-09 08:51:21 UTC. -- Oct 09 08:51:17.451671 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:17.474956 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:17.698069 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:17.788859 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:51:17.851205 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:51:17.940365 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:51:17.940412 osdx dnscrypt-proxy[16383]: Stopped. Oct 09 08:51:17.941096 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:51:17.941361 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:51:18.013312 osdx ca-certificates[16478]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:51:18.254827 osdx ca-certificates[17036]: done. Oct 09 08:51:18.257914 osdx ca-certificates[17044]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:18.616304 osdx ca-certificates[17880]: 137 added, 0 removed; done. Oct 09 08:51:18.618981 osdx ca-certificates[17886]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:18.621653 osdx ca-certificates[17888]: done. Oct 09 08:51:18.650261 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:18.652690 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:18.667849 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:19.635683 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:19.732795 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:19.782539 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:19.886150 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:19.939665 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:20.023616 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:20.034441 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:20.082416 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 09 08:51:20.172449 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 09 08:51:20.218769 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:20.320062 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:20.374455 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:20.488646 osdx ca-certificates[17931]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:20.920399 osdx ca-certificates[18916]: 1 added, 0 removed; done. Oct 09 08:51:20.923889 osdx ca-certificates[18922]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:20.926735 osdx ca-certificates[18924]: done. Oct 09 08:51:20.943457 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:21.063025 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:21.064365 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:21.076265 osdx dnscrypt-proxy[18988]: dnscrypt-proxy 2.0.45 Oct 09 08:51:21.076320 osdx dnscrypt-proxy[18988]: Network connectivity detected Oct 09 08:51:21.076546 osdx dnscrypt-proxy[18988]: Dropping privileges Oct 09 08:51:21.078646 osdx dnscrypt-proxy[18988]: Network connectivity detected Oct 09 08:51:21.078670 osdx dnscrypt-proxy[18988]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:21.078674 osdx dnscrypt-proxy[18988]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:21.078690 osdx dnscrypt-proxy[18988]: Firefox workaround initialized Oct 09 08:51:21.078694 osdx dnscrypt-proxy[18988]: Loading the set of cloaking rules from [/tmp/tmpWf_q6C] Oct 09 08:51:21.093630 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:21.109568 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:21.232284 osdx dnscrypt-proxy[18988]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 09 08:51:21.232297 osdx dnscrypt-proxy[18988]: [RD] OK (DoH) - rtt: 125ms Oct 09 08:51:21.232306 osdx dnscrypt-proxy[18988]: Server with the lowest initial latency: RD (rtt: 125ms) Oct 09 08:51:21.232311 osdx dnscrypt-proxy[18988]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:21.241710 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-10-09 08:51:21 UTC, end at Wed 2024-10-09 08:51:25 UTC. -- Oct 09 08:51:21.428462 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:21.456047 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:21.694269 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:21.753396 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:51:21.855209 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:51:21.911441 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:51:21.911509 osdx dnscrypt-proxy[18988]: Stopped. Oct 09 08:51:21.912278 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:51:21.912530 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:51:21.982638 osdx ca-certificates[19084]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:51:22.220466 osdx ca-certificates[19642]: done. Oct 09 08:51:22.224503 osdx ca-certificates[19653]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:22.568279 osdx ca-certificates[20484]: 137 added, 0 removed; done. Oct 09 08:51:22.571813 osdx ca-certificates[20491]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:22.575488 osdx ca-certificates[20493]: done. Oct 09 08:51:22.602984 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:22.605525 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:22.621518 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:23.583300 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:23.677592 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:23.729662 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:23.835519 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:23.886696 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:23.983770 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:24.034080 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 09 08:51:24.128165 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 09 08:51:24.198511 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:24.301246 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:24.352588 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:24.511137 osdx ca-certificates[20536]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:24.947879 osdx ca-certificates[21520]: 1 added, 0 removed; done. Oct 09 08:51:24.951791 osdx ca-certificates[21526]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:24.954773 osdx ca-certificates[21528]: done. Oct 09 08:51:24.971513 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:25.023674 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:25.061515 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:25.093269 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:25.094271 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:25.107427 osdx dnscrypt-proxy[21592]: dnscrypt-proxy 2.0.45 Oct 09 08:51:25.107483 osdx dnscrypt-proxy[21592]: Network connectivity detected Oct 09 08:51:25.107707 osdx dnscrypt-proxy[21592]: Dropping privileges Oct 09 08:51:25.109591 osdx dnscrypt-proxy[21592]: Network connectivity detected Oct 09 08:51:25.109618 osdx dnscrypt-proxy[21592]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:25.109622 osdx dnscrypt-proxy[21592]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:25.109639 osdx dnscrypt-proxy[21592]: Firefox workaround initialized Oct 09 08:51:25.109643 osdx dnscrypt-proxy[21592]: Loading the set of cloaking rules from [/tmp/tmp030nm2] Oct 09 08:51:25.123978 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:25.152988 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:25.255930 osdx dnscrypt-proxy[21592]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 09 08:51:25.255957 osdx dnscrypt-proxy[21592]: [RD] OK (DoH) - rtt: 114ms Oct 09 08:51:25.255969 osdx dnscrypt-proxy[21592]: Server with the lowest initial latency: RD (rtt: 114ms) Oct 09 08:51:25.255975 osdx dnscrypt-proxy[21592]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:25.294160 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-10-09 08:51:25 UTC, end at Wed 2024-10-09 08:51:35 UTC. -- Oct 09 08:51:25.508288 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:25.532616 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:25.784627 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:25.836637 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:51:25.956615 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:51:26.013617 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:51:26.013659 osdx dnscrypt-proxy[21592]: Stopped. Oct 09 08:51:26.014466 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:51:26.014764 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:51:26.110936 osdx ca-certificates[21687]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:51:26.349484 osdx ca-certificates[22245]: done. Oct 09 08:51:26.352541 osdx ca-certificates[22253]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:26.721205 osdx ca-certificates[23088]: 137 added, 0 removed; done. Oct 09 08:51:26.723937 osdx ca-certificates[23094]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:26.726565 osdx ca-certificates[23096]: done. Oct 09 08:51:26.753906 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:26.756256 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:26.771166 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:27.713863 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:27.770164 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:27.862055 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:27.929041 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:28.011629 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:28.070788 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:28.161093 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 09 08:51:28.214718 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 09 08:51:28.306577 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:28.367967 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:28.460025 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:28.536585 osdx ca-certificates[23138]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:28.981024 osdx ca-certificates[24123]: 1 added, 0 removed; done. Oct 09 08:51:28.983649 osdx ca-certificates[24129]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:28.986473 osdx ca-certificates[24131]: done. Oct 09 08:51:28.999419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:29.159517 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:29.160578 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:29.177049 osdx dnscrypt-proxy[24195]: dnscrypt-proxy 2.0.45 Oct 09 08:51:29.177135 osdx dnscrypt-proxy[24195]: Network connectivity detected Oct 09 08:51:29.177486 osdx dnscrypt-proxy[24195]: Dropping privileges Oct 09 08:51:29.179982 osdx dnscrypt-proxy[24195]: Network connectivity detected Oct 09 08:51:29.180027 osdx dnscrypt-proxy[24195]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:29.180034 osdx dnscrypt-proxy[24195]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:29.180063 osdx dnscrypt-proxy[24195]: Firefox workaround initialized Oct 09 08:51:29.180070 osdx dnscrypt-proxy[24195]: Loading the set of cloaking rules from [/tmp/tmpNoQGya] Oct 09 08:51:29.202270 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:29.219141 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:29.373058 osdx dnscrypt-proxy[24195]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 09 08:51:29.373075 osdx dnscrypt-proxy[24195]: [RD] OK (DoH) - rtt: 165ms Oct 09 08:51:29.373084 osdx dnscrypt-proxy[24195]: Server with the lowest initial latency: RD (rtt: 165ms) Oct 09 08:51:29.373090 osdx dnscrypt-proxy[24195]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:34.031348 osdx systemd[1]: systemd-timedated.service: Succeeded. Oct 09 08:51:35.026304 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:35.358546 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-10-09 08:51:35 UTC, end at Wed 2024-10-09 08:51:45 UTC. -- Oct 09 08:51:35.587935 osdx systemd-journald[5179]: Runtime journal (/run/log/journal/7b13f98cf6974d34b6af66a5ac8a2ed7) is 2.0M, max 16.0M, 14.0M free. Oct 09 08:51:35.616534 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'system journal clear'. Oct 09 08:51:35.865849 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:35.927055 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'delete'. Oct 09 08:51:36.031901 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 09 08:51:36.088582 osdx dnscrypt-proxy[24195]: Stopped. Oct 09 08:51:36.088602 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 09 08:51:36.089991 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 09 08:51:36.090243 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 09 08:51:36.165895 osdx ca-certificates[24292]: Clearing symlinks in /etc/ssl/certs... Oct 09 08:51:36.415353 osdx ca-certificates[24851]: done. Oct 09 08:51:36.418327 osdx ca-certificates[24859]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:36.789983 osdx ca-certificates[25697]: 137 added, 0 removed; done. Oct 09 08:51:36.793004 osdx ca-certificates[25703]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:36.797102 osdx ca-certificates[25705]: done. Oct 09 08:51:36.826101 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:36.828698 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:36.844938 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:37.874518 osdx OSDxCLI[25194]: User 'admin' entered the configuration menu. Oct 09 08:51:37.931527 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 09 08:51:38.023866 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 09 08:51:38.091115 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 09 08:51:38.175150 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 09 08:51:38.234186 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'. Oct 09 08:51:38.322972 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 09 08:51:38.380304 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 09 08:51:38.473514 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 09 08:51:38.534979 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 09 08:51:38.620972 osdx OSDxCLI[25194]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 09 08:51:38.698295 osdx ca-certificates[25748]: Updating certificates in /etc/ssl/certs... Oct 09 08:51:39.133464 osdx ca-certificates[26731]: 1 added, 0 removed; done. Oct 09 08:51:39.136188 osdx ca-certificates[26738]: Running hooks in /etc/ca-certificates/update.d... Oct 09 08:51:39.139136 osdx ca-certificates[26740]: done. Oct 09 08:51:39.155420 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 09 08:51:39.271535 osdx systemd[1]: Started DNSCrypt client proxy. Oct 09 08:51:39.272653 osdx cfgd[1327]: [25194]Completed change to active configuration Oct 09 08:51:39.285891 osdx dnscrypt-proxy[26804]: dnscrypt-proxy 2.0.45 Oct 09 08:51:39.286151 osdx dnscrypt-proxy[26804]: Network connectivity detected Oct 09 08:51:39.286421 osdx dnscrypt-proxy[26804]: Dropping privileges Oct 09 08:51:39.288376 osdx dnscrypt-proxy[26804]: Network connectivity detected Oct 09 08:51:39.288402 osdx dnscrypt-proxy[26804]: Now listening to 127.0.0.1:53 [UDP] Oct 09 08:51:39.288406 osdx dnscrypt-proxy[26804]: Now listening to 127.0.0.1:53 [TCP] Oct 09 08:51:39.288421 osdx dnscrypt-proxy[26804]: Firefox workaround initialized Oct 09 08:51:39.288425 osdx dnscrypt-proxy[26804]: Loading the set of cloaking rules from [/tmp/tmp2DP_3R] Oct 09 08:51:39.306996 osdx OSDxCLI[25194]: User 'admin' committed the configuration. Oct 09 08:51:39.323882 osdx OSDxCLI[25194]: User 'admin' left the configuration menu. Oct 09 08:51:39.513811 osdx dnscrypt-proxy[26804]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 09 08:51:39.513833 osdx dnscrypt-proxy[26804]: [RD] OK (DoH) - rtt: 203ms Oct 09 08:51:39.513844 osdx dnscrypt-proxy[26804]: Server with the lowest initial latency: RD (rtt: 203ms) Oct 09 08:51:39.513849 osdx dnscrypt-proxy[26804]: dnscrypt-proxy is ready - live servers: 1 Oct 09 08:51:40.028294 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:40.065490 osdx zebra[1280]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Oct 09 08:51:45.458316 osdx OSDxCLI[25194]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.