Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2023-10-30 11:32:11 UTC, end at Mon 2023-10-30 11:32:20 UTC. -- Oct 30 11:32:11.356177 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:32:11.369432 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:32:11.724209 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:11.849041 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:11.954597 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:12.124617 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:32:12.220373 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:12.263447 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:12.306438 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:12.469777 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:32:12.664696 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:12.778469 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:32:12.916708 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:32:13.028650 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:32:13.136804 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:32:13.261025 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:32:13.375559 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 11:32:13.490995 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:32:13.608218 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:13.718013 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:13.848988 osdx ca-certificates[12066]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:14.557223 osdx ca-certificates[13050]: 1 added, 0 removed; done. Oct 30 11:32:14.563110 osdx ca-certificates[13054]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:14.568584 osdx ca-certificates[13058]: done. Oct 30 11:32:14.634110 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:32:14.636971 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:14.641053 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:14.662459 osdx dnscrypt-proxy[13062]: dnscrypt-proxy 2.0.45 Oct 30 11:32:14.662876 osdx dnscrypt-proxy[13062]: Network connectivity detected Oct 30 11:32:14.665955 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:14.666706 osdx dnscrypt-proxy[13062]: Dropping privileges Oct 30 11:32:14.669122 osdx dnscrypt-proxy[13062]: Network connectivity detected Oct 30 11:32:14.669454 osdx dnscrypt-proxy[13062]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:32:14.669546 osdx dnscrypt-proxy[13062]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:32:14.669640 osdx dnscrypt-proxy[13062]: Firefox workaround initialized Oct 30 11:32:14.669718 osdx dnscrypt-proxy[13062]: Loading the set of cloaking rules from [/tmp/tmp8F3ltJ] Oct 30 11:32:14.916721 osdx dnscrypt-proxy[13062]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 11:32:14.916738 osdx dnscrypt-proxy[13062]: [RD] OK (DoH) - rtt: 167ms Oct 30 11:32:14.916748 osdx dnscrypt-proxy[13062]: Server with the lowest initial latency: RD (rtt: 167ms) Oct 30 11:32:14.916753 osdx dnscrypt-proxy[13062]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:32:20.854634 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2023-10-30 11:32:27 UTC, end at Mon 2023-10-30 11:32:37 UTC. -- Oct 30 11:32:27.440679 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:32:27.454386 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:32:27.801941 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:27.952830 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:28.057479 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:28.207797 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:32:28.306040 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:28.350909 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:28.395589 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:28.568136 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:32:28.824398 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:28.921637 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:32:29.014250 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:32:29.123416 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:32:29.245515 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:32:29.368813 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:32:29.474176 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 11:32:29.608655 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:32:29.712833 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:29.845878 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:30.012332 osdx ca-certificates[14720]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:30.701232 osdx ca-certificates[15704]: 1 added, 0 removed; done. Oct 30 11:32:30.710734 osdx ca-certificates[15709]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:30.716681 osdx ca-certificates[15712]: done. Oct 30 11:32:30.798671 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:32:30.801488 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:30.809628 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:30.839122 osdx dnscrypt-proxy[15716]: dnscrypt-proxy 2.0.45 Oct 30 11:32:30.839672 osdx dnscrypt-proxy[15716]: Network connectivity detected Oct 30 11:32:30.840211 osdx dnscrypt-proxy[15716]: Dropping privileges Oct 30 11:32:30.842501 osdx dnscrypt-proxy[15716]: Network connectivity detected Oct 30 11:32:30.842804 osdx dnscrypt-proxy[15716]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:32:30.842889 osdx dnscrypt-proxy[15716]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:32:30.842985 osdx dnscrypt-proxy[15716]: Firefox workaround initialized Oct 30 11:32:30.843062 osdx dnscrypt-proxy[15716]: Loading the set of cloaking rules from [/tmp/tmpc6aLMz] Oct 30 11:32:30.862163 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:31.830992 osdx dnscrypt-proxy[15716]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 11:32:31.831009 osdx dnscrypt-proxy[15716]: [RD] OK (DoH) - rtt: 951ms Oct 30 11:32:31.831019 osdx dnscrypt-proxy[15716]: Server with the lowest initial latency: RD (rtt: 951ms) Oct 30 11:32:31.831026 osdx dnscrypt-proxy[15716]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:32:37.052404 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2023-10-30 11:32:37 UTC, end at Mon 2023-10-30 11:32:42 UTC. -- Oct 30 11:32:37.312448 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:32:37.329053 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:32:37.736545 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:37.827573 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:32:37.934201 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:32:38.063766 osdx dnscrypt-proxy[15716]: Stopped. Oct 30 11:32:38.064978 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:32:38.065581 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:32:38.065925 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:32:38.163587 osdx ca-certificates[15789]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:32:38.491120 osdx ca-certificates[16347]: done. Oct 30 11:32:38.498384 osdx ca-certificates[16354]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:39.037185 osdx ca-certificates[17190]: 137 added, 0 removed; done. Oct 30 11:32:39.042954 osdx ca-certificates[17194]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:39.048207 osdx ca-certificates[17198]: done. Oct 30 11:32:39.089793 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:39.093335 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:39.141083 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:40.514662 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:40.623570 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:32:40.739642 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:32:40.858817 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:32:40.999147 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:32:41.120829 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:32:41.232554 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 11:32:41.348024 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:32:41.478319 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:41.604987 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:41.762171 osdx ca-certificates[17244]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:42.406860 osdx ca-certificates[18229]: 1 added, 0 removed; done. Oct 30 11:32:42.413062 osdx ca-certificates[18233]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:42.418406 osdx ca-certificates[18237]: done. Oct 30 11:32:42.447702 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:32:42.624645 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:32:42.627334 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:42.668850 osdx dnscrypt-proxy[18296]: dnscrypt-proxy 2.0.45 Oct 30 11:32:42.669255 osdx dnscrypt-proxy[18296]: Network connectivity detected Oct 30 11:32:42.671156 osdx dnscrypt-proxy[18296]: Dropping privileges Oct 30 11:32:42.680467 osdx dnscrypt-proxy[18296]: Network connectivity detected Oct 30 11:32:42.680507 osdx dnscrypt-proxy[18296]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:32:42.680513 osdx dnscrypt-proxy[18296]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:32:42.680535 osdx dnscrypt-proxy[18296]: Firefox workaround initialized Oct 30 11:32:42.680540 osdx dnscrypt-proxy[18296]: Loading the set of cloaking rules from [/tmp/tmp5a6fRi] Oct 30 11:32:42.700464 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:42.754213 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:42.903875 osdx dnscrypt-proxy[18296]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 11:32:42.903898 osdx dnscrypt-proxy[18296]: [RD] OK (DoH) - rtt: 158ms Oct 30 11:32:42.903910 osdx dnscrypt-proxy[18296]: Server with the lowest initial latency: RD (rtt: 158ms) Oct 30 11:32:42.903919 osdx dnscrypt-proxy[18296]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:32:42.953500 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2023-10-30 11:32:43 UTC, end at Mon 2023-10-30 11:32:48 UTC. -- Oct 30 11:32:43.258940 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:32:43.272055 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:32:43.652610 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:43.741846 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:32:43.848247 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:32:43.979862 osdx dnscrypt-proxy[18296]: Stopped. Oct 30 11:32:43.981150 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:32:43.981741 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:32:43.982075 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:32:44.080408 osdx ca-certificates[18384]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:32:44.404219 osdx ca-certificates[18942]: done. Oct 30 11:32:44.411258 osdx ca-certificates[18946]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:44.956382 osdx ca-certificates[19785]: 137 added, 0 removed; done. Oct 30 11:32:44.962147 osdx ca-certificates[19789]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:44.967249 osdx ca-certificates[19793]: done. Oct 30 11:32:45.009451 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:45.012942 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:45.038662 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:46.389658 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:46.486765 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:32:46.608707 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:32:46.703783 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:32:46.792422 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:32:46.934778 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:32:47.025752 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 11:32:47.133129 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:32:47.252540 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:47.345049 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:47.499144 osdx ca-certificates[19839]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:48.225368 osdx ca-certificates[20823]: 1 added, 0 removed; done. Oct 30 11:32:48.233864 osdx ca-certificates[20827]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:48.241656 osdx ca-certificates[20831]: done. Oct 30 11:32:48.271700 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:32:48.461735 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:32:48.465092 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:48.516911 osdx dnscrypt-proxy[20890]: dnscrypt-proxy 2.0.45 Oct 30 11:32:48.517333 osdx dnscrypt-proxy[20890]: Network connectivity detected Oct 30 11:32:48.519205 osdx dnscrypt-proxy[20890]: Dropping privileges Oct 30 11:32:48.526484 osdx dnscrypt-proxy[20890]: Network connectivity detected Oct 30 11:32:48.528787 osdx dnscrypt-proxy[20890]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:32:48.528977 osdx dnscrypt-proxy[20890]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:32:48.529160 osdx dnscrypt-proxy[20890]: Firefox workaround initialized Oct 30 11:32:48.529305 osdx dnscrypt-proxy[20890]: Loading the set of cloaking rules from [/tmp/tmpy8azKa] Oct 30 11:32:48.577865 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:48.623001 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:48.781659 osdx dnscrypt-proxy[20890]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 11:32:48.781683 osdx dnscrypt-proxy[20890]: [RD] OK (DoH) - rtt: 173ms Oct 30 11:32:48.781696 osdx dnscrypt-proxy[20890]: Server with the lowest initial latency: RD (rtt: 173ms) Oct 30 11:32:48.781704 osdx dnscrypt-proxy[20890]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:32:48.801111 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2023-10-30 11:32:56 UTC, end at Mon 2023-10-30 11:32:59 UTC. -- Oct 30 11:32:56.363401 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:32:56.379020 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:32:56.760068 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:56.884825 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:56.975974 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:57.102001 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:32:57.196941 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:57.240859 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:57.267512 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:57.438369 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:32:57.617236 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:32:57.715719 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:32:57.804852 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:32:57.903087 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:32:58.005647 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:32:58.120896 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:32:58.236604 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:32:58.352166 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:32:58.460788 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:32:58.587690 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:32:58.725044 osdx ca-certificates[22560]: Updating certificates in /etc/ssl/certs... Oct 30 11:32:59.371820 osdx ca-certificates[23544]: 1 added, 0 removed; done. Oct 30 11:32:59.377683 osdx ca-certificates[23548]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:32:59.382889 osdx ca-certificates[23552]: done. Oct 30 11:32:59.447466 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:32:59.450036 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:32:59.453926 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:32:59.475517 osdx dnscrypt-proxy[23556]: dnscrypt-proxy 2.0.45 Oct 30 11:32:59.475925 osdx dnscrypt-proxy[23556]: Network connectivity detected Oct 30 11:32:59.476455 osdx dnscrypt-proxy[23556]: Dropping privileges Oct 30 11:32:59.480137 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:32:59.482078 osdx dnscrypt-proxy[23556]: Network connectivity detected Oct 30 11:32:59.482430 osdx dnscrypt-proxy[23556]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:32:59.482437 osdx dnscrypt-proxy[23556]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:32:59.482462 osdx dnscrypt-proxy[23556]: Firefox workaround initialized Oct 30 11:32:59.482468 osdx dnscrypt-proxy[23556]: Loading the set of cloaking rules from [/tmp/tmptcmtoZ] Oct 30 11:32:59.483641 osdx dnscrypt-proxy[23556]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2023-10-30 11:33:06 UTC, end at Mon 2023-10-30 11:33:09 UTC. -- Oct 30 11:33:06.394710 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:06.411478 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:06.777816 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:06.907648 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:06.997687 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:07.136574 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:07.249491 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:07.307005 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:07.334169 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:07.510659 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:33:07.689397 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:07.785999 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:07.878099 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:07.971045 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:08.062368 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:08.157628 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:08.243717 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:33:08.334717 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:08.427728 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:08.520426 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:08.641671 osdx ca-certificates[25210]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:09.440019 osdx ca-certificates[26194]: 1 added, 0 removed; done. Oct 30 11:33:09.447396 osdx ca-certificates[26198]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:09.454111 osdx ca-certificates[26202]: done. Oct 30 11:33:09.530100 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:09.532901 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:09.541827 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:09.568073 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:09.576123 osdx dnscrypt-proxy[26206]: dnscrypt-proxy 2.0.45 Oct 30 11:33:09.576787 osdx dnscrypt-proxy[26206]: Network connectivity detected Oct 30 11:33:09.577575 osdx dnscrypt-proxy[26206]: Dropping privileges Oct 30 11:33:09.581801 osdx dnscrypt-proxy[26206]: Network connectivity detected Oct 30 11:33:09.582479 osdx dnscrypt-proxy[26206]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:09.582493 osdx dnscrypt-proxy[26206]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:09.582529 osdx dnscrypt-proxy[26206]: Firefox workaround initialized Oct 30 11:33:09.582539 osdx dnscrypt-proxy[26206]: Loading the set of cloaking rules from [/tmp/tmpxqyFzw] Oct 30 11:33:09.583980 osdx dnscrypt-proxy[26206]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2023-10-30 11:33:09 UTC, end at Mon 2023-10-30 11:33:15 UTC. -- Oct 30 11:33:09.934386 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:09.953510 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:10.345365 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:10.465724 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:33:10.576662 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:33:10.661812 osdx dnscrypt-proxy[26206]: Stopped. Oct 30 11:33:10.662981 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:33:10.663602 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:33:10.663953 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:33:10.787925 osdx ca-certificates[26273]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:33:11.151219 osdx ca-certificates[26832]: done. Oct 30 11:33:11.159668 osdx ca-certificates[26837]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:11.702331 osdx ca-certificates[27675]: 137 added, 0 removed; done. Oct 30 11:33:11.707976 osdx ca-certificates[27679]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:11.713409 osdx ca-certificates[27683]: done. Oct 30 11:33:11.755098 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:11.758609 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:11.793997 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:13.113620 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:13.240067 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:13.349642 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:13.460906 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:13.579071 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:13.700018 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:13.782359 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 11:33:13.894538 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:13.988271 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:14.078339 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:14.227521 osdx ca-certificates[27729]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:14.857659 osdx ca-certificates[28714]: 1 added, 0 removed; done. Oct 30 11:33:14.863857 osdx ca-certificates[28718]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:14.869488 osdx ca-certificates[28722]: done. Oct 30 11:33:14.900571 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:15.056866 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:15.059394 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:15.100972 osdx dnscrypt-proxy[28781]: dnscrypt-proxy 2.0.45 Oct 30 11:33:15.101372 osdx dnscrypt-proxy[28781]: Network connectivity detected Oct 30 11:33:15.101889 osdx dnscrypt-proxy[28781]: Dropping privileges Oct 30 11:33:15.109658 osdx dnscrypt-proxy[28781]: Network connectivity detected Oct 30 11:33:15.110001 osdx dnscrypt-proxy[28781]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:15.110087 osdx dnscrypt-proxy[28781]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:15.110182 osdx dnscrypt-proxy[28781]: Firefox workaround initialized Oct 30 11:33:15.110276 osdx dnscrypt-proxy[28781]: Loading the set of cloaking rules from [/tmp/tmppV2f7p] Oct 30 11:33:15.112006 osdx dnscrypt-proxy[28781]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 30 11:33:15.138525 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:15.184764 osdx OSDxCLI[4196]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Mon 2023-10-30 11:33:15 UTC, end at Mon 2023-10-30 11:33:20 UTC. -- Oct 30 11:33:15.582433 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:15.597721 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:15.993480 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:16.082166 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:33:16.188167 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:33:16.316648 osdx dnscrypt-proxy[28781]: Stopped. Oct 30 11:33:16.317858 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:33:16.318446 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:33:16.318777 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:33:16.418201 osdx ca-certificates[28863]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:33:16.742973 osdx ca-certificates[29421]: done. Oct 30 11:33:16.750669 osdx ca-certificates[29425]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:17.297763 osdx ca-certificates[30264]: 137 added, 0 removed; done. Oct 30 11:33:17.303590 osdx ca-certificates[30268]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:17.308909 osdx ca-certificates[30272]: done. Oct 30 11:33:17.352135 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:17.355642 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:17.381127 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:18.755275 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:18.854903 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:18.947167 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:19.046539 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:19.150207 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:19.257951 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:19.344882 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:33:19.466321 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 11:33:19.557928 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:19.665640 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:19.785120 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:19.931076 osdx ca-certificates[30319]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:20.612367 osdx ca-certificates[31303]: 1 added, 0 removed; done. Oct 30 11:33:20.618339 osdx ca-certificates[31307]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:20.623851 osdx ca-certificates[31311]: done. Oct 30 11:33:20.653248 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:20.812958 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:20.815769 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:20.857670 osdx dnscrypt-proxy[31370]: dnscrypt-proxy 2.0.45 Oct 30 11:33:20.858072 osdx dnscrypt-proxy[31370]: Network connectivity detected Oct 30 11:33:20.859405 osdx dnscrypt-proxy[31370]: Dropping privileges Oct 30 11:33:20.869695 osdx dnscrypt-proxy[31370]: Network connectivity detected Oct 30 11:33:20.869736 osdx dnscrypt-proxy[31370]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:20.869743 osdx dnscrypt-proxy[31370]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:20.869767 osdx dnscrypt-proxy[31370]: Firefox workaround initialized Oct 30 11:33:20.869774 osdx dnscrypt-proxy[31370]: Loading the set of cloaking rules from [/tmp/tmpqWUjx4] Oct 30 11:33:20.871215 osdx dnscrypt-proxy[31370]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 30 11:33:20.891340 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:20.957168 osdx OSDxCLI[4196]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2023-10-30 11:33:28 UTC, end at Mon 2023-10-30 11:33:37 UTC. -- Oct 30 11:33:28.382925 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:28.395657 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:28.745508 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:28.871256 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:28.961018 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:29.092636 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:29.186931 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:29.231601 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:29.260047 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:29.430692 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 11:33:29.623600 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:29.725048 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:29.815871 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:29.915286 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:30.006445 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:30.103975 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:30.189546 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:33:30.318352 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 11:33:30.414176 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:30.535642 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:30.656982 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:30.791340 osdx ca-certificates[567]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:31.494523 osdx ca-certificates[1592]: 1 added, 0 removed; done. Oct 30 11:33:31.500246 osdx ca-certificates[1596]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:31.505378 osdx ca-certificates[1600]: done. Oct 30 11:33:31.570200 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:31.572788 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:31.576708 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:31.597900 osdx dnscrypt-proxy[1604]: dnscrypt-proxy 2.0.45 Oct 30 11:33:31.598306 osdx dnscrypt-proxy[1604]: Network connectivity detected Oct 30 11:33:31.601242 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:31.601835 osdx dnscrypt-proxy[1604]: Dropping privileges Oct 30 11:33:31.604163 osdx dnscrypt-proxy[1604]: Network connectivity detected Oct 30 11:33:31.604450 osdx dnscrypt-proxy[1604]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:31.604532 osdx dnscrypt-proxy[1604]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:31.604644 osdx dnscrypt-proxy[1604]: Firefox workaround initialized Oct 30 11:33:31.604722 osdx dnscrypt-proxy[1604]: Loading the set of cloaking rules from [/tmp/tmpkWJfgM] Oct 30 11:33:31.795873 osdx dnscrypt-proxy[1604]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 11:33:31.795889 osdx dnscrypt-proxy[1604]: [RD] OK (DoH) - rtt: 160ms Oct 30 11:33:31.795898 osdx dnscrypt-proxy[1604]: Server with the lowest initial latency: RD (rtt: 160ms) Oct 30 11:33:31.795904 osdx dnscrypt-proxy[1604]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:33:37.788298 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2023-10-30 11:33:38 UTC, end at Mon 2023-10-30 11:33:43 UTC. -- Oct 30 11:33:38.047245 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:38.066249 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:38.474092 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:38.563442 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:33:38.676333 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:33:38.762714 osdx dnscrypt-proxy[1604]: Stopped. Oct 30 11:33:38.768342 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:33:38.768926 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:33:38.769306 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:33:38.894409 osdx ca-certificates[1677]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:33:39.237999 osdx ca-certificates[2235]: done. Oct 30 11:33:39.245412 osdx ca-certificates[2240]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:39.796053 osdx ca-certificates[3078]: 137 added, 0 removed; done. Oct 30 11:33:39.801816 osdx ca-certificates[3082]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:39.806888 osdx ca-certificates[3086]: done. Oct 30 11:33:39.852123 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:39.856727 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:39.924393 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:41.278871 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:41.385864 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:41.501599 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:41.617478 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:41.722677 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:41.849723 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:41.973080 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:33:42.067757 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 11:33:42.178115 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:42.276547 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:42.371726 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:42.515833 osdx ca-certificates[3133]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:43.247040 osdx ca-certificates[4117]: 1 added, 0 removed; done. Oct 30 11:33:43.253233 osdx ca-certificates[4121]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:43.258963 osdx ca-certificates[4125]: done. Oct 30 11:33:43.289383 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:43.458533 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:43.461928 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:43.510251 osdx dnscrypt-proxy[4184]: dnscrypt-proxy 2.0.45 Oct 30 11:33:43.510846 osdx dnscrypt-proxy[4184]: Network connectivity detected Oct 30 11:33:43.512960 osdx dnscrypt-proxy[4184]: Dropping privileges Oct 30 11:33:43.522428 osdx dnscrypt-proxy[4184]: Network connectivity detected Oct 30 11:33:43.522888 osdx dnscrypt-proxy[4184]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:43.523004 osdx dnscrypt-proxy[4184]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:43.523124 osdx dnscrypt-proxy[4184]: Firefox workaround initialized Oct 30 11:33:43.523222 osdx dnscrypt-proxy[4184]: Loading the set of cloaking rules from [/tmp/tmpbgzeKC] Oct 30 11:33:43.565035 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:43.613574 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:43.753143 osdx dnscrypt-proxy[4184]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 11:33:43.753161 osdx dnscrypt-proxy[4184]: [RD] OK (DoH) - rtt: 159ms Oct 30 11:33:43.753170 osdx dnscrypt-proxy[4184]: Server with the lowest initial latency: RD (rtt: 159ms) Oct 30 11:33:43.753176 osdx dnscrypt-proxy[4184]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:33:43.788515 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2023-10-30 11:33:44 UTC, end at Mon 2023-10-30 11:33:49 UTC. -- Oct 30 11:33:44.086233 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:44.099607 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:44.479653 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:44.571253 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:33:44.683271 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:33:44.766573 osdx dnscrypt-proxy[4184]: Stopped. Oct 30 11:33:44.767871 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:33:44.768452 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:33:44.768793 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:33:44.875274 osdx ca-certificates[4275]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:33:45.197033 osdx ca-certificates[4833]: done. Oct 30 11:33:45.204365 osdx ca-certificates[4837]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:45.740990 osdx ca-certificates[5676]: 137 added, 0 removed; done. Oct 30 11:33:45.746987 osdx ca-certificates[5680]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:45.752125 osdx ca-certificates[5684]: done. Oct 30 11:33:45.793553 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:45.796928 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:45.845429 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:47.249499 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:47.347570 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:47.480644 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:47.578352 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:47.664552 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:47.759462 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:47.844957 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 11:33:47.972789 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 11:33:48.060525 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:48.154608 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:48.274572 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:48.402793 osdx ca-certificates[5731]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:49.050429 osdx ca-certificates[6715]: 1 added, 0 removed; done. Oct 30 11:33:49.056585 osdx ca-certificates[6719]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:49.061811 osdx ca-certificates[6723]: done. Oct 30 11:33:49.092637 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:49.248677 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:49.251274 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:49.293062 osdx dnscrypt-proxy[6782]: dnscrypt-proxy 2.0.45 Oct 30 11:33:49.293453 osdx dnscrypt-proxy[6782]: Network connectivity detected Oct 30 11:33:49.293990 osdx dnscrypt-proxy[6782]: Dropping privileges Oct 30 11:33:49.301802 osdx dnscrypt-proxy[6782]: Network connectivity detected Oct 30 11:33:49.303488 osdx dnscrypt-proxy[6782]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:49.303496 osdx dnscrypt-proxy[6782]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:49.303519 osdx dnscrypt-proxy[6782]: Firefox workaround initialized Oct 30 11:33:49.303525 osdx dnscrypt-proxy[6782]: Loading the set of cloaking rules from [/tmp/tmp1297Xq] Oct 30 11:33:49.324187 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:49.372298 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:49.540160 osdx dnscrypt-proxy[6782]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 11:33:49.540177 osdx dnscrypt-proxy[6782]: [RD] OK (DoH) - rtt: 173ms Oct 30 11:33:49.540186 osdx dnscrypt-proxy[6782]: Server with the lowest initial latency: RD (rtt: 173ms) Oct 30 11:33:49.540192 osdx dnscrypt-proxy[6782]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:33:49.545809 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Mon 2023-10-30 11:33:49 UTC, end at Mon 2023-10-30 11:34:01 UTC. -- Oct 30 11:33:49.805899 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:33:49.819372 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:33:50.182611 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:50.273304 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:33:50.403901 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:33:50.491845 osdx dnscrypt-proxy[6782]: Stopped. Oct 30 11:33:50.493598 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:33:50.494410 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:33:50.494935 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:33:50.593320 osdx ca-certificates[6872]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:33:50.946158 osdx ca-certificates[7430]: done. Oct 30 11:33:50.953232 osdx ca-certificates[7435]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:51.507711 osdx ca-certificates[8273]: 137 added, 0 removed; done. Oct 30 11:33:51.513616 osdx ca-certificates[8277]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:51.518714 osdx ca-certificates[8281]: done. Oct 30 11:33:51.560954 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:51.564290 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:51.588662 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:52.963826 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:33:53.068733 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:33:53.185836 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:33:53.280236 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:33:53.368570 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:33:53.489264 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:33:53.573702 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 11:33:53.667321 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 11:33:53.752678 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:33:53.849212 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:33:53.939511 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:33:54.069527 osdx ca-certificates[8328]: Updating certificates in /etc/ssl/certs... Oct 30 11:33:54.727980 osdx ca-certificates[9312]: 1 added, 0 removed; done. Oct 30 11:33:54.734033 osdx ca-certificates[9316]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:33:54.739547 osdx ca-certificates[9320]: done. Oct 30 11:33:54.768646 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:33:54.925568 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:33:54.928159 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:33:54.968326 osdx dnscrypt-proxy[9379]: dnscrypt-proxy 2.0.45 Oct 30 11:33:54.968724 osdx dnscrypt-proxy[9379]: Network connectivity detected Oct 30 11:33:54.970979 osdx dnscrypt-proxy[9379]: Dropping privileges Oct 30 11:33:54.977808 osdx dnscrypt-proxy[9379]: Network connectivity detected Oct 30 11:33:54.978130 osdx dnscrypt-proxy[9379]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:33:54.978234 osdx dnscrypt-proxy[9379]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:33:54.978325 osdx dnscrypt-proxy[9379]: Firefox workaround initialized Oct 30 11:33:54.978420 osdx dnscrypt-proxy[9379]: Loading the set of cloaking rules from [/tmp/tmpVBiJkx] Oct 30 11:33:54.999788 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:33:55.027182 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:33:55.197701 osdx dnscrypt-proxy[9379]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 11:33:55.197727 osdx dnscrypt-proxy[9379]: [RD] OK (DoH) - rtt: 151ms Oct 30 11:33:55.197742 osdx dnscrypt-proxy[9379]: Server with the lowest initial latency: RD (rtt: 151ms) Oct 30 11:33:55.197752 osdx dnscrypt-proxy[9379]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:33:58.006827 osdx systemd[1]: systemd-timedated.service: Succeeded. Oct 30 11:34:01.191541 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Mon 2023-10-30 11:34:01 UTC, end at Mon 2023-10-30 11:34:13 UTC. -- Oct 30 11:34:01.477356 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:34:01.491262 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:34:01.876308 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:34:01.967742 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:34:02.085227 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:34:02.215979 osdx dnscrypt-proxy[9379]: Stopped. Oct 30 11:34:02.217800 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:34:02.218751 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:34:02.219225 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:34:02.357363 osdx ca-certificates[9474]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:34:02.730327 osdx ca-certificates[10032]: done. Oct 30 11:34:02.741792 osdx ca-certificates[10036]: Updating certificates in /etc/ssl/certs... Oct 30 11:34:03.386783 osdx ca-certificates[10875]: 137 added, 0 removed; done. Oct 30 11:34:03.395182 osdx ca-certificates[10879]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:34:03.402629 osdx ca-certificates[10883]: done. Oct 30 11:34:03.449180 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:34:03.453991 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:34:03.496905 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:34:04.880872 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:34:04.988682 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:34:05.104998 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:34:05.214624 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:34:05.334853 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:34:05.461082 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:34:05.553456 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 11:34:05.643678 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 11:34:05.734583 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:34:05.827052 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:34:05.918753 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:34:06.055207 osdx ca-certificates[10930]: Updating certificates in /etc/ssl/certs... Oct 30 11:34:06.801747 osdx ca-certificates[11914]: 1 added, 0 removed; done. Oct 30 11:34:06.808658 osdx ca-certificates[11918]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:34:06.814112 osdx ca-certificates[11922]: done. Oct 30 11:34:06.844637 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:34:07.024137 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:34:07.026754 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:34:07.065650 osdx dnscrypt-proxy[11981]: dnscrypt-proxy 2.0.45 Oct 30 11:34:07.066071 osdx dnscrypt-proxy[11981]: Network connectivity detected Oct 30 11:34:07.067797 osdx dnscrypt-proxy[11981]: Dropping privileges Oct 30 11:34:07.076797 osdx dnscrypt-proxy[11981]: Network connectivity detected Oct 30 11:34:07.076837 osdx dnscrypt-proxy[11981]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:34:07.076843 osdx dnscrypt-proxy[11981]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:34:07.076865 osdx dnscrypt-proxy[11981]: Firefox workaround initialized Oct 30 11:34:07.076871 osdx dnscrypt-proxy[11981]: Loading the set of cloaking rules from [/tmp/tmpZPCD3R] Oct 30 11:34:07.115221 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:34:07.152168 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:34:07.361012 osdx dnscrypt-proxy[11981]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 11:34:07.361028 osdx dnscrypt-proxy[11981]: [RD] OK (DoH) - rtt: 173ms Oct 30 11:34:07.361037 osdx dnscrypt-proxy[11981]: Server with the lowest initial latency: RD (rtt: 173ms) Oct 30 11:34:07.361043 osdx dnscrypt-proxy[11981]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:34:13.316838 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://certs/remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Mon 2023-10-30 11:34:13 UTC, end at Mon 2023-10-30 11:34:18 UTC. -- Oct 30 11:34:13.551572 osdx systemd-journald[629]: Runtime journal (/run/log/journal/3d151f703f7748e3bca150e5e3f65077) is 2.0M, max 16.0M, 14.0M free. Oct 30 11:34:13.564410 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'system journal clear'. Oct 30 11:34:13.976362 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:34:14.067916 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'delete'. Oct 30 11:34:14.204314 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 11:34:14.290126 osdx dnscrypt-proxy[11981]: Stopped. Oct 30 11:34:14.291817 osdx systemd[1]: Stopping DNSCrypt client proxy... Oct 30 11:34:14.292671 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Oct 30 11:34:14.293139 osdx systemd[1]: Stopped DNSCrypt client proxy. Oct 30 11:34:14.394119 osdx ca-certificates[12069]: Clearing symlinks in /etc/ssl/certs... Oct 30 11:34:14.715096 osdx ca-certificates[12627]: done. Oct 30 11:34:14.722693 osdx ca-certificates[12631]: Updating certificates in /etc/ssl/certs... Oct 30 11:34:15.271720 osdx ca-certificates[13471]: 137 added, 0 removed; done. Oct 30 11:34:15.277776 osdx ca-certificates[13475]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:34:15.284796 osdx ca-certificates[13479]: done. Oct 30 11:34:15.337307 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:34:15.341209 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:34:15.366088 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:34:16.750378 osdx OSDxCLI[4196]: User 'admin' entered the configuration menu. Oct 30 11:34:16.848013 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set system certificate trust running://certs/remote.dns-server.crt'. Oct 30 11:34:16.939458 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 11:34:17.038639 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 11:34:17.129918 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 11:34:17.257352 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 029f30c34b083de26ae4e176db2577cb64913132c357003e2fa24228571c3b1d'. Oct 30 11:34:17.341865 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 11:34:17.440666 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 11:34:17.527962 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 11:34:17.625007 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Oct 30 11:34:17.716149 osdx OSDxCLI[4196]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 11:34:17.856554 osdx ca-certificates[13526]: Updating certificates in /etc/ssl/certs... Oct 30 11:34:18.479590 osdx ca-certificates[14510]: 1 added, 0 removed; done. Oct 30 11:34:18.486205 osdx ca-certificates[14514]: Running hooks in /etc/ca-certificates/update.d... Oct 30 11:34:18.491377 osdx ca-certificates[14518]: done. Oct 30 11:34:18.520647 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 11:34:18.686714 osdx systemd[1]: Started DNSCrypt client proxy. Oct 30 11:34:18.689216 osdx cfgd[1093]: [4196]Completed change to active configuration Oct 30 11:34:18.729686 osdx dnscrypt-proxy[14577]: dnscrypt-proxy 2.0.45 Oct 30 11:34:18.732587 osdx dnscrypt-proxy[14577]: Network connectivity detected Oct 30 11:34:18.732899 osdx dnscrypt-proxy[14577]: Dropping privileges Oct 30 11:34:18.741876 osdx dnscrypt-proxy[14577]: Network connectivity detected Oct 30 11:34:18.742221 osdx dnscrypt-proxy[14577]: Now listening to 127.0.0.1:53 [UDP] Oct 30 11:34:18.742311 osdx dnscrypt-proxy[14577]: Now listening to 127.0.0.1:53 [TCP] Oct 30 11:34:18.742405 osdx dnscrypt-proxy[14577]: Firefox workaround initialized Oct 30 11:34:18.742498 osdx dnscrypt-proxy[14577]: Loading the set of cloaking rules from [/tmp/tmpUYzfp8] Oct 30 11:34:18.766073 osdx OSDxCLI[4196]: User 'admin' committed the configuration. Oct 30 11:34:18.802787 osdx OSDxCLI[4196]: User 'admin' left the configuration menu. Oct 30 11:34:18.961269 osdx dnscrypt-proxy[14577]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 11:34:18.961293 osdx dnscrypt-proxy[14577]: [RD] OK (DoH) - rtt: 150ms Oct 30 11:34:18.961306 osdx dnscrypt-proxy[14577]: Server with the lowest initial latency: RD (rtt: 150ms) Oct 30 11:34:18.961314 osdx dnscrypt-proxy[14577]: dnscrypt-proxy is ready - live servers: 1 Oct 30 11:34:18.982555 osdx OSDxCLI[4196]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.