Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-04-03 21:38:52 UTC, end at Wed 2024-04-03 21:38:56 UTC. -- Apr 03 21:38:52.000349 osdx systemd-timedated[2611]: Changed local time to Wed Apr 3 21:38:52 2024 Apr 03 21:38:52.002582 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'set date 2024-04-03 21:38:52'. Apr 03 21:38:52.398127 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 4.0M, max 16.0M, 12.0M free. Apr 03 21:38:52.413237 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:38:52.794391 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:38:52.945844 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:38:53.059413 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:38:53.063102 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:38:53.225437 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:38:53.343537 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:38:53.393323 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:38:53.458445 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:38:53.649074 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:38:53.853262 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:38:53.960482 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:38:54.077056 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:38:54.185880 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:38:54.304186 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:38:54.428974 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:38:54.543689 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 03 21:38:54.654921 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:38:54.775802 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:38:54.871353 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:38:55.020923 osdx ca-certificates[2934]: Updating certificates in /etc/ssl/certs... Apr 03 21:38:55.814264 osdx ca-certificates[3919]: 1 added, 0 removed; done. Apr 03 21:38:55.820480 osdx ca-certificates[3923]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:38:55.826523 osdx ca-certificates[3927]: done. Apr 03 21:38:55.909425 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:38:55.913521 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:38:55.923437 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:38:55.955269 osdx dnscrypt-proxy[3931]: dnscrypt-proxy 2.0.45 Apr 03 21:38:55.955767 osdx dnscrypt-proxy[3931]: Network connectivity detected Apr 03 21:38:55.956438 osdx dnscrypt-proxy[3931]: Dropping privileges Apr 03 21:38:55.959700 osdx dnscrypt-proxy[3931]: Network connectivity detected Apr 03 21:38:55.960084 osdx dnscrypt-proxy[3931]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:38:55.960213 osdx dnscrypt-proxy[3931]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:38:55.960345 osdx dnscrypt-proxy[3931]: Firefox workaround initialized Apr 03 21:38:55.960456 osdx dnscrypt-proxy[3931]: Loading the set of cloaking rules from [/tmp/tmpzLIWXr] Apr 03 21:38:55.975413 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:38:56.144332 osdx dnscrypt-proxy[3931]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 03 21:38:56.144356 osdx dnscrypt-proxy[3931]: [RD] OK (DoH) - rtt: 128ms Apr 03 21:38:56.144369 osdx dnscrypt-proxy[3931]: Server with the lowest initial latency: RD (rtt: 128ms) Apr 03 21:38:56.144378 osdx dnscrypt-proxy[3931]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:38:56.156635 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-04-03 21:39:05 UTC, end at Wed 2024-04-03 21:39:14 UTC. -- Apr 03 21:39:05.363388 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:05.376773 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:05.726988 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:05.853833 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:05.955751 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:06.109790 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:06.201217 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:06.244244 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:06.270834 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:06.439975 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:39:06.612684 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:06.714924 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:06.806137 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:06.916014 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:07.010014 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:07.131765 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:07.258535 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 03 21:39:07.346424 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:07.384159 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:07.440312 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:07.532810 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:07.649274 osdx ca-certificates[5651]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:08.299946 osdx ca-certificates[6635]: 1 added, 0 removed; done. Apr 03 21:39:08.305880 osdx ca-certificates[6639]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:08.311103 osdx ca-certificates[6643]: done. Apr 03 21:39:08.378067 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:08.380936 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:08.385384 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:08.409887 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:08.410667 osdx dnscrypt-proxy[6647]: dnscrypt-proxy 2.0.45 Apr 03 21:39:08.411080 osdx dnscrypt-proxy[6647]: Network connectivity detected Apr 03 21:39:08.411399 osdx dnscrypt-proxy[6647]: Dropping privileges Apr 03 21:39:08.414238 osdx dnscrypt-proxy[6647]: Network connectivity detected Apr 03 21:39:08.414533 osdx dnscrypt-proxy[6647]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:08.414622 osdx dnscrypt-proxy[6647]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:08.414723 osdx dnscrypt-proxy[6647]: Firefox workaround initialized Apr 03 21:39:08.414803 osdx dnscrypt-proxy[6647]: Loading the set of cloaking rules from [/tmp/tmpqP7GrW] Apr 03 21:39:08.576980 osdx dnscrypt-proxy[6647]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 03 21:39:08.576998 osdx dnscrypt-proxy[6647]: [RD] OK (DoH) - rtt: 128ms Apr 03 21:39:08.577007 osdx dnscrypt-proxy[6647]: Server with the lowest initial latency: RD (rtt: 128ms) Apr 03 21:39:08.577014 osdx dnscrypt-proxy[6647]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:39:08.763239 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:14.575683 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-04-03 21:39:14 UTC, end at Wed 2024-04-03 21:39:20 UTC. -- Apr 03 21:39:14.875990 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:14.889514 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:15.307686 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:15.403843 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:39:15.541329 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:39:15.636762 osdx dnscrypt-proxy[6647]: Stopped. Apr 03 21:39:15.638056 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:39:15.638674 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:39:15.639059 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:39:15.653987 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:15.756916 osdx ca-certificates[6720]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:39:16.082837 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:16.088192 osdx ca-certificates[7278]: done. Apr 03 21:39:16.095404 osdx ca-certificates[7283]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:16.665147 osdx ca-certificates[8121]: 137 added, 0 removed; done. Apr 03 21:39:16.671546 osdx ca-certificates[8125]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:16.677361 osdx ca-certificates[8129]: done. Apr 03 21:39:16.721199 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:16.724907 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:16.767111 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:18.210043 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:18.317524 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:18.436830 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:18.544921 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:18.661215 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:18.789481 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:18.894275 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 03 21:39:18.994578 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:19.114740 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:19.219392 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:19.279641 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:19.381716 osdx ca-certificates[8175]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:19.837412 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:20.080685 osdx ca-certificates[9160]: 1 added, 0 removed; done. Apr 03 21:39:20.089397 osdx ca-certificates[9164]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:20.097062 osdx ca-certificates[9168]: done. Apr 03 21:39:20.133849 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:20.314410 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:20.317207 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:20.361994 osdx dnscrypt-proxy[9227]: dnscrypt-proxy 2.0.45 Apr 03 21:39:20.362065 osdx dnscrypt-proxy[9227]: Network connectivity detected Apr 03 21:39:20.362387 osdx dnscrypt-proxy[9227]: Dropping privileges Apr 03 21:39:20.371113 osdx dnscrypt-proxy[9227]: Network connectivity detected Apr 03 21:39:20.371445 osdx dnscrypt-proxy[9227]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:20.371536 osdx dnscrypt-proxy[9227]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:20.371632 osdx dnscrypt-proxy[9227]: Firefox workaround initialized Apr 03 21:39:20.371714 osdx dnscrypt-proxy[9227]: Loading the set of cloaking rules from [/tmp/tmpuXjYkb] Apr 03 21:39:20.390457 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:20.454051 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:20.580911 osdx dnscrypt-proxy[9227]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 03 21:39:20.580935 osdx dnscrypt-proxy[9227]: [RD] OK (DoH) - rtt: 123ms Apr 03 21:39:20.580949 osdx dnscrypt-proxy[9227]: Server with the lowest initial latency: RD (rtt: 123ms) Apr 03 21:39:20.580958 osdx dnscrypt-proxy[9227]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:39:20.639047 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-04-03 21:39:20 UTC, end at Wed 2024-04-03 21:39:26 UTC. -- Apr 03 21:39:20.926318 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:20.939601 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:21.303655 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:21.403254 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:39:21.546953 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:39:21.692671 osdx dnscrypt-proxy[9227]: Stopped. Apr 03 21:39:21.694058 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:39:21.694711 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:39:21.695250 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:39:21.818389 osdx ca-certificates[9315]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:39:22.197221 osdx ca-certificates[9873]: done. Apr 03 21:39:22.204012 osdx ca-certificates[9878]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:22.384172 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:22.819436 osdx ca-certificates[10716]: 137 added, 0 removed; done. Apr 03 21:39:22.825313 osdx ca-certificates[10720]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:22.830617 osdx ca-certificates[10724]: done. Apr 03 21:39:22.872782 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:22.876442 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:22.931935 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:23.761654 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:24.346040 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:24.447372 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:24.536487 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:24.633824 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:24.736349 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:24.853547 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:24.971282 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 03 21:39:25.116037 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:25.217137 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:25.323936 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:25.492162 osdx ca-certificates[10770]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:26.243751 osdx ca-certificates[11754]: 1 added, 0 removed; done. Apr 03 21:39:26.252533 osdx ca-certificates[11758]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:26.258724 osdx ca-certificates[11762]: done. Apr 03 21:39:26.289877 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:26.474913 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:26.477752 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:26.522420 osdx dnscrypt-proxy[11821]: dnscrypt-proxy 2.0.45 Apr 03 21:39:26.522490 osdx dnscrypt-proxy[11821]: Network connectivity detected Apr 03 21:39:26.522818 osdx dnscrypt-proxy[11821]: Dropping privileges Apr 03 21:39:26.531027 osdx dnscrypt-proxy[11821]: Network connectivity detected Apr 03 21:39:26.531358 osdx dnscrypt-proxy[11821]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:26.531469 osdx dnscrypt-proxy[11821]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:26.531572 osdx dnscrypt-proxy[11821]: Firefox workaround initialized Apr 03 21:39:26.531653 osdx dnscrypt-proxy[11821]: Loading the set of cloaking rules from [/tmp/tmpsSohgA] Apr 03 21:39:26.557215 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:26.588759 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:26.727688 osdx dnscrypt-proxy[11821]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:39:26.727713 osdx dnscrypt-proxy[11821]: [RD] OK (DoH) - rtt: 126ms Apr 03 21:39:26.727726 osdx dnscrypt-proxy[11821]: Server with the lowest initial latency: RD (rtt: 126ms) Apr 03 21:39:26.727735 osdx dnscrypt-proxy[11821]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:39:26.758795 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-04-03 21:39:35 UTC, end at Wed 2024-04-03 21:39:38 UTC. -- Apr 03 21:39:35.000242 osdx systemd-timedated[13428]: Changed local time to Wed Apr 3 21:39:35 2024 Apr 03 21:39:35.002395 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'set date 2024-04-03 21:39:35'. Apr 03 21:39:35.359730 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 4.0M, max 16.0M, 12.0M free. Apr 03 21:39:35.372991 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:35.721377 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:35.850347 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:35.942848 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:36.116879 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:36.236046 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:36.291086 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:36.329326 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:36.513391 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:39:36.718177 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:36.783333 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:36.829359 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:36.945103 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:37.075978 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:37.203921 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:37.331148 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:37.531053 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:39:37.666270 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:37.780120 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:37.896963 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:38.022523 osdx ca-certificates[13557]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:38.160947 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:38.707857 osdx ca-certificates[14542]: 1 added, 0 removed; done. Apr 03 21:39:38.714480 osdx ca-certificates[14546]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:38.720062 osdx ca-certificates[14550]: done. Apr 03 21:39:38.809400 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:38.812376 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:38.822364 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:38.839806 osdx dnscrypt-proxy[14554]: dnscrypt-proxy 2.0.45 Apr 03 21:39:38.840208 osdx dnscrypt-proxy[14554]: Network connectivity detected Apr 03 21:39:38.840769 osdx dnscrypt-proxy[14554]: Dropping privileges Apr 03 21:39:38.843354 osdx dnscrypt-proxy[14554]: Network connectivity detected Apr 03 21:39:38.843663 osdx dnscrypt-proxy[14554]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:38.843752 osdx dnscrypt-proxy[14554]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:38.843853 osdx dnscrypt-proxy[14554]: Firefox workaround initialized Apr 03 21:39:38.843934 osdx dnscrypt-proxy[14554]: Loading the set of cloaking rules from [/tmp/tmpuetObY] Apr 03 21:39:38.844933 osdx dnscrypt-proxy[14554]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 03 21:39:38.891593 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:38.997471 osdx dnscrypt-proxy[14554]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:39:38.997717 osdx dnscrypt-proxy[14554]: [RD] OK (DoH) - rtt: 110ms Apr 03 21:39:38.997837 osdx dnscrypt-proxy[14554]: Server with the lowest initial latency: RD (rtt: 110ms) Apr 03 21:39:38.997946 osdx dnscrypt-proxy[14554]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-04-03 21:39:48 UTC, end at Wed 2024-04-03 21:39:52 UTC. -- Apr 03 21:39:48.507001 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:48.520694 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:49.016049 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:49.141526 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:49.295362 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:49.332790 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:49.461150 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:49.576096 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:49.628531 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:49.659064 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:49.838819 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:39:49.884854 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:50.017343 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:50.116364 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:50.211242 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:50.318303 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:50.437018 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:50.584238 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:50.721669 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:39:50.839002 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:50.946243 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:51.091734 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:51.247952 osdx ca-certificates[16266]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:51.963088 osdx ca-certificates[17250]: 1 added, 0 removed; done. Apr 03 21:39:51.971921 osdx ca-certificates[17254]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:51.977693 osdx ca-certificates[17258]: done. Apr 03 21:39:52.048114 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:52.051773 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:52.060353 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:52.090245 osdx dnscrypt-proxy[17262]: dnscrypt-proxy 2.0.45 Apr 03 21:39:52.090895 osdx dnscrypt-proxy[17262]: Network connectivity detected Apr 03 21:39:52.091343 osdx dnscrypt-proxy[17262]: Dropping privileges Apr 03 21:39:52.094882 osdx dnscrypt-proxy[17262]: Network connectivity detected Apr 03 21:39:52.095331 osdx dnscrypt-proxy[17262]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:52.095500 osdx dnscrypt-proxy[17262]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:52.095615 osdx dnscrypt-proxy[17262]: Firefox workaround initialized Apr 03 21:39:52.095726 osdx dnscrypt-proxy[17262]: Loading the set of cloaking rules from [/tmp/tmpqjR6xZ] Apr 03 21:39:52.096996 osdx dnscrypt-proxy[17262]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 03 21:39:52.120382 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:52.275641 osdx dnscrypt-proxy[17262]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:39:52.275665 osdx dnscrypt-proxy[17262]: [RD] OK (DoH) - rtt: 127ms Apr 03 21:39:52.275678 osdx dnscrypt-proxy[17262]: Server with the lowest initial latency: RD (rtt: 127ms) Apr 03 21:39:52.275687 osdx dnscrypt-proxy[17262]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-04-03 21:39:52 UTC, end at Wed 2024-04-03 21:39:58 UTC. -- Apr 03 21:39:52.505405 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:52.524749 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:52.942257 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:53.086250 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:39:53.198152 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:39:53.282403 osdx dnscrypt-proxy[17262]: Stopped. Apr 03 21:39:53.284167 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:39:53.285036 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:39:53.285572 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:39:53.388565 osdx ca-certificates[17329]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:39:53.719353 osdx ca-certificates[17887]: done. Apr 03 21:39:53.727331 osdx ca-certificates[17891]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:53.809343 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:39:54.295980 osdx ca-certificates[18730]: 137 added, 0 removed; done. Apr 03 21:39:54.301809 osdx ca-certificates[18734]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:54.307548 osdx ca-certificates[18738]: done. Apr 03 21:39:54.349955 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:54.353542 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:54.404687 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:55.957763 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:56.064681 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:39:56.183107 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:39:56.286764 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:39:56.406783 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:39:56.531390 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:39:56.615687 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 03 21:39:56.746959 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:39:56.860792 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:39:56.969860 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:39:57.105518 osdx ca-certificates[18784]: Updating certificates in /etc/ssl/certs... Apr 03 21:39:57.842688 osdx ca-certificates[19768]: 1 added, 0 removed; done. Apr 03 21:39:57.849222 osdx ca-certificates[19772]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:39:57.854970 osdx ca-certificates[19776]: done. Apr 03 21:39:57.889136 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:39:58.093644 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:39:58.096682 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:39:58.135252 osdx dnscrypt-proxy[19835]: dnscrypt-proxy 2.0.45 Apr 03 21:39:58.138962 osdx dnscrypt-proxy[19835]: Network connectivity detected Apr 03 21:39:58.141252 osdx dnscrypt-proxy[19835]: Dropping privileges Apr 03 21:39:58.150488 osdx dnscrypt-proxy[19835]: Network connectivity detected Apr 03 21:39:58.150846 osdx dnscrypt-proxy[19835]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:39:58.150941 osdx dnscrypt-proxy[19835]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:39:58.151040 osdx dnscrypt-proxy[19835]: Firefox workaround initialized Apr 03 21:39:58.151126 osdx dnscrypt-proxy[19835]: Loading the set of cloaking rules from [/tmp/tmpzLXPK_] Apr 03 21:39:58.152327 osdx dnscrypt-proxy[19835]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 03 21:39:58.183905 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:39:58.247646 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:39:58.350323 osdx dnscrypt-proxy[19835]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:39:58.350342 osdx dnscrypt-proxy[19835]: [RD] OK (DoH) - rtt: 133ms Apr 03 21:39:58.350352 osdx dnscrypt-proxy[19835]: Server with the lowest initial latency: RD (rtt: 133ms) Apr 03 21:39:58.350359 osdx dnscrypt-proxy[19835]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Wed 2024-04-03 21:39:58 UTC, end at Wed 2024-04-03 21:40:04 UTC. -- Apr 03 21:39:58.575633 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:39:58.589854 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:39:58.982886 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:39:59.070698 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:39:59.177226 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:39:59.299906 osdx dnscrypt-proxy[19835]: Stopped. Apr 03 21:39:59.301669 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:39:59.302502 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:39:59.303011 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:39:59.435840 osdx ca-certificates[19917]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:39:59.823844 osdx ca-certificates[20475]: done. Apr 03 21:39:59.831850 osdx ca-certificates[20479]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:00.403203 osdx ca-certificates[21318]: 137 added, 0 removed; done. Apr 03 21:40:00.410077 osdx ca-certificates[21322]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:00.415534 osdx ca-certificates[21326]: done. Apr 03 21:40:00.457947 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:00.461787 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:00.491233 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:00.705033 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:01.130325 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:01.932641 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:02.040483 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:02.161027 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:02.272221 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:02.391875 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:02.518826 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:02.641543 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:40:02.769314 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 03 21:40:02.905751 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:03.027612 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:03.119400 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:03.273863 osdx ca-certificates[21382]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:03.989221 osdx ca-certificates[22366]: 1 added, 0 removed; done. Apr 03 21:40:03.995164 osdx ca-certificates[22370]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:04.000583 osdx ca-certificates[22374]: done. Apr 03 21:40:04.033128 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:04.194715 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:04.197655 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:04.241751 osdx dnscrypt-proxy[22433]: dnscrypt-proxy 2.0.45 Apr 03 21:40:04.241822 osdx dnscrypt-proxy[22433]: Network connectivity detected Apr 03 21:40:04.242148 osdx dnscrypt-proxy[22433]: Dropping privileges Apr 03 21:40:04.250521 osdx dnscrypt-proxy[22433]: Network connectivity detected Apr 03 21:40:04.250852 osdx dnscrypt-proxy[22433]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:04.250948 osdx dnscrypt-proxy[22433]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:04.251044 osdx dnscrypt-proxy[22433]: Firefox workaround initialized Apr 03 21:40:04.251126 osdx dnscrypt-proxy[22433]: Loading the set of cloaking rules from [/tmp/tmpT7innA] Apr 03 21:40:04.253248 osdx dnscrypt-proxy[22433]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 03 21:40:04.280777 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:04.328859 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:04.478615 osdx dnscrypt-proxy[22433]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:40:04.478640 osdx dnscrypt-proxy[22433]: [RD] OK (DoH) - rtt: 160ms Apr 03 21:40:04.478653 osdx dnscrypt-proxy[22433]: Server with the lowest initial latency: RD (rtt: 160ms) Apr 03 21:40:04.478662 osdx dnscrypt-proxy[22433]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-04-03 21:40:16 UTC, end at Wed 2024-04-03 21:40:20 UTC. -- Apr 03 21:40:16.000239 osdx systemd-timedated[13428]: Changed local time to Wed Apr 3 21:40:16 2024 Apr 03 21:40:16.002374 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'set date 2024-04-03 21:40:16'. Apr 03 21:40:16.351135 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 4.0M, max 16.0M, 12.0M free. Apr 03 21:40:16.364934 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:16.711965 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:16.834713 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:16.927144 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:17.060456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:17.183137 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:17.235042 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:17.277140 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:17.455964 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 03 21:40:17.666700 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:17.767472 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:17.856431 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:17.951552 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:18.082068 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:18.226227 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:18.355096 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:40:18.477785 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 03 21:40:18.562425 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:18.711337 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:18.799657 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:18.946670 osdx ca-certificates[24161]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:19.156636 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:19.663775 osdx ca-certificates[25147]: 1 added, 0 removed; done. Apr 03 21:40:19.672242 osdx ca-certificates[25151]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:19.678034 osdx ca-certificates[25155]: done. Apr 03 21:40:19.758327 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:19.761311 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:19.770467 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:19.802412 osdx dnscrypt-proxy[25159]: dnscrypt-proxy 2.0.45 Apr 03 21:40:19.802944 osdx dnscrypt-proxy[25159]: Network connectivity detected Apr 03 21:40:19.803633 osdx dnscrypt-proxy[25159]: Dropping privileges Apr 03 21:40:19.806994 osdx dnscrypt-proxy[25159]: Network connectivity detected Apr 03 21:40:19.807393 osdx dnscrypt-proxy[25159]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:19.807509 osdx dnscrypt-proxy[25159]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:19.807643 osdx dnscrypt-proxy[25159]: Firefox workaround initialized Apr 03 21:40:19.807750 osdx dnscrypt-proxy[25159]: Loading the set of cloaking rules from [/tmp/tmpvjmMoL] Apr 03 21:40:19.826948 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:19.987753 osdx dnscrypt-proxy[25159]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 03 21:40:19.987779 osdx dnscrypt-proxy[25159]: [RD] OK (DoH) - rtt: 133ms Apr 03 21:40:19.987792 osdx dnscrypt-proxy[25159]: Server with the lowest initial latency: RD (rtt: 133ms) Apr 03 21:40:19.987802 osdx dnscrypt-proxy[25159]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:20.025480 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-04-03 21:40:20 UTC, end at Wed 2024-04-03 21:40:26 UTC. -- Apr 03 21:40:20.386920 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 4.0M, max 16.0M, 12.0M free. Apr 03 21:40:20.407343 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:20.899064 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:20.989572 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:40:21.098483 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:40:21.183043 osdx dnscrypt-proxy[25159]: Stopped. Apr 03 21:40:21.184337 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:40:21.185002 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:40:21.185383 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:40:21.287429 osdx ca-certificates[25231]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:40:21.622465 osdx ca-certificates[25789]: done. Apr 03 21:40:21.630123 osdx ca-certificates[25793]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:22.221089 osdx ca-certificates[26632]: 137 added, 0 removed; done. Apr 03 21:40:22.227409 osdx ca-certificates[26636]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:22.233122 osdx ca-certificates[26640]: done. Apr 03 21:40:22.276281 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:22.280183 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:22.332711 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:23.888681 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:23.989194 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:24.076662 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:24.162958 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:24.163067 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:24.163165 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:24.177862 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:24.284141 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:24.429154 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:24.532630 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:40:24.636838 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 03 21:40:24.753690 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:24.875829 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:24.970958 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:25.099533 osdx ca-certificates[26687]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:25.771429 osdx ca-certificates[27674]: 1 added, 0 removed; done. Apr 03 21:40:25.777974 osdx ca-certificates[27678]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:25.783649 osdx ca-certificates[27682]: done. Apr 03 21:40:25.816454 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:25.981379 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:25.984280 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:26.028741 osdx dnscrypt-proxy[27741]: dnscrypt-proxy 2.0.45 Apr 03 21:40:26.028827 osdx dnscrypt-proxy[27741]: Network connectivity detected Apr 03 21:40:26.029159 osdx dnscrypt-proxy[27741]: Dropping privileges Apr 03 21:40:26.037650 osdx dnscrypt-proxy[27741]: Network connectivity detected Apr 03 21:40:26.037974 osdx dnscrypt-proxy[27741]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:26.038063 osdx dnscrypt-proxy[27741]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:26.038160 osdx dnscrypt-proxy[27741]: Firefox workaround initialized Apr 03 21:40:26.038261 osdx dnscrypt-proxy[27741]: Loading the set of cloaking rules from [/tmp/tmp1BZcT3] Apr 03 21:40:26.063158 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:26.127741 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:26.220729 osdx dnscrypt-proxy[27741]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 03 21:40:26.220771 osdx dnscrypt-proxy[27741]: [RD] OK (DoH) - rtt: 117ms Apr 03 21:40:26.220784 osdx dnscrypt-proxy[27741]: Server with the lowest initial latency: RD (rtt: 117ms) Apr 03 21:40:26.220793 osdx dnscrypt-proxy[27741]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:26.304898 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-04-03 21:40:26 UTC, end at Wed 2024-04-03 21:40:32 UTC. -- Apr 03 21:40:26.605237 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:40:26.619341 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:26.981131 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:27.071796 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:40:27.182879 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:40:27.342638 osdx dnscrypt-proxy[27741]: Stopped. Apr 03 21:40:27.344321 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:40:27.345174 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:40:27.345691 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:40:27.456261 osdx ca-certificates[27829]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:40:27.864115 osdx ca-certificates[28387]: done. Apr 03 21:40:27.872848 osdx ca-certificates[28392]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:28.428740 osdx ca-certificates[29230]: 137 added, 0 removed; done. Apr 03 21:40:28.435696 osdx ca-certificates[29234]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:28.441519 osdx ca-certificates[29238]: done. Apr 03 21:40:28.487837 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:28.491609 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:28.535820 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:30.093281 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:30.208793 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:30.335841 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:30.467288 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:30.530499 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:30.594843 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:30.716800 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:30.832835 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 03 21:40:30.954167 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:30.958549 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 03 21:40:31.060815 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:31.199379 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:31.371062 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:31.511774 osdx ca-certificates[29285]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:32.277870 osdx ca-certificates[30270]: 1 added, 0 removed; done. Apr 03 21:40:32.283878 osdx ca-certificates[30274]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:32.289252 osdx ca-certificates[30278]: done. Apr 03 21:40:32.320457 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:32.514218 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:32.518528 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:32.565730 osdx dnscrypt-proxy[30337]: dnscrypt-proxy 2.0.45 Apr 03 21:40:32.566153 osdx dnscrypt-proxy[30337]: Network connectivity detected Apr 03 21:40:32.568034 osdx dnscrypt-proxy[30337]: Dropping privileges Apr 03 21:40:32.578188 osdx dnscrypt-proxy[30337]: Network connectivity detected Apr 03 21:40:32.578648 osdx dnscrypt-proxy[30337]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:32.578768 osdx dnscrypt-proxy[30337]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:32.578898 osdx dnscrypt-proxy[30337]: Firefox workaround initialized Apr 03 21:40:32.579003 osdx dnscrypt-proxy[30337]: Loading the set of cloaking rules from [/tmp/tmpe3S4xy] Apr 03 21:40:32.620329 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:32.714233 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:32.815723 osdx dnscrypt-proxy[30337]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:40:32.815749 osdx dnscrypt-proxy[30337]: [RD] OK (DoH) - rtt: 146ms Apr 03 21:40:32.815762 osdx dnscrypt-proxy[30337]: Server with the lowest initial latency: RD (rtt: 146ms) Apr 03 21:40:32.815771 osdx dnscrypt-proxy[30337]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:32.961726 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Wed 2024-04-03 21:40:33 UTC, end at Wed 2024-04-03 21:40:39 UTC. -- Apr 03 21:40:33.283075 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:40:33.297461 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:33.754356 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:33.843241 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:40:33.950161 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:40:34.033413 osdx dnscrypt-proxy[30337]: Stopped. Apr 03 21:40:34.034659 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:40:34.035276 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:40:34.035660 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:40:34.153022 osdx ca-certificates[30425]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:40:34.156617 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:34.515585 osdx ca-certificates[30983]: done. Apr 03 21:40:34.524014 osdx ca-certificates[30987]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:35.082995 osdx ca-certificates[31826]: 137 added, 0 removed; done. Apr 03 21:40:35.088939 osdx ca-certificates[31830]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:35.094073 osdx ca-certificates[31834]: done. Apr 03 21:40:35.136547 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:35.140290 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:35.164680 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:36.633021 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:36.729153 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:36.818233 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:36.916932 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:37.005847 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:37.126674 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:37.213389 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 03 21:40:37.332047 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 03 21:40:37.421247 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:37.514913 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:37.605370 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:37.731484 osdx ca-certificates[31882]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:38.433882 osdx ca-certificates[398]: 1 added, 0 removed; done. Apr 03 21:40:38.442214 osdx ca-certificates[402]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:38.448968 osdx ca-certificates[406]: done. Apr 03 21:40:38.480494 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:38.656335 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:38.660274 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:38.701682 osdx dnscrypt-proxy[465]: dnscrypt-proxy 2.0.45 Apr 03 21:40:38.702109 osdx dnscrypt-proxy[465]: Network connectivity detected Apr 03 21:40:38.703974 osdx dnscrypt-proxy[465]: Dropping privileges Apr 03 21:40:38.713998 osdx dnscrypt-proxy[465]: Network connectivity detected Apr 03 21:40:38.714424 osdx dnscrypt-proxy[465]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:38.714534 osdx dnscrypt-proxy[465]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:38.714660 osdx dnscrypt-proxy[465]: Firefox workaround initialized Apr 03 21:40:38.714763 osdx dnscrypt-proxy[465]: Loading the set of cloaking rules from [/tmp/tmpvag2PM] Apr 03 21:40:38.752379 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:38.800861 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:38.897460 osdx dnscrypt-proxy[465]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 03 21:40:38.897479 osdx dnscrypt-proxy[465]: [RD] OK (DoH) - rtt: 114ms Apr 03 21:40:38.897488 osdx dnscrypt-proxy[465]: Server with the lowest initial latency: RD (rtt: 114ms) Apr 03 21:40:38.897494 osdx dnscrypt-proxy[465]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:39.016302 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Wed 2024-04-03 21:40:39 UTC, end at Wed 2024-04-03 21:40:45 UTC. -- Apr 03 21:40:39.351206 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:40:39.368769 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:39.780651 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:39.904505 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:40:40.049313 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:40:40.165948 osdx dnscrypt-proxy[465]: Stopped. Apr 03 21:40:40.167676 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:40:40.168539 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:40:40.169059 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:40:40.297039 osdx ca-certificates[553]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:40:40.697317 osdx ca-certificates[1146]: done. Apr 03 21:40:40.709510 osdx ca-certificates[1151]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:41.330594 osdx ca-certificates[1991]: 137 added, 0 removed; done. Apr 03 21:40:41.337373 osdx ca-certificates[1995]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:41.343312 osdx ca-certificates[1999]: done. Apr 03 21:40:41.387290 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:41.391266 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:41.436758 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:42.973965 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:43.070812 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:43.164306 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:43.266842 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:43.359679 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:43.565766 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:43.648183 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 03 21:40:43.762640 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 03 21:40:43.850128 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:43.971486 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:44.061332 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:44.183830 osdx ca-certificates[2046]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:44.823240 osdx ca-certificates[3031]: 1 added, 0 removed; done. Apr 03 21:40:44.829104 osdx ca-certificates[3035]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:44.834263 osdx ca-certificates[3039]: done. Apr 03 21:40:44.864945 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:45.027738 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:45.030522 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:45.072332 osdx dnscrypt-proxy[3098]: dnscrypt-proxy 2.0.45 Apr 03 21:40:45.072419 osdx dnscrypt-proxy[3098]: Network connectivity detected Apr 03 21:40:45.072757 osdx dnscrypt-proxy[3098]: Dropping privileges Apr 03 21:40:45.081586 osdx dnscrypt-proxy[3098]: Network connectivity detected Apr 03 21:40:45.081898 osdx dnscrypt-proxy[3098]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:45.081989 osdx dnscrypt-proxy[3098]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:45.082081 osdx dnscrypt-proxy[3098]: Firefox workaround initialized Apr 03 21:40:45.082180 osdx dnscrypt-proxy[3098]: Loading the set of cloaking rules from [/tmp/tmpeRoIOg] Apr 03 21:40:45.107926 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:45.145131 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:45.265868 osdx dnscrypt-proxy[3098]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 03 21:40:45.265893 osdx dnscrypt-proxy[3098]: [RD] OK (DoH) - rtt: 113ms Apr 03 21:40:45.265906 osdx dnscrypt-proxy[3098]: Server with the lowest initial latency: RD (rtt: 113ms) Apr 03 21:40:45.265915 osdx dnscrypt-proxy[3098]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:45.349456 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Wed 2024-04-03 21:40:45 UTC, end at Wed 2024-04-03 21:40:51 UTC. -- Apr 03 21:40:45.681717 osdx systemd-journald[625]: Runtime journal (/run/log/journal/c88512c9e850498898bc11ea5f3658d6) is 2.0M, max 16.0M, 14.0M free. Apr 03 21:40:45.701770 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'system journal clear'. Apr 03 21:40:45.956717 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:46.031092 osdx systemd[1]: systemd-timedated.service: Succeeded. Apr 03 21:40:46.130468 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:46.232824 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'delete'. Apr 03 21:40:46.371083 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 03 21:40:46.472131 osdx dnscrypt-proxy[3098]: Stopped. Apr 03 21:40:46.473853 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 03 21:40:46.474575 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 03 21:40:46.475080 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 03 21:40:46.601177 osdx ca-certificates[3188]: Clearing symlinks in /etc/ssl/certs... Apr 03 21:40:46.980677 osdx ca-certificates[3747]: done. Apr 03 21:40:46.988079 osdx ca-certificates[3752]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:47.594123 osdx ca-certificates[4590]: 137 added, 0 removed; done. Apr 03 21:40:47.600036 osdx ca-certificates[4594]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:47.605221 osdx ca-certificates[4598]: done. Apr 03 21:40:47.648653 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:47.652201 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:47.679615 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:49.156706 osdx zebra[1033]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Apr 03 21:40:49.242594 osdx OSDxCLI[26772]: User 'admin' entered the configuration menu. Apr 03 21:40:49.355036 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 03 21:40:49.492271 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 03 21:40:49.592241 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 03 21:40:49.700277 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 03 21:40:49.827727 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Apr 03 21:40:49.932794 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 03 21:40:50.044029 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 03 21:40:50.146635 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 03 21:40:50.265670 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 03 21:40:50.370333 osdx OSDxCLI[26772]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 03 21:40:50.526503 osdx ca-certificates[4645]: Updating certificates in /etc/ssl/certs... Apr 03 21:40:51.207216 osdx ca-certificates[5629]: 1 added, 0 removed; done. Apr 03 21:40:51.213074 osdx ca-certificates[5633]: Running hooks in /etc/ca-certificates/update.d... Apr 03 21:40:51.218186 osdx ca-certificates[5637]: done. Apr 03 21:40:51.248685 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 03 21:40:51.411072 osdx systemd[1]: Started DNSCrypt client proxy. Apr 03 21:40:51.414134 osdx cfgd[1091]: [26772]Completed change to active configuration Apr 03 21:40:51.457022 osdx dnscrypt-proxy[5696]: dnscrypt-proxy 2.0.45 Apr 03 21:40:51.457096 osdx dnscrypt-proxy[5696]: Network connectivity detected Apr 03 21:40:51.457451 osdx dnscrypt-proxy[5696]: Dropping privileges Apr 03 21:40:51.467041 osdx dnscrypt-proxy[5696]: Network connectivity detected Apr 03 21:40:51.469195 osdx dnscrypt-proxy[5696]: Now listening to 127.0.0.1:53 [UDP] Apr 03 21:40:51.469320 osdx dnscrypt-proxy[5696]: Now listening to 127.0.0.1:53 [TCP] Apr 03 21:40:51.469440 osdx dnscrypt-proxy[5696]: Firefox workaround initialized Apr 03 21:40:51.469528 osdx dnscrypt-proxy[5696]: Loading the set of cloaking rules from [/tmp/tmpKBP_cc] Apr 03 21:40:51.501278 osdx OSDxCLI[26772]: User 'admin' committed the configuration. Apr 03 21:40:51.534599 osdx OSDxCLI[26772]: User 'admin' left the configuration menu. Apr 03 21:40:51.678581 osdx dnscrypt-proxy[5696]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 03 21:40:51.678600 osdx dnscrypt-proxy[5696]: [RD] OK (DoH) - rtt: 112ms Apr 03 21:40:51.678610 osdx dnscrypt-proxy[5696]: Server with the lowest initial latency: RD (rtt: 112ms) Apr 03 21:40:51.678617 osdx dnscrypt-proxy[5696]: dnscrypt-proxy is ready - live servers: 1 Apr 03 21:40:51.745630 osdx OSDxCLI[26772]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.