Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-02-13 14:57:06 UTC, end at Tue 2024-02-13 14:57:10 UTC. -- Feb 13 14:57:06.351539 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:06.364791 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:06.886401 osdx osdx-coredump[30187]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 14:57:06.894382 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 14:57:07.765217 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:07.883360 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:07.969280 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:08.120307 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:08.214195 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:08.258034 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:08.283765 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:08.451970 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 14:57:08.620068 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:08.714883 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:08.826746 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:08.916841 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:09.031391 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:09.162707 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:09.245752 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 13 14:57:09.354406 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:09.468483 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:09.555069 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:09.697307 osdx ca-certificates[30326]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:10.311660 osdx ca-certificates[31310]: 1 added, 0 removed; done. Feb 13 14:57:10.317459 osdx ca-certificates[31314]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:10.322658 osdx ca-certificates[31318]: done. Feb 13 14:57:10.390933 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:10.393761 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:10.401043 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:10.419676 osdx dnscrypt-proxy[31322]: dnscrypt-proxy 2.0.45 Feb 13 14:57:10.420081 osdx dnscrypt-proxy[31322]: Network connectivity detected Feb 13 14:57:10.420617 osdx dnscrypt-proxy[31322]: Dropping privileges Feb 13 14:57:10.425087 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:10.425913 osdx dnscrypt-proxy[31322]: Network connectivity detected Feb 13 14:57:10.426165 osdx dnscrypt-proxy[31322]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:10.426249 osdx dnscrypt-proxy[31322]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:10.426350 osdx dnscrypt-proxy[31322]: Firefox workaround initialized Feb 13 14:57:10.426429 osdx dnscrypt-proxy[31322]: Loading the set of cloaking rules from [/tmp/tmplMG9k3] Feb 13 14:57:10.576410 osdx dnscrypt-proxy[31322]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 13 14:57:10.576428 osdx dnscrypt-proxy[31322]: [RD] OK (DoH) - rtt: 119ms Feb 13 14:57:10.576438 osdx dnscrypt-proxy[31322]: Server with the lowest initial latency: RD (rtt: 119ms) Feb 13 14:57:10.576444 osdx dnscrypt-proxy[31322]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:57:10.586557 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-02-13 14:57:18 UTC, end at Tue 2024-02-13 14:57:22 UTC. -- Feb 13 14:57:18.376386 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:18.395414 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:18.999936 osdx osdx-coredump[477]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 14:57:19.008182 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 14:57:19.795675 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:19.916346 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:20.005695 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:20.133128 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:20.224688 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:20.267284 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:20.293365 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:20.465775 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 14:57:20.633109 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:20.724570 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:20.834461 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:20.923576 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:21.008166 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:21.126828 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:21.210439 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 13 14:57:21.321804 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:21.437676 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:21.526734 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:21.649160 osdx ca-certificates[616]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:22.302551 osdx ca-certificates[1634]: 1 added, 0 removed; done. Feb 13 14:57:22.308237 osdx ca-certificates[1638]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:22.313265 osdx ca-certificates[1642]: done. Feb 13 14:57:22.380135 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:22.382938 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:22.387409 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:22.408742 osdx dnscrypt-proxy[1646]: dnscrypt-proxy 2.0.45 Feb 13 14:57:22.409133 osdx dnscrypt-proxy[1646]: Network connectivity detected Feb 13 14:57:22.409740 osdx dnscrypt-proxy[1646]: Dropping privileges Feb 13 14:57:22.412086 osdx dnscrypt-proxy[1646]: Network connectivity detected Feb 13 14:57:22.412389 osdx dnscrypt-proxy[1646]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:22.412473 osdx dnscrypt-proxy[1646]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:22.412582 osdx dnscrypt-proxy[1646]: Firefox workaround initialized Feb 13 14:57:22.414842 osdx dnscrypt-proxy[1646]: Loading the set of cloaking rules from [/tmp/tmpz_wWt0] Feb 13 14:57:22.415736 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:22.568996 osdx dnscrypt-proxy[1646]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 13 14:57:22.569013 osdx dnscrypt-proxy[1646]: [RD] OK (DoH) - rtt: 123ms Feb 13 14:57:22.569022 osdx dnscrypt-proxy[1646]: Server with the lowest initial latency: RD (rtt: 123ms) Feb 13 14:57:22.569029 osdx dnscrypt-proxy[1646]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:57:22.576783 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-02-13 14:57:22 UTC, end at Tue 2024-02-13 14:57:28 UTC. -- Feb 13 14:57:22.830522 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:22.844506 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:23.196996 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:23.282357 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:57:23.384137 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:57:23.501064 osdx dnscrypt-proxy[1646]: Stopped. Feb 13 14:57:23.502449 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:57:23.503160 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:57:23.503578 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:57:23.614935 osdx ca-certificates[1720]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:57:23.941081 osdx ca-certificates[2279]: done. Feb 13 14:57:23.947958 osdx ca-certificates[2284]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:24.487584 osdx ca-certificates[3123]: 137 added, 0 removed; done. Feb 13 14:57:24.493404 osdx ca-certificates[3127]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:24.498476 osdx ca-certificates[3131]: done. Feb 13 14:57:24.540046 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:24.543763 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:24.567007 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:25.961749 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:26.063640 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:26.177733 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:26.300192 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:26.389383 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:26.477577 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:26.561604 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 13 14:57:26.642341 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:26.755763 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:26.842326 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:26.961863 osdx ca-certificates[3177]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:27.584878 osdx ca-certificates[4166]: 1 added, 0 removed; done. Feb 13 14:57:27.590568 osdx ca-certificates[4170]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:27.595577 osdx ca-certificates[4174]: done. Feb 13 14:57:27.624665 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:27.785712 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:27.788731 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:27.829687 osdx dnscrypt-proxy[4233]: dnscrypt-proxy 2.0.45 Feb 13 14:57:27.830067 osdx dnscrypt-proxy[4233]: Network connectivity detected Feb 13 14:57:27.832607 osdx dnscrypt-proxy[4233]: Dropping privileges Feb 13 14:57:27.841105 osdx dnscrypt-proxy[4233]: Network connectivity detected Feb 13 14:57:27.841450 osdx dnscrypt-proxy[4233]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:27.841560 osdx dnscrypt-proxy[4233]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:27.841662 osdx dnscrypt-proxy[4233]: Firefox workaround initialized Feb 13 14:57:27.841741 osdx dnscrypt-proxy[4233]: Loading the set of cloaking rules from [/tmp/tmpkjQpcg] Feb 13 14:57:27.865155 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:27.893019 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:28.045349 osdx dnscrypt-proxy[4233]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 13 14:57:28.045366 osdx dnscrypt-proxy[4233]: [RD] OK (DoH) - rtt: 136ms Feb 13 14:57:28.045376 osdx dnscrypt-proxy[4233]: Server with the lowest initial latency: RD (rtt: 136ms) Feb 13 14:57:28.045381 osdx dnscrypt-proxy[4233]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:57:28.056085 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-02-13 14:57:28 UTC, end at Tue 2024-02-13 14:57:33 UTC. -- Feb 13 14:57:28.280142 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:28.293676 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:28.636762 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:28.730088 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:57:28.862945 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:57:28.944658 osdx dnscrypt-proxy[4233]: Stopped. Feb 13 14:57:28.946121 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:57:28.946944 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:57:28.947396 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:57:29.059566 osdx ca-certificates[4321]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:57:29.394882 osdx ca-certificates[4879]: done. Feb 13 14:57:29.402279 osdx ca-certificates[4884]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:29.947904 osdx ca-certificates[5722]: 137 added, 0 removed; done. Feb 13 14:57:29.953779 osdx ca-certificates[5726]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:29.959147 osdx ca-certificates[5730]: done. Feb 13 14:57:30.001630 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:30.005418 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:30.029976 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:31.371567 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:31.468709 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:31.556983 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:31.650315 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:31.740101 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:31.878532 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:31.958015 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 13 14:57:32.071939 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:32.160036 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:32.273337 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:32.395772 osdx ca-certificates[5776]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:33.022407 osdx ca-certificates[6760]: 1 added, 0 removed; done. Feb 13 14:57:33.028105 osdx ca-certificates[6764]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:33.033243 osdx ca-certificates[6768]: done. Feb 13 14:57:33.064547 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:33.224716 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:33.227397 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:33.265820 osdx dnscrypt-proxy[6827]: dnscrypt-proxy 2.0.45 Feb 13 14:57:33.268571 osdx dnscrypt-proxy[6827]: Network connectivity detected Feb 13 14:57:33.268914 osdx dnscrypt-proxy[6827]: Dropping privileges Feb 13 14:57:33.277747 osdx dnscrypt-proxy[6827]: Network connectivity detected Feb 13 14:57:33.278076 osdx dnscrypt-proxy[6827]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:33.278161 osdx dnscrypt-proxy[6827]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:33.278289 osdx dnscrypt-proxy[6827]: Firefox workaround initialized Feb 13 14:57:33.278386 osdx dnscrypt-proxy[6827]: Loading the set of cloaking rules from [/tmp/tmpzSuUmO] Feb 13 14:57:33.303597 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:33.330758 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:33.464441 osdx dnscrypt-proxy[6827]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 13 14:57:33.464460 osdx dnscrypt-proxy[6827]: [RD] OK (DoH) - rtt: 116ms Feb 13 14:57:33.464470 osdx dnscrypt-proxy[6827]: Server with the lowest initial latency: RD (rtt: 116ms) Feb 13 14:57:33.464476 osdx dnscrypt-proxy[6827]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:57:33.499340 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-02-13 14:57:42 UTC, end at Tue 2024-02-13 14:57:46 UTC. -- Feb 13 14:57:42.362327 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:42.375478 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:42.930807 osdx osdx-coredump[8463]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 14:57:42.938618 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 14:57:43.819707 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:43.993332 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:44.162127 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:44.283397 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:44.377785 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:44.421414 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:44.449689 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:44.654012 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 14:57:44.897851 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:45.005374 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:45.094054 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:45.219457 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:45.312442 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:45.427653 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:45.516116 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:57:45.598393 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:45.767890 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:45.967522 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:46.130681 osdx ca-certificates[8602]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:46.770338 osdx ca-certificates[9586]: 1 added, 0 removed; done. Feb 13 14:57:46.776678 osdx ca-certificates[9590]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:46.782260 osdx ca-certificates[9594]: done. Feb 13 14:57:46.851570 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:46.854622 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:46.859548 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:46.881857 osdx dnscrypt-proxy[9598]: dnscrypt-proxy 2.0.45 Feb 13 14:57:46.882260 osdx dnscrypt-proxy[9598]: Network connectivity detected Feb 13 14:57:46.882904 osdx dnscrypt-proxy[9598]: Dropping privileges Feb 13 14:57:46.885580 osdx dnscrypt-proxy[9598]: Network connectivity detected Feb 13 14:57:46.885918 osdx dnscrypt-proxy[9598]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:46.886007 osdx dnscrypt-proxy[9598]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:46.886104 osdx dnscrypt-proxy[9598]: Firefox workaround initialized Feb 13 14:57:46.886186 osdx dnscrypt-proxy[9598]: Loading the set of cloaking rules from [/tmp/tmp3ADUjy] Feb 13 14:57:46.887280 osdx dnscrypt-proxy[9598]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 13 14:57:46.907524 osdx OSDxCLI[22889]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-02-13 14:57:54 UTC, end at Tue 2024-02-13 14:57:58 UTC. -- Feb 13 14:57:54.358541 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:54.373365 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:54.965474 osdx osdx-coredump[11215]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 14:57:54.973331 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 14:57:55.926091 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:56.050974 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:56.151055 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:56.305902 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:57:56.404117 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:56.453066 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:56.481100 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:56.657041 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 14:57:56.877690 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:57.013055 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:57:57.120735 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:57:57.243765 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:57:57.330297 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:57:57.463626 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:57:57.548641 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:57:57.676923 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:57:57.768527 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:57:57.863549 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:57:58.034565 osdx ca-certificates[11354]: Updating certificates in /etc/ssl/certs... Feb 13 14:57:58.720405 osdx ca-certificates[12339]: 1 added, 0 removed; done. Feb 13 14:57:58.726618 osdx ca-certificates[12343]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:57:58.732259 osdx ca-certificates[12347]: done. Feb 13 14:57:58.803594 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:57:58.806555 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:57:58.811837 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:57:58.836271 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:57:58.837200 osdx dnscrypt-proxy[12351]: dnscrypt-proxy 2.0.45 Feb 13 14:57:58.837275 osdx dnscrypt-proxy[12351]: Network connectivity detected Feb 13 14:57:58.837578 osdx dnscrypt-proxy[12351]: Dropping privileges Feb 13 14:57:58.840454 osdx dnscrypt-proxy[12351]: Network connectivity detected Feb 13 14:57:58.840786 osdx dnscrypt-proxy[12351]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:57:58.840874 osdx dnscrypt-proxy[12351]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:57:58.840972 osdx dnscrypt-proxy[12351]: Firefox workaround initialized Feb 13 14:57:58.841051 osdx dnscrypt-proxy[12351]: Loading the set of cloaking rules from [/tmp/tmpGs1M1f] Feb 13 14:57:58.842021 osdx dnscrypt-proxy[12351]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-02-13 14:57:59 UTC, end at Tue 2024-02-13 14:58:04 UTC. -- Feb 13 14:57:59.168271 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:57:59.187670 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:57:59.554278 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:57:59.651864 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:57:59.784555 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:57:59.872025 osdx dnscrypt-proxy[12351]: Stopped. Feb 13 14:57:59.873338 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:57:59.873536 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:57:59.874276 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:57:59.972006 osdx ca-certificates[12418]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:58:00.295184 osdx ca-certificates[12976]: done. Feb 13 14:58:00.302749 osdx ca-certificates[12981]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:00.858752 osdx ca-certificates[13825]: 137 added, 0 removed; done. Feb 13 14:58:00.864610 osdx ca-certificates[13829]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:00.869691 osdx ca-certificates[13833]: done. Feb 13 14:58:00.918856 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:00.923828 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:00.948302 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:02.336897 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:02.432299 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:58:02.524372 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:58:02.619489 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:58:02.710860 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:58:02.801649 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:58:02.884462 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 13 14:58:02.991915 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:58:03.081787 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:03.169865 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:03.290406 osdx ca-certificates[13879]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:04.007920 osdx ca-certificates[14863]: 1 added, 0 removed; done. Feb 13 14:58:04.015505 osdx ca-certificates[14867]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:04.020879 osdx ca-certificates[14871]: done. Feb 13 14:58:04.053869 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:58:04.269464 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:58:04.272492 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:04.311053 osdx dnscrypt-proxy[14930]: dnscrypt-proxy 2.0.45 Feb 13 14:58:04.311461 osdx dnscrypt-proxy[14930]: Network connectivity detected Feb 13 14:58:04.313156 osdx dnscrypt-proxy[14930]: Dropping privileges Feb 13 14:58:04.322426 osdx dnscrypt-proxy[14930]: Network connectivity detected Feb 13 14:58:04.322801 osdx dnscrypt-proxy[14930]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:58:04.322914 osdx dnscrypt-proxy[14930]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:58:04.323019 osdx dnscrypt-proxy[14930]: Firefox workaround initialized Feb 13 14:58:04.323101 osdx dnscrypt-proxy[14930]: Loading the set of cloaking rules from [/tmp/tmpHNgr2Z] Feb 13 14:58:04.325988 osdx dnscrypt-proxy[14930]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 13 14:58:04.354917 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:04.386576 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:04.528842 osdx dnscrypt-proxy[14930]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 13 14:58:04.528866 osdx dnscrypt-proxy[14930]: [RD] OK (DoH) - rtt: 128ms Feb 13 14:58:04.528876 osdx dnscrypt-proxy[14930]: Server with the lowest initial latency: RD (rtt: 128ms) Feb 13 14:58:04.528883 osdx dnscrypt-proxy[14930]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-02-13 14:58:04 UTC, end at Tue 2024-02-13 14:58:11 UTC. -- Feb 13 14:58:04.711776 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:58:04.726049 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:58:05.132090 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:05.232616 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:58:05.364183 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:58:05.446179 osdx dnscrypt-proxy[14930]: Stopped. Feb 13 14:58:05.447464 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:58:05.448134 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:58:05.448512 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:58:05.566059 osdx ca-certificates[15012]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:58:05.890878 osdx ca-certificates[15570]: done. Feb 13 14:58:05.898787 osdx ca-certificates[15574]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:06.443288 osdx ca-certificates[16413]: 137 added, 0 removed; done. Feb 13 14:58:06.449394 osdx ca-certificates[16417]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:06.454958 osdx ca-certificates[16421]: done. Feb 13 14:58:06.496763 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:06.500576 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:06.523956 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:08.076604 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:08.192541 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:58:08.353138 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:58:08.453324 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:58:08.618005 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:58:08.790550 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:58:08.950352 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:58:09.121990 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 13 14:58:09.235173 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:58:09.386196 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:09.551752 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:09.717284 osdx ca-certificates[16468]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:10.569985 osdx ca-certificates[17452]: 1 added, 0 removed; done. Feb 13 14:58:10.576421 osdx ca-certificates[17456]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:10.582330 osdx ca-certificates[17460]: done. Feb 13 14:58:10.613875 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:58:10.791767 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:58:10.794885 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:10.839284 osdx dnscrypt-proxy[17519]: dnscrypt-proxy 2.0.45 Feb 13 14:58:10.840448 osdx dnscrypt-proxy[17519]: Network connectivity detected Feb 13 14:58:10.840765 osdx dnscrypt-proxy[17519]: Dropping privileges Feb 13 14:58:10.849743 osdx dnscrypt-proxy[17519]: Network connectivity detected Feb 13 14:58:10.850198 osdx dnscrypt-proxy[17519]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:58:10.850322 osdx dnscrypt-proxy[17519]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:58:10.850458 osdx dnscrypt-proxy[17519]: Firefox workaround initialized Feb 13 14:58:10.850565 osdx dnscrypt-proxy[17519]: Loading the set of cloaking rules from [/tmp/tmpMLMNx7] Feb 13 14:58:10.851819 osdx dnscrypt-proxy[17519]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 13 14:58:10.893037 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:10.922428 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:11.060634 osdx dnscrypt-proxy[17519]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 13 14:58:11.060656 osdx dnscrypt-proxy[17519]: [RD] OK (DoH) - rtt: 127ms Feb 13 14:58:11.060667 osdx dnscrypt-proxy[17519]: Server with the lowest initial latency: RD (rtt: 127ms) Feb 13 14:58:11.060675 osdx dnscrypt-proxy[17519]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-02-13 14:58:21 UTC, end at Tue 2024-02-13 14:58:33 UTC. -- Feb 13 14:58:21.460920 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:58:21.475339 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:58:22.204864 osdx osdx-coredump[19149]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 13 14:58:22.215820 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system coredump delete all'. Feb 13 14:58:23.271577 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:23.459064 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:23.635323 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:23.869168 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:58:24.010843 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:24.077715 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:24.126994 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:24.337431 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 13 14:58:24.544889 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:24.654730 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:58:24.811044 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:58:24.990781 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:58:25.136485 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:58:25.332691 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:58:25.472487 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:58:25.657719 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 13 14:58:25.831600 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:58:25.986389 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:26.149882 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:26.380357 osdx ca-certificates[19289]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:27.277899 osdx ca-certificates[20273]: 1 added, 0 removed; done. Feb 13 14:58:27.286719 osdx ca-certificates[20278]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:27.294662 osdx ca-certificates[20281]: done. Feb 13 14:58:27.397678 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:58:27.401629 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:27.411018 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:27.452411 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:27.456785 osdx dnscrypt-proxy[20285]: dnscrypt-proxy 2.0.45 Feb 13 14:58:27.457361 osdx dnscrypt-proxy[20285]: Network connectivity detected Feb 13 14:58:27.458112 osdx dnscrypt-proxy[20285]: Dropping privileges Feb 13 14:58:27.461595 osdx dnscrypt-proxy[20285]: Network connectivity detected Feb 13 14:58:27.462014 osdx dnscrypt-proxy[20285]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:58:27.462131 osdx dnscrypt-proxy[20285]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:58:27.462264 osdx dnscrypt-proxy[20285]: Firefox workaround initialized Feb 13 14:58:27.462371 osdx dnscrypt-proxy[20285]: Loading the set of cloaking rules from [/tmp/tmppsFTwe] Feb 13 14:58:27.738746 osdx dnscrypt-proxy[20285]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 13 14:58:27.738772 osdx dnscrypt-proxy[20285]: [RD] OK (DoH) - rtt: 218ms Feb 13 14:58:27.738786 osdx dnscrypt-proxy[20285]: Server with the lowest initial latency: RD (rtt: 218ms) Feb 13 14:58:27.738796 osdx dnscrypt-proxy[20285]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:58:33.705468 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-02-13 14:58:34 UTC, end at Tue 2024-02-13 14:58:43 UTC. -- Feb 13 14:58:34.202016 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:58:34.220915 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:58:34.955385 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:35.147650 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:58:35.347975 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:58:35.502528 osdx dnscrypt-proxy[20285]: Stopped. Feb 13 14:58:35.504238 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:58:35.515985 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:58:35.516666 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:58:35.692732 osdx ca-certificates[20356]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:58:36.297390 osdx ca-certificates[20914]: done. Feb 13 14:58:36.307671 osdx ca-certificates[20919]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:37.287976 osdx ca-certificates[21757]: 137 added, 0 removed; done. Feb 13 14:58:37.298532 osdx ca-certificates[21761]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:37.305826 osdx ca-certificates[21765]: done. Feb 13 14:58:37.395196 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:37.400651 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:37.451244 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:39.869659 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:40.080431 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:58:40.223623 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:58:40.465494 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:58:40.642500 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:58:40.869653 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:58:41.003676 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:58:41.154502 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 13 14:58:41.298200 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:58:41.465265 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:41.637404 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:41.857677 osdx ca-certificates[21812]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:42.830790 osdx ca-certificates[22796]: 1 added, 0 removed; done. Feb 13 14:58:42.841002 osdx ca-certificates[22801]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:42.848364 osdx ca-certificates[22804]: done. Feb 13 14:58:42.910043 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:58:43.249131 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:58:43.253439 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:43.334638 osdx dnscrypt-proxy[22863]: dnscrypt-proxy 2.0.45 Feb 13 14:58:43.335160 osdx dnscrypt-proxy[22863]: Network connectivity detected Feb 13 14:58:43.338165 osdx dnscrypt-proxy[22863]: Dropping privileges Feb 13 14:58:43.346738 osdx dnscrypt-proxy[22863]: Network connectivity detected Feb 13 14:58:43.347149 osdx dnscrypt-proxy[22863]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:58:43.347272 osdx dnscrypt-proxy[22863]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:58:43.347400 osdx dnscrypt-proxy[22863]: Firefox workaround initialized Feb 13 14:58:43.347508 osdx dnscrypt-proxy[22863]: Loading the set of cloaking rules from [/tmp/tmpovQstI] Feb 13 14:58:43.412697 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:43.541188 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:43.696333 osdx dnscrypt-proxy[22863]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 13 14:58:43.696565 osdx dnscrypt-proxy[22863]: [RD] OK (DoH) - rtt: 156ms Feb 13 14:58:43.696688 osdx dnscrypt-proxy[22863]: Server with the lowest initial latency: RD (rtt: 156ms) Feb 13 14:58:43.696792 osdx dnscrypt-proxy[22863]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:58:43.926022 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-02-13 14:58:44 UTC, end at Tue 2024-02-13 14:58:59 UTC. -- Feb 13 14:58:44.509866 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:58:44.536125 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:58:45.434827 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:45.614090 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:58:45.858890 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:58:45.998482 osdx dnscrypt-proxy[22863]: Stopped. Feb 13 14:58:46.000379 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:58:46.001411 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:58:46.002118 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:58:46.181814 osdx ca-certificates[22954]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:58:46.687193 osdx ca-certificates[23512]: done. Feb 13 14:58:46.698222 osdx ca-certificates[23517]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:47.515560 osdx ca-certificates[24356]: 137 added, 0 removed; done. Feb 13 14:58:47.524873 osdx ca-certificates[24360]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:47.533106 osdx ca-certificates[24364]: done. Feb 13 14:58:47.598766 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:47.604062 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:47.672431 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:50.190661 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:58:50.384700 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:58:50.566309 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:58:50.715727 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:58:50.886417 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:58:51.037771 osdx systemd[1]: systemd-timedated.service: Succeeded. Feb 13 14:58:51.099074 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:58:51.261680 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 13 14:58:51.435550 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 13 14:58:51.585681 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:58:51.756386 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:58:51.913646 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:58:52.107846 osdx ca-certificates[24413]: Updating certificates in /etc/ssl/certs... Feb 13 14:58:53.043144 osdx ca-certificates[25397]: 1 added, 0 removed; done. Feb 13 14:58:53.053139 osdx ca-certificates[25402]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:58:53.060819 osdx ca-certificates[25405]: done. Feb 13 14:58:53.109089 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:58:53.388768 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:58:53.393517 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:58:53.458949 osdx dnscrypt-proxy[25464]: dnscrypt-proxy 2.0.45 Feb 13 14:58:53.459502 osdx dnscrypt-proxy[25464]: Network connectivity detected Feb 13 14:58:53.461340 osdx dnscrypt-proxy[25464]: Dropping privileges Feb 13 14:58:53.480744 osdx dnscrypt-proxy[25464]: Network connectivity detected Feb 13 14:58:53.481207 osdx dnscrypt-proxy[25464]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:58:53.481326 osdx dnscrypt-proxy[25464]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:58:53.481458 osdx dnscrypt-proxy[25464]: Firefox workaround initialized Feb 13 14:58:53.481566 osdx dnscrypt-proxy[25464]: Loading the set of cloaking rules from [/tmp/tmp0xsiem] Feb 13 14:58:53.571254 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:58:53.619597 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:58:53.883424 osdx dnscrypt-proxy[25464]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 13 14:58:53.883448 osdx dnscrypt-proxy[25464]: [RD] OK (DoH) - rtt: 191ms Feb 13 14:58:53.883462 osdx dnscrypt-proxy[25464]: Server with the lowest initial latency: RD (rtt: 191ms) Feb 13 14:58:53.883471 osdx dnscrypt-proxy[25464]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:58:59.875737 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-02-13 14:59:00 UTC, end at Tue 2024-02-13 14:59:06 UTC. -- Feb 13 14:59:00.190094 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:59:00.207392 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:59:00.717628 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:00.816287 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:59:01.001664 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:59:01.113465 osdx dnscrypt-proxy[25464]: Stopped. Feb 13 14:59:01.115129 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:59:01.115984 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:59:01.116478 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:59:01.237509 osdx ca-certificates[25551]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:59:01.625640 osdx ca-certificates[26109]: done. Feb 13 14:59:01.633210 osdx ca-certificates[26114]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:02.283018 osdx ca-certificates[26952]: 137 added, 0 removed; done. Feb 13 14:59:02.289739 osdx ca-certificates[26956]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:02.295000 osdx ca-certificates[26960]: done. Feb 13 14:59:02.339275 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:02.343164 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:02.373372 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:03.875471 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:03.970190 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:59:04.056903 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:59:04.166273 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:59:04.285674 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:59:04.428783 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:59:04.559979 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 13 14:59:04.692941 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 13 14:59:04.850819 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:59:04.956391 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:59:05.091229 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:59:05.236598 osdx ca-certificates[27012]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:06.004238 osdx ca-certificates[27996]: 1 added, 0 removed; done. Feb 13 14:59:06.012299 osdx ca-certificates[28000]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:06.019590 osdx ca-certificates[28004]: done. Feb 13 14:59:06.065073 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:59:06.305700 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:59:06.309587 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:06.370814 osdx dnscrypt-proxy[28063]: dnscrypt-proxy 2.0.45 Feb 13 14:59:06.371396 osdx dnscrypt-proxy[28063]: Network connectivity detected Feb 13 14:59:06.372573 osdx dnscrypt-proxy[28063]: Dropping privileges Feb 13 14:59:06.382968 osdx dnscrypt-proxy[28063]: Network connectivity detected Feb 13 14:59:06.383513 osdx dnscrypt-proxy[28063]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:59:06.383639 osdx dnscrypt-proxy[28063]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:59:06.383772 osdx dnscrypt-proxy[28063]: Firefox workaround initialized Feb 13 14:59:06.383883 osdx dnscrypt-proxy[28063]: Loading the set of cloaking rules from [/tmp/tmpcmAz1k] Feb 13 14:59:06.417480 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:06.479800 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:06.633274 osdx dnscrypt-proxy[28063]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 13 14:59:06.633299 osdx dnscrypt-proxy[28063]: [RD] OK (DoH) - rtt: 145ms Feb 13 14:59:06.633312 osdx dnscrypt-proxy[28063]: Server with the lowest initial latency: RD (rtt: 145ms) Feb 13 14:59:06.633320 osdx dnscrypt-proxy[28063]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:59:06.694007 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-02-13 14:59:07 UTC, end at Tue 2024-02-13 14:59:20 UTC. -- Feb 13 14:59:07.063289 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:59:07.083389 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:59:07.482625 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:07.587677 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:59:07.756816 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:59:07.841300 osdx dnscrypt-proxy[28063]: Stopped. Feb 13 14:59:07.843050 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:59:07.843901 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:59:07.844421 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:59:07.967896 osdx ca-certificates[28151]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:59:08.365661 osdx ca-certificates[28710]: done. Feb 13 14:59:08.373837 osdx ca-certificates[28715]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:09.017753 osdx ca-certificates[29553]: 137 added, 0 removed; done. Feb 13 14:59:09.026740 osdx ca-certificates[29558]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:09.034265 osdx ca-certificates[29561]: done. Feb 13 14:59:09.099269 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:09.104689 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:09.151256 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:11.424500 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:11.630593 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:59:11.786729 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:59:12.015979 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:59:12.183281 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:59:12.370311 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:59:12.510080 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 13 14:59:12.681537 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 13 14:59:12.867174 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:59:13.035979 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:59:13.205006 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:59:13.444748 osdx ca-certificates[29608]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:14.300835 osdx ca-certificates[30592]: 1 added, 0 removed; done. Feb 13 14:59:14.306946 osdx ca-certificates[30596]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:14.312378 osdx ca-certificates[30600]: done. Feb 13 14:59:14.349811 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:59:14.593414 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:59:14.597601 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:14.662708 osdx dnscrypt-proxy[30661]: dnscrypt-proxy 2.0.45 Feb 13 14:59:14.663259 osdx dnscrypt-proxy[30661]: Network connectivity detected Feb 13 14:59:14.665284 osdx dnscrypt-proxy[30661]: Dropping privileges Feb 13 14:59:14.673918 osdx dnscrypt-proxy[30661]: Network connectivity detected Feb 13 14:59:14.674377 osdx dnscrypt-proxy[30661]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:59:14.674510 osdx dnscrypt-proxy[30661]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:59:14.674651 osdx dnscrypt-proxy[30661]: Firefox workaround initialized Feb 13 14:59:14.674763 osdx dnscrypt-proxy[30661]: Loading the set of cloaking rules from [/tmp/tmpZnjBey] Feb 13 14:59:14.735920 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:14.789451 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:15.006420 osdx dnscrypt-proxy[30661]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 13 14:59:15.006438 osdx dnscrypt-proxy[30661]: [RD] OK (DoH) - rtt: 244ms Feb 13 14:59:15.006448 osdx dnscrypt-proxy[30661]: Server with the lowest initial latency: RD (rtt: 244ms) Feb 13 14:59:15.006455 osdx dnscrypt-proxy[30661]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:59:20.965940 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-02-13 14:59:21 UTC, end at Tue 2024-02-13 14:59:29 UTC. -- Feb 13 14:59:21.273909 osdx systemd-journald[1694]: Runtime journal (/run/log/journal/80d0e0b412184be1883eb13133ae3f69) is 2.0M, max 16.0M, 14.0M free. Feb 13 14:59:21.293722 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'system journal clear'. Feb 13 14:59:22.150323 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:22.388184 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'delete'. Feb 13 14:59:22.537091 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 13 14:59:22.699503 osdx dnscrypt-proxy[30661]: Stopped. Feb 13 14:59:22.701440 osdx systemd[1]: Stopping DNSCrypt client proxy... Feb 13 14:59:22.702286 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Feb 13 14:59:22.702783 osdx systemd[1]: Stopped DNSCrypt client proxy. Feb 13 14:59:22.829921 osdx ca-certificates[30747]: Clearing symlinks in /etc/ssl/certs... Feb 13 14:59:23.218958 osdx ca-certificates[31305]: done. Feb 13 14:59:23.228385 osdx ca-certificates[31309]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:23.926685 osdx ca-certificates[32148]: 137 added, 0 removed; done. Feb 13 14:59:23.935360 osdx ca-certificates[32153]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:23.940506 osdx ca-certificates[32156]: done. Feb 13 14:59:23.996806 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:24.002712 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:24.057555 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:26.683582 osdx OSDxCLI[22889]: User 'admin' entered the configuration menu. Feb 13 14:59:26.780064 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 13 14:59:26.885501 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 13 14:59:27.052460 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 13 14:59:27.168491 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 13 14:59:27.289865 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 563c4f02c5ec6eb3d02a1ff7b1e2ca38884464e5e7e227ba087ee6524ee6fbac'. Feb 13 14:59:27.374344 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 13 14:59:27.671474 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 13 14:59:27.753480 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 13 14:59:27.885062 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 13 14:59:27.972522 osdx OSDxCLI[22889]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 13 14:59:28.102257 osdx ca-certificates[32203]: Updating certificates in /etc/ssl/certs... Feb 13 14:59:28.820065 osdx ca-certificates[722]: 1 added, 0 removed; done. Feb 13 14:59:28.826070 osdx ca-certificates[726]: Running hooks in /etc/ca-certificates/update.d... Feb 13 14:59:28.831307 osdx ca-certificates[730]: done. Feb 13 14:59:28.865066 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 13 14:59:29.025007 osdx systemd[1]: Started DNSCrypt client proxy. Feb 13 14:59:29.027834 osdx cfgd[1320]: [22889]Completed change to active configuration Feb 13 14:59:29.070146 osdx dnscrypt-proxy[793]: dnscrypt-proxy 2.0.45 Feb 13 14:59:29.070546 osdx dnscrypt-proxy[793]: Network connectivity detected Feb 13 14:59:29.071397 osdx dnscrypt-proxy[793]: Dropping privileges Feb 13 14:59:29.081605 osdx dnscrypt-proxy[793]: Network connectivity detected Feb 13 14:59:29.081645 osdx dnscrypt-proxy[793]: Now listening to 127.0.0.1:53 [UDP] Feb 13 14:59:29.081652 osdx dnscrypt-proxy[793]: Now listening to 127.0.0.1:53 [TCP] Feb 13 14:59:29.081673 osdx dnscrypt-proxy[793]: Firefox workaround initialized Feb 13 14:59:29.081679 osdx dnscrypt-proxy[793]: Loading the set of cloaking rules from [/tmp/tmp93NFaI] Feb 13 14:59:29.119949 osdx OSDxCLI[22889]: User 'admin' committed the configuration. Feb 13 14:59:29.180571 osdx OSDxCLI[22889]: User 'admin' left the configuration menu. Feb 13 14:59:29.342157 osdx dnscrypt-proxy[793]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 13 14:59:29.342175 osdx dnscrypt-proxy[793]: [RD] OK (DoH) - rtt: 171ms Feb 13 14:59:29.342185 osdx dnscrypt-proxy[793]: Server with the lowest initial latency: RD (rtt: 171ms) Feb 13 14:59:29.342205 osdx dnscrypt-proxy[793]: dnscrypt-proxy is ready - live servers: 1 Feb 13 14:59:29.426777 osdx OSDxCLI[22889]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.