Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 03 16:20:35.299286 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.2M free. Jul 03 16:20:35.302306 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:20:35.302368 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:20:35.309109 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:20:35.643592 osdx osdx-coredump[199174]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:20:35.651490 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:20:36.088322 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:20:36.156788 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:20:36.254655 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:20:36.343210 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:20:36.450309 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:20:36.505784 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:20:36.536896 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:20:36.569883 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:20:36.715005 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:20:36.891081 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:20:36.969780 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:20:37.077275 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:20:37.139136 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:20:37.229105 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:20:37.288093 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:20:37.382456 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 03 16:20:37.433164 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:20:37.533371 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:20:37.588591 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:20:37.764629 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:20:37.852105 osdx ca-certificates[199292]: Updating certificates in /etc/ssl/certs... Jul 03 16:20:38.383539 osdx ca-certificates[200296]: 1 added, 0 removed; done. Jul 03 16:20:38.386622 osdx ca-certificates[200302]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:20:38.390842 osdx ca-certificates[200304]: done. Jul 03 16:20:38.450724 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:20:38.452215 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:20:38.455755 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:20:38.477756 osdx dnscrypt-proxy[200308]: dnscrypt-proxy 2.0.45 Jul 03 16:20:38.477821 osdx dnscrypt-proxy[200308]: Network connectivity detected Jul 03 16:20:38.478023 osdx dnscrypt-proxy[200308]: Dropping privileges Jul 03 16:20:38.480186 osdx dnscrypt-proxy[200308]: Network connectivity detected Jul 03 16:20:38.480364 osdx dnscrypt-proxy[200308]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:20:38.480399 osdx dnscrypt-proxy[200308]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:20:38.480453 osdx dnscrypt-proxy[200308]: Firefox workaround initialized Jul 03 16:20:38.480493 osdx dnscrypt-proxy[200308]: Loading the set of cloaking rules from [/tmp/tmp1nz8d3nn] Jul 03 16:20:38.499577 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:20:38.636609 osdx dnscrypt-proxy[200308]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 03 16:20:38.636632 osdx dnscrypt-proxy[200308]: [RD] OK (DoH) - rtt: 129ms Jul 03 16:20:38.636645 osdx dnscrypt-proxy[200308]: Server with the lowest initial latency: RD (rtt: 129ms) Jul 03 16:20:38.636651 osdx dnscrypt-proxy[200308]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:20:43.643731 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:20:43.855261 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 03 16:20:51.307393 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:20:51.310772 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:20:51.310824 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:20:51.316710 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:20:51.628848 osdx osdx-coredump[201935]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:20:51.637035 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:20:52.062967 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:20:52.131010 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:20:52.212508 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:20:52.280434 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:20:52.386681 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:20:52.447445 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:20:52.478546 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:20:52.493338 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:20:52.630599 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:20:52.747232 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:20:52.802181 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:20:52.894778 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:20:52.952044 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:20:53.038846 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:20:53.092849 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:20:53.181893 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 03 16:20:53.230843 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:20:53.321107 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:20:53.372679 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:20:53.491278 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:20:53.571820 osdx ca-certificates[202052]: Updating certificates in /etc/ssl/certs... Jul 03 16:20:54.117915 osdx ca-certificates[203056]: 1 added, 0 removed; done. Jul 03 16:20:54.120837 osdx ca-certificates[203062]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:20:54.123691 osdx ca-certificates[203064]: done. Jul 03 16:20:54.183101 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:20:54.184388 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:20:54.187342 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:20:54.217299 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:20:54.218216 osdx dnscrypt-proxy[203068]: dnscrypt-proxy 2.0.45 Jul 03 16:20:54.218289 osdx dnscrypt-proxy[203068]: Network connectivity detected Jul 03 16:20:54.218553 osdx dnscrypt-proxy[203068]: Dropping privileges Jul 03 16:20:54.221004 osdx dnscrypt-proxy[203068]: Network connectivity detected Jul 03 16:20:54.221033 osdx dnscrypt-proxy[203068]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:20:54.221038 osdx dnscrypt-proxy[203068]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:20:54.221059 osdx dnscrypt-proxy[203068]: Firefox workaround initialized Jul 03 16:20:54.221064 osdx dnscrypt-proxy[203068]: Loading the set of cloaking rules from [/tmp/tmprmhbhwvo] Jul 03 16:20:54.364594 osdx dnscrypt-proxy[203068]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 03 16:20:54.364616 osdx dnscrypt-proxy[203068]: [RD] OK (DoH) - rtt: 120ms Jul 03 16:20:54.364629 osdx dnscrypt-proxy[203068]: Server with the lowest initial latency: RD (rtt: 120ms) Jul 03 16:20:54.364636 osdx dnscrypt-proxy[203068]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:20:59.369760 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:20:59.552268 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 03 16:20:59.780329 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:20:59.782677 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:20:59.782750 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:20:59.792522 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:00.030830 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:00.083784 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:21:00.195317 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:21:00.262046 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:00.356335 osdx dnscrypt-proxy[203068]: Stopped. Jul 03 16:21:00.356415 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:21:00.357392 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:21:00.357536 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:00.426077 osdx ca-certificates[203158]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:21:00.729299 osdx ca-certificates[203728]: done. Jul 03 16:21:00.733260 osdx ca-certificates[203736]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:01.213202 osdx ca-certificates[204588]: 140 added, 0 removed; done. Jul 03 16:21:01.217234 osdx ca-certificates[204595]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:01.220568 osdx ca-certificates[204597]: done. Jul 03 16:21:01.255475 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:01.259520 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:01.275488 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:02.462375 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:02.532982 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:02.638719 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:02.721051 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:02.830144 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:02.925333 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:02.974048 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 03 16:21:03.066016 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:03.130498 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:03.215785 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:03.296023 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:03.405256 osdx ca-certificates[204656]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:03.949141 osdx ca-certificates[205660]: 1 added, 0 removed; done. Jul 03 16:21:03.952218 osdx ca-certificates[205666]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:03.955079 osdx ca-certificates[205668]: done. Jul 03 16:21:03.974705 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:04.095038 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:04.096736 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:04.119845 osdx dnscrypt-proxy[205704]: dnscrypt-proxy 2.0.45 Jul 03 16:21:04.119926 osdx dnscrypt-proxy[205704]: Network connectivity detected Jul 03 16:21:04.120171 osdx dnscrypt-proxy[205704]: Dropping privileges Jul 03 16:21:04.122603 osdx dnscrypt-proxy[205704]: Network connectivity detected Jul 03 16:21:04.122631 osdx dnscrypt-proxy[205704]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:04.122635 osdx dnscrypt-proxy[205704]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:04.122665 osdx dnscrypt-proxy[205704]: Firefox workaround initialized Jul 03 16:21:04.122669 osdx dnscrypt-proxy[205704]: Loading the set of cloaking rules from [/tmp/tmpk3luj0ks] Jul 03 16:21:04.128113 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:04.154996 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:04.367099 osdx dnscrypt-proxy[205704]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 03 16:21:04.367118 osdx dnscrypt-proxy[205704]: [RD] OK (DoH) - rtt: 211ms Jul 03 16:21:04.367129 osdx dnscrypt-proxy[205704]: Server with the lowest initial latency: RD (rtt: 211ms) Jul 03 16:21:04.367135 osdx dnscrypt-proxy[205704]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:21:09.316810 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:21:09.499762 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 03 16:21:09.716962 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:09.718666 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:09.718722 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:09.726529 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:09.992315 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:10.091124 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:21:10.155393 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:21:10.258532 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:10.326576 osdx dnscrypt-proxy[205704]: Stopped. Jul 03 16:21:10.326641 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:21:10.327449 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:21:10.327586 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:10.398675 osdx ca-certificates[205809]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:21:10.682902 osdx ca-certificates[206379]: done. Jul 03 16:21:10.687251 osdx ca-certificates[206387]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:11.135089 osdx ca-certificates[207239]: 140 added, 0 removed; done. Jul 03 16:21:11.138161 osdx ca-certificates[207245]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:11.141772 osdx ca-certificates[207247]: done. Jul 03 16:21:11.178395 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:11.180781 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:11.209214 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:12.344137 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:12.399915 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:12.499042 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:12.597544 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:12.683291 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:12.739205 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:12.834049 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 03 16:21:12.883833 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:12.990519 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:13.040841 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:13.169334 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:13.265624 osdx ca-certificates[207301]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:13.804186 osdx ca-certificates[208305]: 1 added, 0 removed; done. Jul 03 16:21:13.808205 osdx ca-certificates[208311]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:13.811431 osdx ca-certificates[208313]: done. Jul 03 16:21:13.826680 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:13.963092 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:13.964266 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:13.992140 osdx dnscrypt-proxy[208349]: dnscrypt-proxy 2.0.45 Jul 03 16:21:13.992210 osdx dnscrypt-proxy[208349]: Network connectivity detected Jul 03 16:21:13.992420 osdx dnscrypt-proxy[208349]: Dropping privileges Jul 03 16:21:13.994721 osdx dnscrypt-proxy[208349]: Network connectivity detected Jul 03 16:21:13.994751 osdx dnscrypt-proxy[208349]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:13.994755 osdx dnscrypt-proxy[208349]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:13.994774 osdx dnscrypt-proxy[208349]: Firefox workaround initialized Jul 03 16:21:13.994779 osdx dnscrypt-proxy[208349]: Loading the set of cloaking rules from [/tmp/tmpjmxi0s1i] Jul 03 16:21:13.997275 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:14.016280 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:14.163522 osdx dnscrypt-proxy[208349]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 03 16:21:14.163537 osdx dnscrypt-proxy[208349]: [RD] OK (DoH) - rtt: 138ms Jul 03 16:21:14.163546 osdx dnscrypt-proxy[208349]: Server with the lowest initial latency: RD (rtt: 138ms) Jul 03 16:21:14.163552 osdx dnscrypt-proxy[208349]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:21:14.177998 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 03 16:21:20.290338 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:20.290990 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:20.291024 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:20.300453 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:20.623414 osdx osdx-coredump[209986]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:21:20.631347 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:21:21.065938 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:21.133864 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:21.217656 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:21.283406 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:21.398999 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:21.458265 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:21.490010 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:21.508838 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:21.668895 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:21:21.797090 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:21.862355 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:21.948673 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:22.010504 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:22.099052 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:22.163381 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:22.256286 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:21:22.316984 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:22.412003 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:22.466865 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:22.570200 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:22.659776 osdx ca-certificates[210104]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:23.197527 osdx ca-certificates[211108]: 1 added, 0 removed; done. Jul 03 16:21:23.201522 osdx ca-certificates[211114]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:23.204714 osdx ca-certificates[211116]: done. Jul 03 16:21:23.275465 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:23.276702 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:23.279855 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:23.299924 osdx dnscrypt-proxy[211120]: dnscrypt-proxy 2.0.45 Jul 03 16:21:23.300617 osdx dnscrypt-proxy[211120]: Network connectivity detected Jul 03 16:21:23.301042 osdx dnscrypt-proxy[211120]: Dropping privileges Jul 03 16:21:23.302500 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:23.304560 osdx dnscrypt-proxy[211120]: Network connectivity detected Jul 03 16:21:23.304589 osdx dnscrypt-proxy[211120]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:23.304594 osdx dnscrypt-proxy[211120]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:23.304616 osdx dnscrypt-proxy[211120]: Firefox workaround initialized Jul 03 16:21:23.304620 osdx dnscrypt-proxy[211120]: Loading the set of cloaking rules from [/tmp/tmpkc8wbmgy] Jul 03 16:21:23.305567 osdx dnscrypt-proxy[211120]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 03 16:21:29.282683 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:29.284102 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:29.284152 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:29.292609 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:29.606717 osdx osdx-coredump[212739]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:21:29.614097 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:21:30.067339 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:30.137821 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:30.227773 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:30.294305 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:30.444080 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:30.508836 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:30.549032 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:30.563977 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:30.699102 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:21:30.816080 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:30.877940 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:30.975046 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:31.039805 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:31.123881 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:31.185967 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:31.276735 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:21:31.332734 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:31.431329 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:31.486769 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:31.608946 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:31.695230 osdx ca-certificates[212856]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:32.238340 osdx ca-certificates[213860]: 1 added, 0 removed; done. Jul 03 16:21:32.241366 osdx ca-certificates[213866]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:32.244067 osdx ca-certificates[213868]: done. Jul 03 16:21:32.300434 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:32.301712 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:32.304125 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:32.321721 osdx dnscrypt-proxy[213872]: dnscrypt-proxy 2.0.45 Jul 03 16:21:32.321780 osdx dnscrypt-proxy[213872]: Network connectivity detected Jul 03 16:21:32.321973 osdx dnscrypt-proxy[213872]: Dropping privileges Jul 03 16:21:32.324215 osdx dnscrypt-proxy[213872]: Network connectivity detected Jul 03 16:21:32.324410 osdx dnscrypt-proxy[213872]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:32.324448 osdx dnscrypt-proxy[213872]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:32.324503 osdx dnscrypt-proxy[213872]: Firefox workaround initialized Jul 03 16:21:32.324541 osdx dnscrypt-proxy[213872]: Loading the set of cloaking rules from [/tmp/tmp8cc4egpb] Jul 03 16:21:32.325400 osdx dnscrypt-proxy[213872]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 03 16:21:32.333013 osdx OSDxCLI[150173]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 03 16:21:32.589955 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:32.592134 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:32.592190 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:32.600079 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:32.847270 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:32.907740 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:21:33.003615 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:21:33.109807 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:33.210967 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:21:33.211020 osdx dnscrypt-proxy[213872]: Stopped. Jul 03 16:21:33.212027 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:21:33.212148 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:33.295076 osdx ca-certificates[213954]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:21:33.587513 osdx ca-certificates[214525]: done. Jul 03 16:21:33.591629 osdx ca-certificates[214534]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:34.049882 osdx ca-certificates[215386]: 140 added, 0 removed; done. Jul 03 16:21:34.052819 osdx ca-certificates[215392]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:34.055672 osdx ca-certificates[215394]: done. Jul 03 16:21:34.093816 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:34.096224 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:34.112904 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:35.263850 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:35.322805 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:35.414607 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:35.489246 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:35.597518 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:35.702776 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:35.776861 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 03 16:21:35.887728 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:35.968067 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:36.080176 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:36.215344 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:36.316393 osdx ca-certificates[215448]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:36.868771 osdx ca-certificates[216452]: 1 added, 0 removed; done. Jul 03 16:21:36.871797 osdx ca-certificates[216458]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:36.874704 osdx ca-certificates[216460]: done. Jul 03 16:21:36.892035 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:37.016493 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:37.017944 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:37.038903 osdx dnscrypt-proxy[216496]: dnscrypt-proxy 2.0.45 Jul 03 16:21:37.038982 osdx dnscrypt-proxy[216496]: Network connectivity detected Jul 03 16:21:37.039232 osdx dnscrypt-proxy[216496]: Dropping privileges Jul 03 16:21:37.042121 osdx dnscrypt-proxy[216496]: Network connectivity detected Jul 03 16:21:37.042161 osdx dnscrypt-proxy[216496]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:37.042171 osdx dnscrypt-proxy[216496]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:37.042196 osdx dnscrypt-proxy[216496]: Firefox workaround initialized Jul 03 16:21:37.042201 osdx dnscrypt-proxy[216496]: Loading the set of cloaking rules from [/tmp/tmpcle6fbm1] Jul 03 16:21:37.043417 osdx dnscrypt-proxy[216496]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 03 16:21:37.046144 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:37.062237 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:37.188792 osdx dnscrypt-proxy[216496]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 03 16:21:37.188807 osdx dnscrypt-proxy[216496]: [RD] OK (DoH) - rtt: 119ms Jul 03 16:21:37.188816 osdx dnscrypt-proxy[216496]: Server with the lowest initial latency: RD (rtt: 119ms) Jul 03 16:21:37.188822 osdx dnscrypt-proxy[216496]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 03 16:21:37.315233 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:37.316031 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:37.316080 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:37.327014 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:37.601427 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:37.675550 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:21:37.799090 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:21:37.881674 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:38.012366 osdx dnscrypt-proxy[216496]: Stopped. Jul 03 16:21:38.012379 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:21:38.013240 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:21:38.013374 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:38.079093 osdx ca-certificates[216595]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:21:38.377689 osdx ca-certificates[217164]: done. Jul 03 16:21:38.382752 osdx ca-certificates[217173]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:38.868341 osdx ca-certificates[218025]: 140 added, 0 removed; done. Jul 03 16:21:38.871089 osdx ca-certificates[218031]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:38.874069 osdx ca-certificates[218033]: done. Jul 03 16:21:38.904147 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:38.906195 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:38.939622 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:40.146883 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:40.205642 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:40.307398 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:40.371351 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:40.459223 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:40.515319 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:40.605821 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:21:40.657443 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 03 16:21:40.750956 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:40.816689 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:40.903210 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:40.973858 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:41.112446 osdx ca-certificates[218088]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:41.629956 osdx ca-certificates[219092]: 1 added, 0 removed; done. Jul 03 16:21:41.633215 osdx ca-certificates[219098]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:41.635936 osdx ca-certificates[219100]: done. Jul 03 16:21:41.652068 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:41.784383 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:41.785665 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:41.805371 osdx dnscrypt-proxy[219136]: dnscrypt-proxy 2.0.45 Jul 03 16:21:41.805436 osdx dnscrypt-proxy[219136]: Network connectivity detected Jul 03 16:21:41.805642 osdx dnscrypt-proxy[219136]: Dropping privileges Jul 03 16:21:41.807748 osdx dnscrypt-proxy[219136]: Network connectivity detected Jul 03 16:21:41.807780 osdx dnscrypt-proxy[219136]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:41.807785 osdx dnscrypt-proxy[219136]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:41.807805 osdx dnscrypt-proxy[219136]: Firefox workaround initialized Jul 03 16:21:41.807809 osdx dnscrypt-proxy[219136]: Loading the set of cloaking rules from [/tmp/tmpg5673t34] Jul 03 16:21:41.809120 osdx dnscrypt-proxy[219136]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 03 16:21:41.811214 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:41.831007 osdx OSDxCLI[150173]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 03 16:21:49.302508 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:49.305047 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:49.305105 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:49.314340 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:49.672143 osdx osdx-coredump[220769]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 03 16:21:49.682008 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system coredump delete all'. Jul 03 16:21:50.246705 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:50.315470 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:50.403612 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:50.472255 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:50.589071 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:21:50.642589 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:50.668288 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:50.685056 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:50.827598 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 03 16:21:50.991621 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:51.048659 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:21:51.147927 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:21:51.209375 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:21:51.298038 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:21:51.356108 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:21:51.444258 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:21:51.497596 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 03 16:21:51.586661 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:21:51.650393 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:21:51.735737 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:21:51.805174 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:51.924439 osdx ca-certificates[220887]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:52.462741 osdx ca-certificates[221892]: 1 added, 0 removed; done. Jul 03 16:21:52.466036 osdx ca-certificates[221898]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:52.469201 osdx ca-certificates[221900]: done. Jul 03 16:21:52.561441 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:52.563096 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:52.565225 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:52.580998 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:21:52.592860 osdx dnscrypt-proxy[221904]: dnscrypt-proxy 2.0.45 Jul 03 16:21:52.592924 osdx dnscrypt-proxy[221904]: Network connectivity detected Jul 03 16:21:52.593166 osdx dnscrypt-proxy[221904]: Dropping privileges Jul 03 16:21:52.595641 osdx dnscrypt-proxy[221904]: Network connectivity detected Jul 03 16:21:52.595671 osdx dnscrypt-proxy[221904]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:21:52.595676 osdx dnscrypt-proxy[221904]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:21:52.595697 osdx dnscrypt-proxy[221904]: Firefox workaround initialized Jul 03 16:21:52.595702 osdx dnscrypt-proxy[221904]: Loading the set of cloaking rules from [/tmp/tmphtyib12w] Jul 03 16:21:52.753219 osdx dnscrypt-proxy[221904]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 03 16:21:52.753238 osdx dnscrypt-proxy[221904]: [RD] OK (DoH) - rtt: 133ms Jul 03 16:21:52.753247 osdx dnscrypt-proxy[221904]: Server with the lowest initial latency: RD (rtt: 133ms) Jul 03 16:21:52.753252 osdx dnscrypt-proxy[221904]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:21:57.732237 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:21:57.906567 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 03 16:21:58.094041 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:21:58.097019 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:21:58.097064 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:21:58.103567 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:21:58.342587 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:21:58.404324 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:21:58.507058 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:21:58.570262 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:21:58.664496 osdx dnscrypt-proxy[221904]: Stopped. Jul 03 16:21:58.664531 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:21:58.665641 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:21:58.665755 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:21:58.731481 osdx ca-certificates[221993]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:21:59.019084 osdx ca-certificates[222562]: done. Jul 03 16:21:59.022648 osdx ca-certificates[222571]: Updating certificates in /etc/ssl/certs... Jul 03 16:21:59.452378 osdx ca-certificates[223423]: 140 added, 0 removed; done. Jul 03 16:21:59.455399 osdx ca-certificates[223429]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:21:59.458671 osdx ca-certificates[223431]: done. Jul 03 16:21:59.488452 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:21:59.490686 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:21:59.509417 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:00.708674 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:00.775203 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:22:00.876009 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:22:00.938295 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:22:01.025955 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:22:01.083851 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:22:01.177866 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:22:01.231968 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 03 16:22:01.322699 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:22:01.391155 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:22:01.477994 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:22:01.565735 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:01.667168 osdx ca-certificates[223491]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:02.210869 osdx ca-certificates[224495]: 1 added, 0 removed; done. Jul 03 16:22:02.214385 osdx ca-certificates[224501]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:02.217770 osdx ca-certificates[224503]: done. Jul 03 16:22:02.233028 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:22:02.341365 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:02.342899 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:02.367761 osdx dnscrypt-proxy[224539]: dnscrypt-proxy 2.0.45 Jul 03 16:22:02.367817 osdx dnscrypt-proxy[224539]: Network connectivity detected Jul 03 16:22:02.367995 osdx dnscrypt-proxy[224539]: Dropping privileges Jul 03 16:22:02.370576 osdx dnscrypt-proxy[224539]: Network connectivity detected Jul 03 16:22:02.370604 osdx dnscrypt-proxy[224539]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:22:02.370608 osdx dnscrypt-proxy[224539]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:22:02.370627 osdx dnscrypt-proxy[224539]: Firefox workaround initialized Jul 03 16:22:02.370632 osdx dnscrypt-proxy[224539]: Loading the set of cloaking rules from [/tmp/tmpxfmyiyit] Jul 03 16:22:02.377083 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:02.400609 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:02.540876 osdx dnscrypt-proxy[224539]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 03 16:22:02.540895 osdx dnscrypt-proxy[224539]: [RD] OK (DoH) - rtt: 143ms Jul 03 16:22:02.540904 osdx dnscrypt-proxy[224539]: Server with the lowest initial latency: RD (rtt: 143ms) Jul 03 16:22:02.540909 osdx dnscrypt-proxy[224539]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:22:07.541979 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:22:07.748645 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 03 16:22:08.040205 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:22:08.041022 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:22:08.041057 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:22:08.051295 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:22:08.292168 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:08.388956 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:22:08.465393 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:22:08.572684 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:08.639282 osdx dnscrypt-proxy[224539]: Stopped. Jul 03 16:22:08.639361 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:22:08.640535 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:22:08.640686 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:08.708700 osdx ca-certificates[224645]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:22:09.017203 osdx ca-certificates[225214]: done. Jul 03 16:22:09.021775 osdx ca-certificates[225226]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:09.494595 osdx ca-certificates[226074]: 140 added, 0 removed; done. Jul 03 16:22:09.497848 osdx ca-certificates[226081]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:09.501811 osdx ca-certificates[226083]: done. Jul 03 16:22:09.529614 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:09.531886 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:09.554914 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:10.665339 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:10.718338 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:22:10.843170 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:22:10.917694 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:22:11.021525 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:22:11.122389 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:22:11.191401 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 03 16:22:11.296110 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 03 16:22:11.357711 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:22:11.481697 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:22:11.545568 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:22:11.664472 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:11.780556 osdx ca-certificates[226138]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:12.368591 osdx ca-certificates[227142]: 1 added, 0 removed; done. Jul 03 16:22:12.371659 osdx ca-certificates[227148]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:12.375503 osdx ca-certificates[227150]: done. Jul 03 16:22:12.397025 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:22:12.533524 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:12.535350 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:12.561117 osdx dnscrypt-proxy[227186]: dnscrypt-proxy 2.0.45 Jul 03 16:22:12.561200 osdx dnscrypt-proxy[227186]: Network connectivity detected Jul 03 16:22:12.561455 osdx dnscrypt-proxy[227186]: Dropping privileges Jul 03 16:22:12.564581 osdx dnscrypt-proxy[227186]: Network connectivity detected Jul 03 16:22:12.564621 osdx dnscrypt-proxy[227186]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:22:12.564627 osdx dnscrypt-proxy[227186]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:22:12.564653 osdx dnscrypt-proxy[227186]: Firefox workaround initialized Jul 03 16:22:12.564658 osdx dnscrypt-proxy[227186]: Loading the set of cloaking rules from [/tmp/tmpv_hh7q7l] Jul 03 16:22:12.578329 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:12.603118 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:12.739299 osdx dnscrypt-proxy[227186]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 03 16:22:12.739316 osdx dnscrypt-proxy[227186]: [RD] OK (DoH) - rtt: 143ms Jul 03 16:22:12.739325 osdx dnscrypt-proxy[227186]: Server with the lowest initial latency: RD (rtt: 143ms) Jul 03 16:22:12.739330 osdx dnscrypt-proxy[227186]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:22:12.764927 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 03 16:22:13.014800 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:22:13.017028 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:22:13.017112 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:22:13.026417 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:22:13.328887 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:13.386021 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:22:13.510592 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:22:13.574675 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:13.696875 osdx dnscrypt-proxy[227186]: Stopped. Jul 03 16:22:13.696925 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:22:13.698613 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:22:13.698730 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:13.767994 osdx ca-certificates[227286]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:22:14.063496 osdx ca-certificates[227855]: done. Jul 03 16:22:14.066725 osdx ca-certificates[227863]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:14.544142 osdx ca-certificates[228715]: 140 added, 0 removed; done. Jul 03 16:22:14.548431 osdx ca-certificates[228722]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:14.551622 osdx ca-certificates[228724]: done. Jul 03 16:22:14.580508 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:14.583222 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:14.608814 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:15.794165 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:15.851807 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:22:15.950449 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:22:16.021150 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:22:16.108254 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:22:16.168690 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:22:16.262224 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 03 16:22:16.319762 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 03 16:22:16.415439 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:22:16.488618 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:22:16.614847 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:22:16.722774 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:16.824952 osdx ca-certificates[228779]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:17.372838 osdx ca-certificates[229783]: 1 added, 0 removed; done. Jul 03 16:22:17.376258 osdx ca-certificates[229789]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:17.379097 osdx ca-certificates[229791]: done. Jul 03 16:22:17.397031 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:22:17.529659 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:17.531266 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:17.554130 osdx dnscrypt-proxy[229827]: dnscrypt-proxy 2.0.45 Jul 03 16:22:17.554222 osdx dnscrypt-proxy[229827]: Network connectivity detected Jul 03 16:22:17.554521 osdx dnscrypt-proxy[229827]: Dropping privileges Jul 03 16:22:17.557421 osdx dnscrypt-proxy[229827]: Network connectivity detected Jul 03 16:22:17.557457 osdx dnscrypt-proxy[229827]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:22:17.557463 osdx dnscrypt-proxy[229827]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:22:17.557491 osdx dnscrypt-proxy[229827]: Firefox workaround initialized Jul 03 16:22:17.557497 osdx dnscrypt-proxy[229827]: Loading the set of cloaking rules from [/tmp/tmpun1hqljb] Jul 03 16:22:17.560864 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:17.588620 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:17.777088 osdx dnscrypt-proxy[229827]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 03 16:22:17.777111 osdx dnscrypt-proxy[229827]: [RD] OK (DoH) - rtt: 183ms Jul 03 16:22:17.777124 osdx dnscrypt-proxy[229827]: Server with the lowest initial latency: RD (rtt: 183ms) Jul 03 16:22:17.777132 osdx dnscrypt-proxy[229827]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:22:19.002811 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jul 03 16:22:22.747808 osdx OSDxCLI[150173]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 03 16:22:22.927901 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 03 16:22:23.145495 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:22:23.149070 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:22:23.149126 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:22:23.156245 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:22:23.426092 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:23.476878 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:22:23.585251 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:22:23.647054 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:23.740585 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:22:23.740609 osdx dnscrypt-proxy[229827]: Stopped. Jul 03 16:22:23.741759 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:22:23.741887 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:23.808978 osdx ca-certificates[229934]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:22:24.094789 osdx ca-certificates[230504]: done. Jul 03 16:22:24.097835 osdx ca-certificates[230512]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:24.539256 osdx ca-certificates[231364]: 140 added, 0 removed; done. Jul 03 16:22:24.542182 osdx ca-certificates[231370]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:24.545281 osdx ca-certificates[231372]: done. Jul 03 16:22:24.573901 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:24.577758 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:24.603582 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:25.846390 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:25.906690 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:22:25.996347 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:22:26.059767 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:22:26.147687 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:22:26.201571 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:22:26.291440 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 03 16:22:26.344794 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 03 16:22:26.437589 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:22:26.500606 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:22:26.584096 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:22:26.657141 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:26.764914 osdx ca-certificates[231427]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:27.274643 osdx ca-certificates[232430]: 1 added, 0 removed; done. Jul 03 16:22:27.277610 osdx ca-certificates[232437]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:27.280710 osdx ca-certificates[232439]: done. Jul 03 16:22:27.297031 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:22:27.437512 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:27.439067 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:27.457297 osdx dnscrypt-proxy[232475]: dnscrypt-proxy 2.0.45 Jul 03 16:22:27.457365 osdx dnscrypt-proxy[232475]: Network connectivity detected Jul 03 16:22:27.457576 osdx dnscrypt-proxy[232475]: Dropping privileges Jul 03 16:22:27.460564 osdx dnscrypt-proxy[232475]: Network connectivity detected Jul 03 16:22:27.460594 osdx dnscrypt-proxy[232475]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:22:27.460598 osdx dnscrypt-proxy[232475]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:22:27.460619 osdx dnscrypt-proxy[232475]: Firefox workaround initialized Jul 03 16:22:27.460623 osdx dnscrypt-proxy[232475]: Loading the set of cloaking rules from [/tmp/tmp0o3s6_vc] Jul 03 16:22:27.466966 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:27.483637 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:27.617612 osdx dnscrypt-proxy[232475]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 03 16:22:27.617629 osdx dnscrypt-proxy[232475]: [RD] OK (DoH) - rtt: 126ms Jul 03 16:22:27.617638 osdx dnscrypt-proxy[232475]: Server with the lowest initial latency: RD (rtt: 126ms) Jul 03 16:22:27.617643 osdx dnscrypt-proxy[232475]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:22:27.636610 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 03 16:22:27.830756 osdx systemd-journald[19587]: Runtime Journal (/run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b) is 2.0M, max 15.3M, 13.3M free. Jul 03 16:22:27.833021 osdx systemd-journald[19587]: Received client request to rotate journal, rotating. Jul 03 16:22:27.833067 osdx systemd-journald[19587]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aa1bd7befff24a8b91d1e90ef92c032b. Jul 03 16:22:27.840743 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'system journal clear'. Jul 03 16:22:28.079432 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:28.141192 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'delete'. Jul 03 16:22:28.266470 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 03 16:22:28.330853 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:28.441930 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 03 16:22:28.441954 osdx dnscrypt-proxy[232475]: Stopped. Jul 03 16:22:28.442947 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 03 16:22:28.443106 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:28.509275 osdx ca-certificates[232577]: Clearing symlinks in /etc/ssl/certs... Jul 03 16:22:28.806858 osdx ca-certificates[233146]: done. Jul 03 16:22:28.809877 osdx ca-certificates[233155]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:29.257435 osdx ca-certificates[234007]: 140 added, 0 removed; done. Jul 03 16:22:29.260412 osdx ca-certificates[234013]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:29.263287 osdx ca-certificates[234015]: done. Jul 03 16:22:29.291546 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:29.293978 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:29.317560 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:30.468838 osdx OSDxCLI[150173]: User 'admin' entered the configuration menu. Jul 03 16:22:30.525606 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 03 16:22:30.614128 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 03 16:22:30.683851 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 03 16:22:30.778826 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 03 16:22:30.843480 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 654360ee51829bf4a8cea9c41e387b649d8a86841ca20ec804f6d7b17eea4854'. Jul 03 16:22:30.938017 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 03 16:22:30.998762 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 03 16:22:31.084302 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 03 16:22:31.158005 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 03 16:22:31.237067 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 03 16:22:31.313872 osdx OSDxCLI[150173]: User 'admin' added a new cfg line: 'show working'. Jul 03 16:22:31.424458 osdx ca-certificates[234070]: Updating certificates in /etc/ssl/certs... Jul 03 16:22:31.940591 osdx ca-certificates[235073]: 1 added, 0 removed; done. Jul 03 16:22:31.943473 osdx ca-certificates[235080]: Running hooks in /etc/ca-certificates/update.d... Jul 03 16:22:31.947398 osdx ca-certificates[235082]: done. Jul 03 16:22:31.969026 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 03 16:22:32.093432 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 03 16:22:32.094615 osdx cfgd[1440]: [150173]Completed change to active configuration Jul 03 16:22:32.114223 osdx dnscrypt-proxy[235118]: dnscrypt-proxy 2.0.45 Jul 03 16:22:32.114291 osdx dnscrypt-proxy[235118]: Network connectivity detected Jul 03 16:22:32.114514 osdx dnscrypt-proxy[235118]: Dropping privileges Jul 03 16:22:32.116848 osdx dnscrypt-proxy[235118]: Network connectivity detected Jul 03 16:22:32.116878 osdx dnscrypt-proxy[235118]: Now listening to 127.0.0.1:53 [UDP] Jul 03 16:22:32.116882 osdx dnscrypt-proxy[235118]: Now listening to 127.0.0.1:53 [TCP] Jul 03 16:22:32.116903 osdx dnscrypt-proxy[235118]: Firefox workaround initialized Jul 03 16:22:32.116907 osdx dnscrypt-proxy[235118]: Loading the set of cloaking rules from [/tmp/tmprgadwjau] Jul 03 16:22:32.121494 osdx OSDxCLI[150173]: User 'admin' committed the configuration. Jul 03 16:22:32.147986 osdx OSDxCLI[150173]: User 'admin' left the configuration menu. Jul 03 16:22:32.270886 osdx dnscrypt-proxy[235118]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 03 16:22:32.270900 osdx dnscrypt-proxy[235118]: [RD] OK (DoH) - rtt: 123ms Jul 03 16:22:32.270909 osdx dnscrypt-proxy[235118]: Server with the lowest initial latency: RD (rtt: 123ms) Jul 03 16:22:32.270914 osdx dnscrypt-proxy[235118]: dnscrypt-proxy is ready - live servers: 1 Jul 03 16:22:32.301923 osdx OSDxCLI[150173]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.