Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 07 12:43:59.326781 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free.
Oct 07 12:43:59.330669 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:43:59.330734 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:43:59.338890 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:43:59.656008 osdx osdx-coredump[388398]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 07 12:43:59.663520 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 07 12:44:00.102885 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:00.174194 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:00.296147 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:00.371224 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:00.474653 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:00.563279 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:00.589071 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:00.605403 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:00.750084 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 07 12:44:00.922289 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:00.995653 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:01.094955 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:01.193224 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:01.315495 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:01.376022 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:01.480131 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 07 12:44:01.537754 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:01.635189 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:01.708057 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:01.822533 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:01.924478 osdx ca-certificates[388550]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:01.941925 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:02.420728 osdx ca-certificates[389554]: 1 added, 0 removed; done.
Oct 07 12:44:02.424628 osdx ca-certificates[389560]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:02.427602 osdx ca-certificates[389562]: done.
Oct 07 12:44:02.494979 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:02.496143 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:02.498702 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:02.520881 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:02.530795 osdx dnscrypt-proxy[389566]: dnscrypt-proxy 2.0.45
Oct 07 12:44:02.530867 osdx dnscrypt-proxy[389566]: Network connectivity detected
Oct 07 12:44:02.531092 osdx dnscrypt-proxy[389566]: Dropping privileges
Oct 07 12:44:02.533629 osdx dnscrypt-proxy[389566]: Network connectivity detected
Oct 07 12:44:02.533659 osdx dnscrypt-proxy[389566]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:02.533663 osdx dnscrypt-proxy[389566]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:02.533682 osdx dnscrypt-proxy[389566]: Firefox workaround initialized
Oct 07 12:44:02.533686 osdx dnscrypt-proxy[389566]: Loading the set of cloaking rules from [/tmp/tmp6rlaxmau]
Oct 07 12:44:02.673843 osdx dnscrypt-proxy[389566]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 07 12:44:02.673859 osdx dnscrypt-proxy[389566]: [RD] OK (DoH) - rtt: 116ms
Oct 07 12:44:02.673867 osdx dnscrypt-proxy[389566]: Server with the lowest initial latency: RD (rtt: 116ms)
Oct 07 12:44:02.673872 osdx dnscrypt-proxy[389566]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:44:05.308854 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:07.687172 osdx OSDxCLI[267623]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 07 12:44:07.858009 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 07 12:44:14.297704 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:14.301214 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:14.301263 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:14.307796 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:14.673385 osdx osdx-coredump[391196]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 07 12:44:14.684058 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 07 12:44:15.154428 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:15.223964 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:15.311966 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:15.379589 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:15.533196 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:15.608980 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:15.647637 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:15.663976 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:15.810923 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 07 12:44:15.939327 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:16.008195 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:16.109223 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:16.187543 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:16.328317 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:16.405051 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:16.513680 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 07 12:44:16.567625 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:16.732448 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:16.736225 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:16.809702 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:16.924866 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:17.010978 osdx ca-certificates[391342]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:17.568798 osdx ca-certificates[392347]: 1 added, 0 removed; done.
Oct 07 12:44:17.572500 osdx ca-certificates[392353]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:17.575130 osdx ca-certificates[392355]: done.
Oct 07 12:44:17.645460 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:17.646666 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:17.648628 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:17.677844 osdx dnscrypt-proxy[392359]: dnscrypt-proxy 2.0.45
Oct 07 12:44:17.677913 osdx dnscrypt-proxy[392359]: Network connectivity detected
Oct 07 12:44:17.678132 osdx dnscrypt-proxy[392359]: Dropping privileges
Oct 07 12:44:17.678462 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:17.680522 osdx dnscrypt-proxy[392359]: Network connectivity detected
Oct 07 12:44:17.680549 osdx dnscrypt-proxy[392359]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:17.680553 osdx dnscrypt-proxy[392359]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:17.680572 osdx dnscrypt-proxy[392359]: Firefox workaround initialized
Oct 07 12:44:17.680576 osdx dnscrypt-proxy[392359]: Loading the set of cloaking rules from [/tmp/tmprh38n_fp]
Oct 07 12:44:17.817452 osdx dnscrypt-proxy[392359]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 07 12:44:17.817466 osdx dnscrypt-proxy[392359]: [RD] OK (DoH) - rtt: 114ms
Oct 07 12:44:17.817475 osdx dnscrypt-proxy[392359]: Server with the lowest initial latency: RD (rtt: 114ms)
Oct 07 12:44:17.817480 osdx dnscrypt-proxy[392359]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:44:20.101979 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:22.811395 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:22.826773 osdx OSDxCLI[267623]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 07 12:44:23.024816 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 07 12:44:23.245963 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:23.249184 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:23.249239 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:23.256830 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:23.506600 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:23.563623 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:44:23.672584 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:44:23.737539 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:23.839925 osdx dnscrypt-proxy[392359]: Stopped.
Oct 07 12:44:23.839941 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:44:23.841771 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:44:23.841876 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:23.904612 osdx ca-certificates[392449]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:44:24.158037 osdx ca-certificates[393020]: done.
Oct 07 12:44:24.161563 osdx ca-certificates[393029]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:24.584039 osdx ca-certificates[393879]: 140 added, 0 removed; done.
Oct 07 12:44:24.587766 osdx ca-certificates[393886]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:24.590643 osdx ca-certificates[393888]: done.
Oct 07 12:44:24.624209 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:24.626266 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:24.657062 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:25.848330 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:25.907582 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:26.005513 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:26.068967 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:26.164070 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:26.223454 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:26.322150 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 07 12:44:26.376818 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:26.490962 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:26.545413 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:26.662750 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:26.756300 osdx ca-certificates[393944]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:27.237935 osdx ca-certificates[394948]: 1 added, 0 removed; done.
Oct 07 12:44:27.241899 osdx ca-certificates[394954]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:27.245626 osdx ca-certificates[394956]: done.
Oct 07 12:44:27.261188 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:27.401497 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:27.402571 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:27.422912 osdx dnscrypt-proxy[395015]: dnscrypt-proxy 2.0.45
Oct 07 12:44:27.423184 osdx dnscrypt-proxy[395015]: Network connectivity detected
Oct 07 12:44:27.423401 osdx dnscrypt-proxy[395015]: Dropping privileges
Oct 07 12:44:27.425436 osdx dnscrypt-proxy[395015]: Network connectivity detected
Oct 07 12:44:27.425612 osdx dnscrypt-proxy[395015]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:27.425647 osdx dnscrypt-proxy[395015]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:27.425692 osdx dnscrypt-proxy[395015]: Firefox workaround initialized
Oct 07 12:44:27.425723 osdx dnscrypt-proxy[395015]: Loading the set of cloaking rules from [/tmp/tmpx3tums2x]
Oct 07 12:44:27.429489 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:27.445950 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:27.581542 osdx dnscrypt-proxy[395015]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 07 12:44:27.581556 osdx dnscrypt-proxy[395015]: [RD] OK (DoH) - rtt: 124ms
Oct 07 12:44:27.581565 osdx dnscrypt-proxy[395015]: Server with the lowest initial latency: RD (rtt: 124ms)
Oct 07 12:44:27.581569 osdx dnscrypt-proxy[395015]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:44:27.595523 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 07 12:44:27.797133 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:27.797721 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:27.797762 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:27.807746 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:27.815250 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:28.069655 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:28.124691 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:44:28.232257 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:44:28.326285 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:28.407706 osdx dnscrypt-proxy[395015]: Stopped.
Oct 07 12:44:28.407788 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:44:28.408814 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:44:28.408947 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:28.486094 osdx ca-certificates[395119]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:44:28.761421 osdx ca-certificates[395689]: done.
Oct 07 12:44:28.764056 osdx ca-certificates[395698]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:29.194338 osdx ca-certificates[396549]: 140 added, 0 removed; done.
Oct 07 12:44:29.197048 osdx ca-certificates[396556]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:29.199770 osdx ca-certificates[396558]: done.
Oct 07 12:44:29.235454 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:29.237642 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:29.264101 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:30.452729 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:30.521052 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:30.622912 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:30.688984 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:30.783369 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:30.879815 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:30.934984 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 07 12:44:31.029916 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:31.102036 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:31.185621 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:31.261837 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:31.386389 osdx ca-certificates[396614]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:31.733436 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:31.890429 osdx ca-certificates[397618]: 1 added, 0 removed; done.
Oct 07 12:44:31.893287 osdx ca-certificates[397624]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:31.896897 osdx ca-certificates[397626]: done.
Oct 07 12:44:31.913203 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:32.061623 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:32.062968 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:32.082688 osdx dnscrypt-proxy[397685]: dnscrypt-proxy 2.0.45
Oct 07 12:44:32.082747 osdx dnscrypt-proxy[397685]: Network connectivity detected
Oct 07 12:44:32.082928 osdx dnscrypt-proxy[397685]: Dropping privileges
Oct 07 12:44:32.085248 osdx dnscrypt-proxy[397685]: Network connectivity detected
Oct 07 12:44:32.085280 osdx dnscrypt-proxy[397685]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:32.085286 osdx dnscrypt-proxy[397685]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:32.085310 osdx dnscrypt-proxy[397685]: Firefox workaround initialized
Oct 07 12:44:32.085315 osdx dnscrypt-proxy[397685]: Loading the set of cloaking rules from [/tmp/tmpu57214bn]
Oct 07 12:44:32.100825 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:32.124865 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:32.241129 osdx dnscrypt-proxy[397685]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:44:32.241151 osdx dnscrypt-proxy[397685]: [RD] OK (DoH) - rtt: 128ms
Oct 07 12:44:32.241161 osdx dnscrypt-proxy[397685]: Server with the lowest initial latency: RD (rtt: 128ms)
Oct 07 12:44:32.241166 osdx dnscrypt-proxy[397685]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:44:32.276093 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 07 12:44:39.298260 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:39.299950 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:39.300007 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:39.309243 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:39.663448 osdx osdx-coredump[399327]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 07 12:44:39.670802 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 07 12:44:40.135643 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:40.208994 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:40.285345 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:40.352596 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:40.483940 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:40.555641 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:40.581525 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:40.597080 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:40.747161 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 07 12:44:40.879123 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:40.939121 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:41.070049 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:41.160924 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:41.263445 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:41.411098 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:41.467477 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:44:41.554469 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:41.627847 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:41.725178 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:41.812954 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:41.917257 osdx ca-certificates[399474]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:42.426271 osdx ca-certificates[400478]: 1 added, 0 removed; done.
Oct 07 12:44:42.429168 osdx ca-certificates[400484]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:42.432153 osdx ca-certificates[400486]: done.
Oct 07 12:44:42.504329 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:42.505527 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:42.507462 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:42.525941 osdx dnscrypt-proxy[400490]: dnscrypt-proxy 2.0.45
Oct 07 12:44:42.526001 osdx dnscrypt-proxy[400490]: Network connectivity detected
Oct 07 12:44:42.526176 osdx dnscrypt-proxy[400490]: Dropping privileges
Oct 07 12:44:42.528197 osdx dnscrypt-proxy[400490]: Network connectivity detected
Oct 07 12:44:42.528223 osdx dnscrypt-proxy[400490]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:42.528227 osdx dnscrypt-proxy[400490]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:42.528245 osdx dnscrypt-proxy[400490]: Firefox workaround initialized
Oct 07 12:44:42.528248 osdx dnscrypt-proxy[400490]: Loading the set of cloaking rules from [/tmp/tmpdqp8mny8]
Oct 07 12:44:42.528972 osdx dnscrypt-proxy[400490]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 07 12:44:42.542980 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:42.666361 osdx dnscrypt-proxy[400490]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:44:42.666373 osdx dnscrypt-proxy[400490]: [RD] OK (DoH) - rtt: 104ms
Oct 07 12:44:42.666380 osdx dnscrypt-proxy[400490]: Server with the lowest initial latency: RD (rtt: 104ms)
Oct 07 12:44:42.666385 osdx dnscrypt-proxy[400490]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 07 12:44:49.294416 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:49.295491 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:49.295549 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:49.305792 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:49.640828 osdx osdx-coredump[402108]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 07 12:44:49.648327 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 07 12:44:49.962750 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:50.119104 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:50.191275 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:50.278924 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:50.350637 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:50.467501 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:44:50.545922 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:50.578833 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:50.594949 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:50.741705 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 07 12:44:50.906557 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:51.045469 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:44:51.101681 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:44:51.204194 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:44:51.262935 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:44:51.364733 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:44:51.421388 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:44:51.516716 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:44:51.591506 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:44:51.676119 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:44:51.766815 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:51.900236 osdx ca-certificates[402255]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:52.441399 osdx ca-certificates[403258]: 1 added, 0 removed; done.
Oct 07 12:44:52.444967 osdx ca-certificates[403265]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:52.447787 osdx ca-certificates[403267]: done.
Oct 07 12:44:52.519956 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:52.521419 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:52.525107 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:52.541257 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:52.543344 osdx dnscrypt-proxy[403271]: dnscrypt-proxy 2.0.45
Oct 07 12:44:52.543410 osdx dnscrypt-proxy[403271]: Network connectivity detected
Oct 07 12:44:52.543606 osdx dnscrypt-proxy[403271]: Dropping privileges
Oct 07 12:44:52.545651 osdx dnscrypt-proxy[403271]: Network connectivity detected
Oct 07 12:44:52.545679 osdx dnscrypt-proxy[403271]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:44:52.545683 osdx dnscrypt-proxy[403271]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:44:52.545705 osdx dnscrypt-proxy[403271]: Firefox workaround initialized
Oct 07 12:44:52.545709 osdx dnscrypt-proxy[403271]: Loading the set of cloaking rules from [/tmp/tmpkrydcxzn]
Oct 07 12:44:52.546557 osdx dnscrypt-proxy[403271]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 07 12:44:52.823702 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:44:52.827502 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:44:52.827558 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:44:52.834861 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:44:53.127101 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:53.239726 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:44:53.325753 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:44:53.418903 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:44:53.485718 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:44:53.485735 osdx dnscrypt-proxy[403271]: Stopped.
Oct 07 12:44:53.486688 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:44:53.486785 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:44:57.678712 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:57.678799 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:44:57.678819 osdx zebra[1404]: [PHJDC-499N2][EC 100663314] STARVATION: task agentx_timeout (7f71ecfb2bd0) ran for 5005ms (cpu time 0ms)
Oct 07 12:44:57.714532 osdx ca-certificates[403354]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:44:57.993226 osdx ca-certificates[403923]: done.
Oct 07 12:44:57.998088 osdx ca-certificates[403932]: Updating certificates in /etc/ssl/certs...
Oct 07 12:44:58.459118 osdx ca-certificates[404784]: 140 added, 0 removed; done.
Oct 07 12:44:58.461971 osdx ca-certificates[404790]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:44:58.464849 osdx ca-certificates[404792]: done.
Oct 07 12:44:58.495887 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:44:58.499514 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:44:58.518466 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:44:59.933648 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:44:59.993760 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:00.095167 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:00.160700 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:00.253290 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:00.313142 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:00.419533 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 07 12:45:00.473994 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:00.586379 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:00.642250 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:00.770879 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:00.866869 osdx ca-certificates[404848]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:01.381434 osdx ca-certificates[405852]: 1 added, 0 removed; done.
Oct 07 12:45:01.384237 osdx ca-certificates[405858]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:01.387023 osdx ca-certificates[405860]: done.
Oct 07 12:45:01.403495 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:01.547935 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:01.549305 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:01.569394 osdx dnscrypt-proxy[405924]: dnscrypt-proxy 2.0.45
Oct 07 12:45:01.569451 osdx dnscrypt-proxy[405924]: Network connectivity detected
Oct 07 12:45:01.569642 osdx dnscrypt-proxy[405924]: Dropping privileges
Oct 07 12:45:01.572137 osdx dnscrypt-proxy[405924]: Network connectivity detected
Oct 07 12:45:01.572172 osdx dnscrypt-proxy[405924]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:01.572177 osdx dnscrypt-proxy[405924]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:01.572203 osdx dnscrypt-proxy[405924]: Firefox workaround initialized
Oct 07 12:45:01.572209 osdx dnscrypt-proxy[405924]: Loading the set of cloaking rules from [/tmp/tmpc_kfzhjz]
Oct 07 12:45:01.573060 osdx dnscrypt-proxy[405924]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 07 12:45:01.590900 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:01.622952 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Oct 07 12:45:01.898712 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:45:01.899494 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:01.899528 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:01.909014 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:02.191181 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:02.239208 osdx dnscrypt-proxy[405924]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:45:02.239225 osdx dnscrypt-proxy[405924]: [RD] OK (DoH) - rtt: 638ms
Oct 07 12:45:02.239239 osdx dnscrypt-proxy[405924]: Server with the lowest initial latency: RD (rtt: 638ms)
Oct 07 12:45:02.239244 osdx dnscrypt-proxy[405924]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:02.259233 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:02.368725 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:02.432189 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:02.528373 osdx dnscrypt-proxy[405924]: Stopped.
Oct 07 12:45:02.528385 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:02.529227 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:02.529337 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:06.602747 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:06.602862 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:06.602887 osdx zebra[1404]: [PHJDC-499N2][EC 100663314] STARVATION: task agentx_timeout (7f71ecfb2bd0) ran for 5005ms (cpu time 0ms)
Oct 07 12:45:06.636207 osdx ca-certificates[406025]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:06.902744 osdx ca-certificates[406594]: done.
Oct 07 12:45:06.907540 osdx ca-certificates[406603]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:07.349049 osdx ca-certificates[407454]: 140 added, 0 removed; done.
Oct 07 12:45:07.351791 osdx ca-certificates[407461]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:07.354619 osdx ca-certificates[407463]: done.
Oct 07 12:45:07.398817 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:07.401682 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:07.419011 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:07.673801 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:08.757540 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:08.816910 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:08.915718 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:08.981868 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:09.076172 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:09.145572 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:09.256100 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:45:09.329528 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 07 12:45:09.425181 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:09.500611 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:09.591226 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:09.675409 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:09.778167 osdx ca-certificates[407522]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:10.279120 osdx ca-certificates[408526]: 1 added, 0 removed; done.
Oct 07 12:45:10.281873 osdx ca-certificates[408532]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:10.285722 osdx ca-certificates[408534]: done.
Oct 07 12:45:10.299499 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:10.435759 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:10.436889 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:10.463312 osdx dnscrypt-proxy[408593]: dnscrypt-proxy 2.0.45
Oct 07 12:45:10.463585 osdx dnscrypt-proxy[408593]: Network connectivity detected
Oct 07 12:45:10.463812 osdx dnscrypt-proxy[408593]: Dropping privileges
Oct 07 12:45:10.466073 osdx dnscrypt-proxy[408593]: Network connectivity detected
Oct 07 12:45:10.466252 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:10.466581 osdx dnscrypt-proxy[408593]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:10.466633 osdx dnscrypt-proxy[408593]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:10.466706 osdx dnscrypt-proxy[408593]: Firefox workaround initialized
Oct 07 12:45:10.466747 osdx dnscrypt-proxy[408593]: Loading the set of cloaking rules from [/tmp/tmp6rjmhi64]
Oct 07 12:45:10.467904 osdx dnscrypt-proxy[408593]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Oct 07 12:45:10.484197 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:10.614858 osdx dnscrypt-proxy[408593]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:45:10.614872 osdx dnscrypt-proxy[408593]: [RD] OK (DoH) - rtt: 122ms
Oct 07 12:45:10.614879 osdx dnscrypt-proxy[408593]: Server with the lowest initial latency: RD (rtt: 122ms)
Oct 07 12:45:10.614885 osdx dnscrypt-proxy[408593]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 07 12:45:17.457927 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.2M free.
Oct 07 12:45:17.461246 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:17.461307 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:17.467446 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:17.785826 osdx osdx-coredump[410231]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Oct 07 12:45:17.795079 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 07 12:45:18.273144 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:18.377787 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:18.460485 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:18.537006 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:18.641247 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:18.710218 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:18.738535 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:18.760093 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:18.889636 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'ping 10.215.168.1      count 1 size 56 timeout 1'.
Oct 07 12:45:19.055865 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:19.125091 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:19.222904 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:19.291657 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:19.382955 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:19.447087 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:19.552991 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:45:19.619445 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 07 12:45:19.712805 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:19.789459 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:19.880040 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:19.969483 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:20.067339 osdx ca-certificates[410381]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:20.556946 osdx ca-certificates[411385]: 1 added, 0 removed; done.
Oct 07 12:45:20.559809 osdx ca-certificates[411391]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:20.563601 osdx ca-certificates[411393]: done.
Oct 07 12:45:20.657798 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:20.659307 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:20.662410 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:20.680180 osdx dnscrypt-proxy[411397]: dnscrypt-proxy 2.0.45
Oct 07 12:45:20.680242 osdx dnscrypt-proxy[411397]: Network connectivity detected
Oct 07 12:45:20.680434 osdx dnscrypt-proxy[411397]: Dropping privileges
Oct 07 12:45:20.682605 osdx dnscrypt-proxy[411397]: Network connectivity detected
Oct 07 12:45:20.682771 osdx dnscrypt-proxy[411397]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:20.682798 osdx dnscrypt-proxy[411397]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:20.682843 osdx dnscrypt-proxy[411397]: Firefox workaround initialized
Oct 07 12:45:20.682868 osdx dnscrypt-proxy[411397]: Loading the set of cloaking rules from [/tmp/tmplje9usys]
Oct 07 12:45:20.690498 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:20.818970 osdx dnscrypt-proxy[411397]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 07 12:45:20.818985 osdx dnscrypt-proxy[411397]: [RD] OK (DoH) - rtt: 114ms
Oct 07 12:45:20.818998 osdx dnscrypt-proxy[411397]: Server with the lowest initial latency: RD (rtt: 114ms)
Oct 07 12:45:20.819010 osdx dnscrypt-proxy[411397]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:20.833824 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 07 12:45:21.028452 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:45:21.029258 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:21.029312 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:21.037969 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:21.282407 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:21.338360 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:21.434950 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:21.449513 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:21.517430 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:21.613311 osdx dnscrypt-proxy[411397]: Stopped.
Oct 07 12:45:21.613338 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:21.614890 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:21.615032 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:21.684349 osdx ca-certificates[411482]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:21.953096 osdx ca-certificates[412051]: done.
Oct 07 12:45:21.956804 osdx ca-certificates[412061]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:22.403606 osdx ca-certificates[412912]: 140 added, 0 removed; done.
Oct 07 12:45:22.406652 osdx ca-certificates[412918]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:22.409715 osdx ca-certificates[412920]: done.
Oct 07 12:45:22.440162 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:22.443470 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:22.451557 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:22.461731 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:23.762435 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:23.826461 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:23.927453 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:24.005549 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:24.101080 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:24.166338 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:24.264872 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:45:24.345481 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 07 12:45:24.424322 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:24.553162 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:24.630674 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:24.711360 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:24.816837 osdx ca-certificates[412979]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:25.347918 osdx ca-certificates[413983]: 1 added, 0 removed; done.
Oct 07 12:45:25.350890 osdx ca-certificates[413989]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:25.354398 osdx ca-certificates[413991]: done.
Oct 07 12:45:25.373253 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:25.501638 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:25.502948 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:25.532580 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:25.536787 osdx dnscrypt-proxy[414050]: dnscrypt-proxy 2.0.45
Oct 07 12:45:25.536861 osdx dnscrypt-proxy[414050]: Network connectivity detected
Oct 07 12:45:25.537084 osdx dnscrypt-proxy[414050]: Dropping privileges
Oct 07 12:45:25.540110 osdx dnscrypt-proxy[414050]: Network connectivity detected
Oct 07 12:45:25.540145 osdx dnscrypt-proxy[414050]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:25.540151 osdx dnscrypt-proxy[414050]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:25.540176 osdx dnscrypt-proxy[414050]: Firefox workaround initialized
Oct 07 12:45:25.540181 osdx dnscrypt-proxy[414050]: Loading the set of cloaking rules from [/tmp/tmp13llue_t]
Oct 07 12:45:25.561320 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:25.691622 osdx dnscrypt-proxy[414050]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 07 12:45:25.691644 osdx dnscrypt-proxy[414050]: [RD] OK (DoH) - rtt: 121ms
Oct 07 12:45:25.691656 osdx dnscrypt-proxy[414050]: Server with the lowest initial latency: RD (rtt: 121ms)
Oct 07 12:45:25.691662 osdx dnscrypt-proxy[414050]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:25.714448 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 07 12:45:25.929014 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:45:25.929430 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:25.929459 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:25.939675 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:26.205465 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:26.261973 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:26.373459 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:26.436752 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:26.532483 osdx dnscrypt-proxy[414050]: Stopped.
Oct 07 12:45:26.532512 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:26.533380 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:26.533489 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:26.615120 osdx ca-certificates[414155]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:26.870676 osdx ca-certificates[414724]: done.
Oct 07 12:45:26.874283 osdx ca-certificates[414737]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:27.306084 osdx ca-certificates[415584]: 140 added, 0 removed; done.
Oct 07 12:45:27.309517 osdx ca-certificates[415591]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:27.312426 osdx ca-certificates[415593]: done.
Oct 07 12:45:27.352198 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:27.355658 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:27.372887 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:27.456716 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:28.573465 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:28.656198 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:28.726326 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:28.829632 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:28.888631 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:28.993683 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:29.051213 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Oct 07 12:45:29.157635 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 07 12:45:29.228806 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:29.338395 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:29.402695 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:29.540196 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:29.656143 osdx ca-certificates[415654]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:30.169528 osdx ca-certificates[416658]: 1 added, 0 removed; done.
Oct 07 12:45:30.172255 osdx ca-certificates[416664]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:30.174896 osdx ca-certificates[416666]: done.
Oct 07 12:45:30.193240 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:30.329533 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:30.330577 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:30.389253 osdx dnscrypt-proxy[416725]: dnscrypt-proxy 2.0.45
Oct 07 12:45:30.389328 osdx dnscrypt-proxy[416725]: Network connectivity detected
Oct 07 12:45:30.389580 osdx dnscrypt-proxy[416725]: Dropping privileges
Oct 07 12:45:30.392533 osdx dnscrypt-proxy[416725]: Network connectivity detected
Oct 07 12:45:30.392575 osdx dnscrypt-proxy[416725]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:30.392582 osdx dnscrypt-proxy[416725]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:30.392617 osdx dnscrypt-proxy[416725]: Firefox workaround initialized
Oct 07 12:45:30.392623 osdx dnscrypt-proxy[416725]: Loading the set of cloaking rules from [/tmp/tmp5cg_5uf6]
Oct 07 12:45:30.397867 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:30.415316 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:30.568972 osdx dnscrypt-proxy[416725]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:45:30.568986 osdx dnscrypt-proxy[416725]: [RD] OK (DoH) - rtt: 112ms
Oct 07 12:45:30.568994 osdx dnscrypt-proxy[416725]: Server with the lowest initial latency: RD (rtt: 112ms)
Oct 07 12:45:30.568999 osdx dnscrypt-proxy[416725]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:31.377341 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:35.572491 osdx OSDxCLI[267623]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Oct 07 12:45:35.777403 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Oct 07 12:45:36.021043 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.6M, max 15.3M, 12.7M free.
Oct 07 12:45:36.021464 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:36.021494 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:36.030589 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:36.331851 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:36.382969 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:36.390687 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:36.501005 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:36.563741 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:36.671800 osdx dnscrypt-proxy[416725]: Stopped.
Oct 07 12:45:36.671850 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:36.672474 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:36.672598 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:36.738128 osdx ca-certificates[416835]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:36.994091 osdx ca-certificates[417405]: done.
Oct 07 12:45:36.998140 osdx ca-certificates[417417]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:37.422605 osdx ca-certificates[418265]: 140 added, 0 removed; done.
Oct 07 12:45:37.425351 osdx ca-certificates[418271]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:37.429015 osdx ca-certificates[418273]: done.
Oct 07 12:45:37.451584 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:37.457235 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:37.459479 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:37.499219 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:39.196790 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:39.269758 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:39.393240 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:39.484891 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:39.587279 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:39.703247 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:39.778643 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 07 12:45:39.894594 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Oct 07 12:45:39.974830 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:40.074677 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:40.204066 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:40.354003 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:40.481325 osdx ca-certificates[418332]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:41.103142 osdx ca-certificates[419336]: 1 added, 0 removed; done.
Oct 07 12:45:41.106889 osdx ca-certificates[419342]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:41.110436 osdx ca-certificates[419344]: done.
Oct 07 12:45:41.133247 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:41.293599 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:41.295225 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:41.324471 osdx dnscrypt-proxy[419403]: dnscrypt-proxy 2.0.45
Oct 07 12:45:41.324539 osdx dnscrypt-proxy[419403]: Network connectivity detected
Oct 07 12:45:41.324747 osdx dnscrypt-proxy[419403]: Dropping privileges
Oct 07 12:45:41.327605 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:41.327655 osdx dnscrypt-proxy[419403]: Network connectivity detected
Oct 07 12:45:41.327689 osdx dnscrypt-proxy[419403]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:41.327695 osdx dnscrypt-proxy[419403]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:41.327770 osdx dnscrypt-proxy[419403]: Firefox workaround initialized
Oct 07 12:45:41.327776 osdx dnscrypt-proxy[419403]: Loading the set of cloaking rules from [/tmp/tmpidy65gyg]
Oct 07 12:45:41.367668 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:41.490307 osdx dnscrypt-proxy[419403]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Oct 07 12:45:41.490325 osdx dnscrypt-proxy[419403]: [RD] OK (DoH) - rtt: 134ms
Oct 07 12:45:41.490335 osdx dnscrypt-proxy[419403]: Server with the lowest initial latency: RD (rtt: 134ms)
Oct 07 12:45:41.490341 osdx dnscrypt-proxy[419403]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:41.531910 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Oct 07 12:45:41.767068 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:45:41.769239 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:41.769300 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:41.778171 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:42.363711 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:42.458989 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:42.485740 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:42.582811 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:42.701711 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:42.840753 osdx dnscrypt-proxy[419403]: Stopped.
Oct 07 12:45:42.840836 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:42.842206 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:42.842349 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:42.927639 osdx ca-certificates[419508]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:43.229678 osdx ca-certificates[420077]: done.
Oct 07 12:45:43.233435 osdx ca-certificates[420087]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:43.759795 osdx ca-certificates[420938]: 140 added, 0 removed; done.
Oct 07 12:45:43.763541 osdx ca-certificates[420944]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:43.767697 osdx ca-certificates[420946]: done.
Oct 07 12:45:43.806233 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:43.809718 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:43.828627 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:45.347227 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:45.444865 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:45.532380 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:45.678097 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:45.758262 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:45.890594 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:45.958075 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 07 12:45:46.073339 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Oct 07 12:45:46.156663 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:46.260240 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:46.320415 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:46.375639 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:46.439865 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:46.534297 osdx ca-certificates[421005]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:47.030291 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Oct 07 12:45:47.107262 osdx ca-certificates[422011]: 1 added, 0 removed; done.
Oct 07 12:45:47.110953 osdx ca-certificates[422017]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:47.114700 osdx ca-certificates[422019]: done.
Oct 07 12:45:47.133274 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:47.293671 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:47.294991 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:47.321420 osdx dnscrypt-proxy[422078]: dnscrypt-proxy 2.0.45
Oct 07 12:45:47.321733 osdx dnscrypt-proxy[422078]: Network connectivity detected
Oct 07 12:45:47.322180 osdx dnscrypt-proxy[422078]: Dropping privileges
Oct 07 12:45:47.325425 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:47.327193 osdx dnscrypt-proxy[422078]: Network connectivity detected
Oct 07 12:45:47.327231 osdx dnscrypt-proxy[422078]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:47.327237 osdx dnscrypt-proxy[422078]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:47.327264 osdx dnscrypt-proxy[422078]: Firefox workaround initialized
Oct 07 12:45:47.327269 osdx dnscrypt-proxy[422078]: Loading the set of cloaking rules from [/tmp/tmptqta016u]
Oct 07 12:45:47.349415 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:47.482142 osdx dnscrypt-proxy[422078]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Oct 07 12:45:47.482168 osdx dnscrypt-proxy[422078]: [RD] OK (DoH) - rtt: 117ms
Oct 07 12:45:47.482179 osdx dnscrypt-proxy[422078]: Server with the lowest initial latency: RD (rtt: 117ms)
Oct 07 12:45:47.482185 osdx dnscrypt-proxy[422078]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:47.515275 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Oct 07 12:45:47.784616 osdx systemd-journald[115269]: Runtime Journal (/run/log/journal/ea320b11e8924984abe0660bdd8d3fcc) is 2.0M, max 15.3M, 13.3M free.
Oct 07 12:45:47.785240 osdx systemd-journald[115269]: Received client request to rotate journal, rotating.
Oct 07 12:45:47.785282 osdx systemd-journald[115269]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ea320b11e8924984abe0660bdd8d3fcc.
Oct 07 12:45:47.796876 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'system journal clear'.
Oct 07 12:45:48.229876 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:48.299365 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'delete'.
Oct 07 12:45:48.509688 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Oct 07 12:45:48.597421 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:48.719698 osdx dnscrypt-proxy[422078]: Stopped.
Oct 07 12:45:48.719783 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Oct 07 12:45:48.721207 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Oct 07 12:45:48.721364 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:48.786458 osdx ca-certificates[422183]: Clearing symlinks in /etc/ssl/certs...
Oct 07 12:45:49.042376 osdx ca-certificates[422752]: done.
Oct 07 12:45:49.045329 osdx ca-certificates[422762]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:49.502289 osdx ca-certificates[423614]: 140 added, 0 removed; done.
Oct 07 12:45:49.505430 osdx ca-certificates[423619]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:49.509158 osdx ca-certificates[423621]: done.
Oct 07 12:45:49.539202 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:49.541528 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:49.559079 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:50.814810 osdx OSDxCLI[267623]: User 'admin' entered the configuration menu.
Oct 07 12:45:50.886886 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Oct 07 12:45:50.984660 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Oct 07 12:45:51.051401 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Oct 07 12:45:51.135962 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Oct 07 12:45:51.195354 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f8bc50bc5ac15ce0f76e30e6a004a073889a788f693866f15b90a61d26d26c4f'.
Oct 07 12:45:51.293652 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Oct 07 12:45:51.353049 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Oct 07 12:45:51.381046 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:51.447513 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Oct 07 12:45:51.516224 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Oct 07 12:45:51.605487 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Oct 07 12:45:51.679811 osdx OSDxCLI[267623]: User 'admin' added a new cfg line: 'show working'.
Oct 07 12:45:51.934125 osdx ca-certificates[423680]: Updating certificates in /etc/ssl/certs...
Oct 07 12:45:52.435838 osdx ca-certificates[424684]: 1 added, 0 removed; done.
Oct 07 12:45:52.439782 osdx ca-certificates[424690]: Running hooks in /etc/ca-certificates/update.d...
Oct 07 12:45:52.442640 osdx ca-certificates[424692]: done.
Oct 07 12:45:52.451634 osdx zebra[1404]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Oct 07 12:45:52.461255 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 07 12:45:52.621549 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Oct 07 12:45:52.623180 osdx cfgd[1439]: [267623]Completed change to active configuration
Oct 07 12:45:52.642429 osdx dnscrypt-proxy[424751]: dnscrypt-proxy 2.0.45
Oct 07 12:45:52.642761 osdx dnscrypt-proxy[424751]: Network connectivity detected
Oct 07 12:45:52.643041 osdx dnscrypt-proxy[424751]: Dropping privileges
Oct 07 12:45:52.645651 osdx dnscrypt-proxy[424751]: Network connectivity detected
Oct 07 12:45:52.645682 osdx dnscrypt-proxy[424751]: Now listening to 127.0.0.1:53 [UDP]
Oct 07 12:45:52.645687 osdx dnscrypt-proxy[424751]: Now listening to 127.0.0.1:53 [TCP]
Oct 07 12:45:52.645708 osdx dnscrypt-proxy[424751]: Firefox workaround initialized
Oct 07 12:45:52.645713 osdx dnscrypt-proxy[424751]: Loading the set of cloaking rules from [/tmp/tmphpwrt5_2]
Oct 07 12:45:52.654981 osdx OSDxCLI[267623]: User 'admin' committed the configuration.
Oct 07 12:45:52.688519 osdx OSDxCLI[267623]: User 'admin' left the configuration menu.
Oct 07 12:45:52.775744 osdx dnscrypt-proxy[424751]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Oct 07 12:45:52.775758 osdx dnscrypt-proxy[424751]: [RD] OK (DoH) - rtt: 104ms
Oct 07 12:45:52.775765 osdx dnscrypt-proxy[424751]: Server with the lowest initial latency: RD (rtt: 104ms)
Oct 07 12:45:52.775769 osdx dnscrypt-proxy[424751]: dnscrypt-proxy is ready - live servers: 1
Oct 07 12:45:52.831210 osdx OSDxCLI[267623]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---