Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199
Show output
Dec 03 13:14:38.421240 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free.
Dec 03 13:14:38.424254 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:14:38.424358 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:14:38.437100 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:14:39.005002 osdx osdx-coredump[85463]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 03 13:14:39.013164 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 03 13:14:39.571424 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:14:39.658084 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:14:39.743798 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:14:39.834968 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:14:39.944221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:14:40.081228 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:14:40.108443 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:14:40.133852 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:14:40.271353 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 03 13:14:40.449103 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:14:40.523684 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:14:40.619341 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:14:40.722197 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:14:40.787210 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:14:40.902796 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:14:40.969928 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 03 13:14:41.072756 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:14:41.198360 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:14:41.274483 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:14:41.406255 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:14:41.520399 osdx ca-certificates[85614]: Updating certificates in /etc/ssl/certs...
Dec 03 13:14:42.134324 osdx ca-certificates[86617]: 1 added, 0 removed; done.
Dec 03 13:14:42.137468 osdx ca-certificates[86624]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:14:42.140436 osdx ca-certificates[86626]: done.
Dec 03 13:14:42.212667 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:14:42.214180 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:14:42.217407 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:14:42.242974 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:14:42.245568 osdx dnscrypt-proxy[86630]: dnscrypt-proxy 2.0.45
Dec 03 13:14:42.245633 osdx dnscrypt-proxy[86630]: Network connectivity detected
Dec 03 13:14:42.246030 osdx dnscrypt-proxy[86630]: Dropping privileges
Dec 03 13:14:42.248435 osdx dnscrypt-proxy[86630]: Network connectivity detected
Dec 03 13:14:42.248469 osdx dnscrypt-proxy[86630]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:14:42.248475 osdx dnscrypt-proxy[86630]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:14:42.248510 osdx dnscrypt-proxy[86630]: Firefox workaround initialized
Dec 03 13:14:42.248516 osdx dnscrypt-proxy[86630]: Loading the set of cloaking rules from [/tmp/tmpw495co8z]
Dec 03 13:14:42.398871 osdx dnscrypt-proxy[86630]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 03 13:14:42.398890 osdx dnscrypt-proxy[86630]: [RD] OK (DoH) - rtt: 118ms
Dec 03 13:14:42.398902 osdx dnscrypt-proxy[86630]: Server with the lowest initial latency: RD (rtt: 118ms)
Dec 03 13:14:42.398908 osdx dnscrypt-proxy[86630]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:14:42.411914 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199
Show output
Dec 03 13:14:50.414405 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:14:50.416355 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:14:50.416440 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:14:50.426286 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:14:50.814273 osdx osdx-coredump[88256]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 03 13:14:50.823318 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 03 13:14:51.310498 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:14:51.388436 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:14:51.498482 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:14:51.583160 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:14:51.700344 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:14:51.810869 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:14:51.840679 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:14:51.861827 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:14:52.017440 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 03 13:14:52.151060 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:14:52.226285 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:14:52.332021 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:14:52.418820 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:14:52.479116 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:14:52.647373 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:14:52.706600 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 03 13:14:52.816319 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:14:52.967487 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:14:53.047039 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:14:53.196547 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:14:53.314259 osdx ca-certificates[88407]: Updating certificates in /etc/ssl/certs...
Dec 03 13:14:53.859542 osdx ca-certificates[89410]: 1 added, 0 removed; done.
Dec 03 13:14:53.862948 osdx ca-certificates[89417]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:14:53.866136 osdx ca-certificates[89419]: done.
Dec 03 13:14:53.928795 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:14:53.930418 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:14:53.933514 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:14:53.963819 osdx dnscrypt-proxy[89423]: dnscrypt-proxy 2.0.45
Dec 03 13:14:53.963927 osdx dnscrypt-proxy[89423]: Network connectivity detected
Dec 03 13:14:53.964207 osdx dnscrypt-proxy[89423]: Dropping privileges
Dec 03 13:14:53.966762 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:14:53.967714 osdx dnscrypt-proxy[89423]: Network connectivity detected
Dec 03 13:14:53.967750 osdx dnscrypt-proxy[89423]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:14:53.967756 osdx dnscrypt-proxy[89423]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:14:53.967784 osdx dnscrypt-proxy[89423]: Firefox workaround initialized
Dec 03 13:14:53.967790 osdx dnscrypt-proxy[89423]: Loading the set of cloaking rules from [/tmp/tmp0xfz7n5y]
Dec 03 13:14:54.185055 osdx dnscrypt-proxy[89423]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 03 13:14:54.185072 osdx dnscrypt-proxy[89423]: [RD] OK (DoH) - rtt: 186ms
Dec 03 13:14:54.185080 osdx dnscrypt-proxy[89423]: Server with the lowest initial latency: RD (rtt: 186ms)
Dec 03 13:14:54.185085 osdx dnscrypt-proxy[89423]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:14:59.154321 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:14:59.342429 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200
Show output
Dec 03 13:14:59.574470 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:14:59.576345 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:14:59.576404 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:14:59.585266 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:14:59.841940 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:14:59.898690 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:15:00.010741 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:15:00.079926 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:00.180301 osdx dnscrypt-proxy[89423]: Stopped.
Dec 03 13:15:00.180371 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:15:00.181292 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:15:00.181421 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:00.305903 osdx ca-certificates[89517]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:15:00.601629 osdx ca-certificates[90086]: done.
Dec 03 13:15:00.605747 osdx ca-certificates[90095]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:01.092096 osdx ca-certificates[90946]: 140 added, 0 removed; done.
Dec 03 13:15:01.095113 osdx ca-certificates[90953]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:01.099063 osdx ca-certificates[90955]: done.
Dec 03 13:15:01.137422 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:01.140954 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:01.157894 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:02.660492 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:02.766839 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:02.870179 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:03.020784 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:03.087825 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:03.201824 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:03.286782 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 03 13:15:03.390005 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:03.515475 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:03.577408 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:03.705480 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:03.792748 osdx ca-certificates[91014]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:04.346850 osdx ca-certificates[92018]: 1 added, 0 removed; done.
Dec 03 13:15:04.350083 osdx ca-certificates[92024]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:04.352911 osdx ca-certificates[92026]: done.
Dec 03 13:15:04.368342 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:04.532650 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:04.533896 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:04.553632 osdx dnscrypt-proxy[92089]: dnscrypt-proxy 2.0.45
Dec 03 13:15:04.553706 osdx dnscrypt-proxy[92089]: Network connectivity detected
Dec 03 13:15:04.553932 osdx dnscrypt-proxy[92089]: Dropping privileges
Dec 03 13:15:04.556242 osdx dnscrypt-proxy[92089]: Network connectivity detected
Dec 03 13:15:04.556272 osdx dnscrypt-proxy[92089]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:04.556277 osdx dnscrypt-proxy[92089]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:04.556302 osdx dnscrypt-proxy[92089]: Firefox workaround initialized
Dec 03 13:15:04.556307 osdx dnscrypt-proxy[92089]: Loading the set of cloaking rules from [/tmp/tmpj8hxzozp]
Dec 03 13:15:04.575307 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:04.613677 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:04.771771 osdx dnscrypt-proxy[92089]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 03 13:15:04.771790 osdx dnscrypt-proxy[92089]: [RD] OK (DoH) - rtt: 192ms
Dec 03 13:15:04.771801 osdx dnscrypt-proxy[92089]: Server with the lowest initial latency: RD (rtt: 192ms)
Dec 03 13:15:04.771812 osdx dnscrypt-proxy[92089]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:15:09.784770 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:15:09.965280 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392
Show output
Dec 03 13:15:10.210126 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:15:10.212341 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:15:10.212432 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:15:10.222015 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:15:10.581758 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:10.680924 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:15:10.760634 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:15:10.876242 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:10.948216 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:15:10.948348 osdx dnscrypt-proxy[92089]: Stopped.
Dec 03 13:15:10.949083 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:15:10.949179 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:11.066240 osdx ca-certificates[92201]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:15:11.360978 osdx ca-certificates[92770]: done.
Dec 03 13:15:11.364475 osdx ca-certificates[92779]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:11.827352 osdx ca-certificates[93630]: 140 added, 0 removed; done.
Dec 03 13:15:11.830655 osdx ca-certificates[93637]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:11.834146 osdx ca-certificates[93639]: done.
Dec 03 13:15:11.872439 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:11.875006 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:11.897512 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:13.253665 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:13.329980 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:13.443347 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:13.514920 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:13.606926 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:13.715558 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:13.781965 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 03 13:15:13.877573 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:13.955820 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:14.047036 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:14.120294 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:14.238894 osdx ca-certificates[93695]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:14.766300 osdx ca-certificates[94698]: 1 added, 0 removed; done.
Dec 03 13:15:14.770203 osdx ca-certificates[94705]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:14.773293 osdx ca-certificates[94707]: done.
Dec 03 13:15:14.788347 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:14.992692 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:14.994244 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:15.030155 osdx dnscrypt-proxy[94770]: dnscrypt-proxy 2.0.45
Dec 03 13:15:15.030247 osdx dnscrypt-proxy[94770]: Network connectivity detected
Dec 03 13:15:15.030458 osdx dnscrypt-proxy[94770]: Dropping privileges
Dec 03 13:15:15.032568 osdx dnscrypt-proxy[94770]: Network connectivity detected
Dec 03 13:15:15.032597 osdx dnscrypt-proxy[94770]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:15.032601 osdx dnscrypt-proxy[94770]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:15.032624 osdx dnscrypt-proxy[94770]: Firefox workaround initialized
Dec 03 13:15:15.032628 osdx dnscrypt-proxy[94770]: Loading the set of cloaking rules from [/tmp/tmps8p7eapk]
Dec 03 13:15:15.037583 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:15.057891 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:15.212399 osdx dnscrypt-proxy[94770]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 03 13:15:15.212420 osdx dnscrypt-proxy[94770]: [RD] OK (DoH) - rtt: 152ms
Dec 03 13:15:15.212431 osdx dnscrypt-proxy[94770]: Server with the lowest initial latency: RD (rtt: 152ms)
Dec 03 13:15:15.212435 osdx dnscrypt-proxy[94770]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:15:20.030472 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Dec 03 13:15:20.207296 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:15:20.427218 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Show output
Dec 03 13:15:27.000399 osdx systemd-timedated[96407]: Changed local time to Tue 2024-12-03 13:15:27 UTC
Dec 03 13:15:27.002193 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'set date 2024-12-03 13:15:27'.
Dec 03 13:15:27.002791 osdx systemd-journald[1835]: Time jumped backwards, rotating.
Dec 03 13:15:27.382478 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:15:27.383120 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:15:27.383164 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:15:27.394066 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:15:27.780278 osdx osdx-coredump[96424]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 03 13:15:27.788367 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 03 13:15:28.287562 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:28.376024 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:28.483996 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:28.554989 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:28.682797 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:28.818084 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:28.856252 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:28.903414 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:29.112097 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 03 13:15:29.348152 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:29.438534 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:29.543956 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:29.657305 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:29.748965 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:29.902022 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:29.974766 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:15:30.100443 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:30.206859 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:30.304634 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:30.399337 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:30.522802 osdx ca-certificates[96575]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:31.132674 osdx ca-certificates[97578]: 1 added, 0 removed; done.
Dec 03 13:15:31.136019 osdx ca-certificates[97585]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:31.140232 osdx ca-certificates[97587]: done.
Dec 03 13:15:31.223153 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:31.225418 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:31.229754 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:31.257820 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:31.258228 osdx dnscrypt-proxy[97591]: dnscrypt-proxy 2.0.45
Dec 03 13:15:31.258298 osdx dnscrypt-proxy[97591]: Network connectivity detected
Dec 03 13:15:31.258528 osdx dnscrypt-proxy[97591]: Dropping privileges
Dec 03 13:15:31.261375 osdx dnscrypt-proxy[97591]: Network connectivity detected
Dec 03 13:15:31.261666 osdx dnscrypt-proxy[97591]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:31.261727 osdx dnscrypt-proxy[97591]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:31.261830 osdx dnscrypt-proxy[97591]: Firefox workaround initialized
Dec 03 13:15:31.261936 osdx dnscrypt-proxy[97591]: Loading the set of cloaking rules from [/tmp/tmp30pcb0lt]
Dec 03 13:15:31.262895 osdx dnscrypt-proxy[97591]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Show output
Dec 03 13:15:40.358238 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free.
Dec 03 13:15:40.358770 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:15:40.358803 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:15:40.369591 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:15:40.811677 osdx osdx-coredump[99215]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 03 13:15:40.819951 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 03 13:15:41.363436 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:41.483366 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:41.556749 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:41.688085 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:41.802482 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:41.928346 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:41.961475 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:42.004484 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:42.180269 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 03 13:15:42.361707 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:42.445679 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:42.561626 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:42.657167 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:42.731033 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:42.847705 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:42.913027 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:15:43.010876 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:43.098862 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:43.201075 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:43.301515 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:43.424795 osdx ca-certificates[99365]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:44.170507 osdx ca-certificates[100369]: 1 added, 0 removed; done.
Dec 03 13:15:44.174682 osdx ca-certificates[100376]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:44.179228 osdx ca-certificates[100378]: done.
Dec 03 13:15:44.278858 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:44.280514 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:44.283632 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:44.308009 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:44.310917 osdx dnscrypt-proxy[100382]: dnscrypt-proxy 2.0.45
Dec 03 13:15:44.310988 osdx dnscrypt-proxy[100382]: Network connectivity detected
Dec 03 13:15:44.311262 osdx dnscrypt-proxy[100382]: Dropping privileges
Dec 03 13:15:44.313809 osdx dnscrypt-proxy[100382]: Network connectivity detected
Dec 03 13:15:44.313854 osdx dnscrypt-proxy[100382]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:44.313861 osdx dnscrypt-proxy[100382]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:44.313891 osdx dnscrypt-proxy[100382]: Firefox workaround initialized
Dec 03 13:15:44.313896 osdx dnscrypt-proxy[100382]: Loading the set of cloaking rules from [/tmp/tmp7ojbpa9x]
Dec 03 13:15:44.314976 osdx dnscrypt-proxy[100382]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Show output
Dec 03 13:15:44.637631 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:15:44.638447 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:15:44.638511 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:15:44.647808 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:15:45.015608 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:45.121931 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:15:45.258358 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:15:45.337530 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:45.452328 osdx dnscrypt-proxy[100382]: Stopped.
Dec 03 13:15:45.452392 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:15:45.453388 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:15:45.453526 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:45.578396 osdx ca-certificates[100468]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:15:45.884706 osdx ca-certificates[101038]: done.
Dec 03 13:15:45.888076 osdx ca-certificates[101047]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:46.368901 osdx ca-certificates[101897]: 140 added, 0 removed; done.
Dec 03 13:15:46.372350 osdx ca-certificates[101904]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:46.375729 osdx ca-certificates[101906]: done.
Dec 03 13:15:46.409159 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:46.412761 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:46.448994 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:47.735058 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:47.821570 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:47.910077 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:48.070680 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:48.133944 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:48.247882 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:48.321962 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 03 13:15:48.417581 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:48.513783 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:48.618127 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:48.713255 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:48.819878 osdx ca-certificates[101962]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:49.414794 osdx ca-certificates[102966]: 1 added, 0 removed; done.
Dec 03 13:15:49.418485 osdx ca-certificates[102972]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:49.422841 osdx ca-certificates[102974]: done.
Dec 03 13:15:49.446467 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:49.675272 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:49.681642 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:49.704132 osdx dnscrypt-proxy[103037]: dnscrypt-proxy 2.0.45
Dec 03 13:15:49.704196 osdx dnscrypt-proxy[103037]: Network connectivity detected
Dec 03 13:15:49.704398 osdx dnscrypt-proxy[103037]: Dropping privileges
Dec 03 13:15:49.707112 osdx dnscrypt-proxy[103037]: Network connectivity detected
Dec 03 13:15:49.707451 osdx dnscrypt-proxy[103037]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:49.707528 osdx dnscrypt-proxy[103037]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:49.707613 osdx dnscrypt-proxy[103037]: Firefox workaround initialized
Dec 03 13:15:49.707662 osdx dnscrypt-proxy[103037]: Loading the set of cloaking rules from [/tmp/tmpn3eqgmpy]
Dec 03 13:15:49.708745 osdx dnscrypt-proxy[103037]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Dec 03 13:15:49.714804 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:49.746349 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:49.853426 osdx dnscrypt-proxy[103037]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 03 13:15:49.853448 osdx dnscrypt-proxy[103037]: [RD] OK (DoH) - rtt: 108ms
Dec 03 13:15:49.853459 osdx dnscrypt-proxy[103037]: Server with the lowest initial latency: RD (rtt: 108ms)
Dec 03 13:15:49.853465 osdx dnscrypt-proxy[103037]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Show output
Dec 03 13:15:50.049636 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:15:50.050452 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:15:50.050488 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:15:50.060511 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:15:50.371927 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:50.439657 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:15:50.569561 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:15:50.649722 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:50.746010 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:15:50.746272 osdx dnscrypt-proxy[103037]: Stopped.
Dec 03 13:15:50.747210 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:15:50.747324 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:50.854729 osdx ca-certificates[103143]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:15:51.176654 osdx ca-certificates[103713]: done.
Dec 03 13:15:51.180655 osdx ca-certificates[103721]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:51.651767 osdx ca-certificates[104572]: 140 added, 0 removed; done.
Dec 03 13:15:51.654934 osdx ca-certificates[104579]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:51.658077 osdx ca-certificates[104581]: done.
Dec 03 13:15:51.688436 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:51.691746 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:51.709079 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:15:52.991188 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:15:53.137837 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:15:53.286280 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:15:53.371139 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:15:53.472873 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:15:53.569875 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:15:53.655779 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:15:53.771800 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 03 13:15:53.846921 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:15:53.975977 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:15:54.050432 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:15:54.178643 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:15:54.269639 osdx ca-certificates[104640]: Updating certificates in /etc/ssl/certs...
Dec 03 13:15:54.818853 osdx ca-certificates[105644]: 1 added, 0 removed; done.
Dec 03 13:15:54.822200 osdx ca-certificates[105650]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:15:54.825851 osdx ca-certificates[105652]: done.
Dec 03 13:15:54.846454 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:15:55.070944 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:15:55.072390 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:15:55.102991 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:15:55.104938 osdx dnscrypt-proxy[105715]: dnscrypt-proxy 2.0.45
Dec 03 13:15:55.105059 osdx dnscrypt-proxy[105715]: Network connectivity detected
Dec 03 13:15:55.105317 osdx dnscrypt-proxy[105715]: Dropping privileges
Dec 03 13:15:55.108319 osdx dnscrypt-proxy[105715]: Network connectivity detected
Dec 03 13:15:55.108356 osdx dnscrypt-proxy[105715]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:15:55.108362 osdx dnscrypt-proxy[105715]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:15:55.108392 osdx dnscrypt-proxy[105715]: Firefox workaround initialized
Dec 03 13:15:55.108400 osdx dnscrypt-proxy[105715]: Loading the set of cloaking rules from [/tmp/tmp_v2yifui]
Dec 03 13:15:55.109998 osdx dnscrypt-proxy[105715]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Dec 03 13:15:55.125039 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199
Show output
Dec 03 13:16:02.336763 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:02.338655 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:02.338731 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:02.347917 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:02.884014 osdx osdx-coredump[107361]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Dec 03 13:16:02.894513 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 03 13:16:03.413213 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:03.502446 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:03.613696 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:03.688930 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:03.822681 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:03.941848 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:03.968323 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:03.995302 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:04.142104 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 03 13:16:04.334588 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:04.408878 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:04.536946 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:04.622948 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:04.764342 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:04.865816 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:04.952424 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:16:05.165720 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 03 13:16:05.266498 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:05.409375 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:05.471788 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:05.636077 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:05.758753 osdx ca-certificates[107515]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:06.533138 osdx ca-certificates[108519]: 1 added, 0 removed; done.
Dec 03 13:16:06.538204 osdx ca-certificates[108522]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:06.543834 osdx ca-certificates[108527]: done.
Dec 03 13:16:06.639198 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:06.641032 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:06.645808 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:06.675212 osdx dnscrypt-proxy[108531]: dnscrypt-proxy 2.0.45
Dec 03 13:16:06.675289 osdx dnscrypt-proxy[108531]: Network connectivity detected
Dec 03 13:16:06.675545 osdx dnscrypt-proxy[108531]: Dropping privileges
Dec 03 13:16:06.679750 osdx dnscrypt-proxy[108531]: Network connectivity detected
Dec 03 13:16:06.680085 osdx dnscrypt-proxy[108531]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:06.680134 osdx dnscrypt-proxy[108531]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:06.680216 osdx dnscrypt-proxy[108531]: Firefox workaround initialized
Dec 03 13:16:06.680256 osdx dnscrypt-proxy[108531]: Loading the set of cloaking rules from [/tmp/tmpawp0fab3]
Dec 03 13:16:06.693497 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:06.922814 osdx dnscrypt-proxy[108531]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 03 13:16:06.922829 osdx dnscrypt-proxy[108531]: [RD] OK (DoH) - rtt: 207ms
Dec 03 13:16:06.922838 osdx dnscrypt-proxy[108531]: Server with the lowest initial latency: RD (rtt: 207ms)
Dec 03 13:16:06.922844 osdx dnscrypt-proxy[108531]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:16:11.894561 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:16:12.073996 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200
Show output
Dec 03 13:16:12.277966 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:12.278653 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:12.278705 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:12.290346 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:12.542191 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:12.607604 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:16:12.753864 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:16:12.833187 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:12.973548 osdx dnscrypt-proxy[108531]: Stopped.
Dec 03 13:16:12.973632 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:16:12.974826 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:16:12.974961 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:13.094059 osdx ca-certificates[108625]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:16:13.398041 osdx ca-certificates[109195]: done.
Dec 03 13:16:13.402047 osdx ca-certificates[109204]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:13.902330 osdx ca-certificates[110055]: 140 added, 0 removed; done.
Dec 03 13:16:13.905578 osdx ca-certificates[110060]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:13.908540 osdx ca-certificates[110063]: done.
Dec 03 13:16:13.944944 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:13.947219 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:13.980792 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:15.499536 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:15.822113 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:15.903072 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:16.037811 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:16.103184 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:16.229503 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:16.298780 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:16:16.417074 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 03 13:16:16.483334 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:16.565568 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:16.644437 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:16.774974 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:16.898838 osdx ca-certificates[110122]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:17.454491 osdx ca-certificates[111125]: 1 added, 0 removed; done.
Dec 03 13:16:17.457672 osdx ca-certificates[111132]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:17.461756 osdx ca-certificates[111134]: done.
Dec 03 13:16:17.478658 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:17.699011 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:17.700549 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:17.722270 osdx dnscrypt-proxy[111197]: dnscrypt-proxy 2.0.45
Dec 03 13:16:17.722341 osdx dnscrypt-proxy[111197]: Network connectivity detected
Dec 03 13:16:17.722625 osdx dnscrypt-proxy[111197]: Dropping privileges
Dec 03 13:16:17.724789 osdx dnscrypt-proxy[111197]: Network connectivity detected
Dec 03 13:16:17.724820 osdx dnscrypt-proxy[111197]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:17.724824 osdx dnscrypt-proxy[111197]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:17.724843 osdx dnscrypt-proxy[111197]: Firefox workaround initialized
Dec 03 13:16:17.724847 osdx dnscrypt-proxy[111197]: Loading the set of cloaking rules from [/tmp/tmpow7goffa]
Dec 03 13:16:17.731252 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:17.750078 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:17.953557 osdx dnscrypt-proxy[111197]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 03 13:16:17.953575 osdx dnscrypt-proxy[111197]: [RD] OK (DoH) - rtt: 204ms
Dec 03 13:16:17.953584 osdx dnscrypt-proxy[111197]: Server with the lowest initial latency: RD (rtt: 204ms)
Dec 03 13:16:17.953590 osdx dnscrypt-proxy[111197]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:16:22.910676 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:16:23.107346 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392
Show output
Dec 03 13:16:23.322088 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:23.322640 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:23.322676 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:23.334969 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:23.692727 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:23.806111 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:16:23.923865 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:16:24.004532 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:24.160835 osdx dnscrypt-proxy[111197]: Stopped.
Dec 03 13:16:24.160892 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:16:24.162299 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:16:24.162429 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:24.295254 osdx ca-certificates[111310]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:16:24.609077 osdx ca-certificates[111880]: done.
Dec 03 13:16:24.613927 osdx ca-certificates[111889]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:25.096147 osdx ca-certificates[112740]: 140 added, 0 removed; done.
Dec 03 13:16:25.100229 osdx ca-certificates[112746]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:25.104303 osdx ca-certificates[112748]: done.
Dec 03 13:16:25.138169 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:25.141883 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:25.160812 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:26.535833 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:26.602016 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:26.716075 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:26.803013 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:26.900250 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:26.961513 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:27.062645 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 03 13:16:27.139557 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 03 13:16:27.221242 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:27.341499 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:27.416689 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:27.532045 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:27.639697 osdx ca-certificates[112807]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:28.207893 osdx ca-certificates[113811]: 1 added, 0 removed; done.
Dec 03 13:16:28.212354 osdx ca-certificates[113817]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:28.216268 osdx ca-certificates[113819]: done.
Dec 03 13:16:28.234653 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:28.411080 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:28.412738 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:28.443561 osdx dnscrypt-proxy[113882]: dnscrypt-proxy 2.0.45
Dec 03 13:16:28.443634 osdx dnscrypt-proxy[113882]: Network connectivity detected
Dec 03 13:16:28.443850 osdx dnscrypt-proxy[113882]: Dropping privileges
Dec 03 13:16:28.445795 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:28.448036 osdx dnscrypt-proxy[113882]: Network connectivity detected
Dec 03 13:16:28.448076 osdx dnscrypt-proxy[113882]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:28.448082 osdx dnscrypt-proxy[113882]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:28.448108 osdx dnscrypt-proxy[113882]: Firefox workaround initialized
Dec 03 13:16:28.448113 osdx dnscrypt-proxy[113882]: Loading the set of cloaking rules from [/tmp/tmp5m33e997]
Dec 03 13:16:28.473791 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:28.641983 osdx dnscrypt-proxy[113882]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 03 13:16:28.641996 osdx dnscrypt-proxy[113882]: [RD] OK (DoH) - rtt: 171ms
Dec 03 13:16:28.642003 osdx dnscrypt-proxy[113882]: Server with the lowest initial latency: RD (rtt: 171ms)
Dec 03 13:16:28.642007 osdx dnscrypt-proxy[113882]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:16:32.031112 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Dec 03 13:16:33.639089 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:16:33.832848 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199
Show output
Dec 03 13:16:34.113345 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:34.114652 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:34.114728 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:34.124221 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:34.472742 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:34.573338 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:16:34.680189 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:16:34.782555 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:34.906115 osdx dnscrypt-proxy[113882]: Stopped.
Dec 03 13:16:34.906195 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:16:34.907276 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:16:34.907404 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:35.037235 osdx ca-certificates[113997]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:16:35.350699 osdx ca-certificates[114566]: done.
Dec 03 13:16:35.354741 osdx ca-certificates[114575]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:35.830820 osdx ca-certificates[115427]: 140 added, 0 removed; done.
Dec 03 13:16:35.834929 osdx ca-certificates[115433]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:35.838232 osdx ca-certificates[115435]: done.
Dec 03 13:16:35.871455 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:35.874648 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:35.893397 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:37.536011 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:37.608437 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:37.784159 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:37.859569 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:37.957907 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:38.043815 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:38.147955 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 03 13:16:38.229572 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 03 13:16:38.371018 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:38.544160 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:38.605991 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:38.741429 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:38.851412 osdx ca-certificates[115494]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:39.443020 osdx ca-certificates[116497]: 1 added, 0 removed; done.
Dec 03 13:16:39.446112 osdx ca-certificates[116504]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:39.450183 osdx ca-certificates[116506]: done.
Dec 03 13:16:39.466659 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:39.663135 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:39.665268 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:39.694122 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:39.695137 osdx dnscrypt-proxy[116569]: dnscrypt-proxy 2.0.45
Dec 03 13:16:39.695194 osdx dnscrypt-proxy[116569]: Network connectivity detected
Dec 03 13:16:39.695387 osdx dnscrypt-proxy[116569]: Dropping privileges
Dec 03 13:16:39.699135 osdx dnscrypt-proxy[116569]: Network connectivity detected
Dec 03 13:16:39.699177 osdx dnscrypt-proxy[116569]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:39.699183 osdx dnscrypt-proxy[116569]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:39.699213 osdx dnscrypt-proxy[116569]: Firefox workaround initialized
Dec 03 13:16:39.699219 osdx dnscrypt-proxy[116569]: Loading the set of cloaking rules from [/tmp/tmpj8tm5x7t]
Dec 03 13:16:39.727845 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:39.868552 osdx dnscrypt-proxy[116569]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 03 13:16:39.868566 osdx dnscrypt-proxy[116569]: [RD] OK (DoH) - rtt: 133ms
Dec 03 13:16:39.868573 osdx dnscrypt-proxy[116569]: Server with the lowest initial latency: RD (rtt: 133ms)
Dec 03 13:16:39.868578 osdx dnscrypt-proxy[116569]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:16:39.909765 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200
Show output
Dec 03 13:16:40.112174 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:40.114643 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:40.114709 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:40.123446 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:40.555811 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:40.679051 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:16:40.813336 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:16:40.915474 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:41.011410 osdx dnscrypt-proxy[116569]: Stopped.
Dec 03 13:16:41.011475 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:16:41.012626 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:16:41.012760 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:41.132410 osdx ca-certificates[116677]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:16:41.440214 osdx ca-certificates[117246]: done.
Dec 03 13:16:41.443603 osdx ca-certificates[117254]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:41.946383 osdx ca-certificates[118108]: 140 added, 0 removed; done.
Dec 03 13:16:41.950076 osdx ca-certificates[118113]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:41.953851 osdx ca-certificates[118115]: done.
Dec 03 13:16:41.990394 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:41.993036 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:42.021363 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:43.399394 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:43.485347 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:43.577226 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:43.698697 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:43.757034 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:43.865380 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:43.942589 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 03 13:16:44.069516 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 03 13:16:44.126231 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:44.261707 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:44.338350 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:44.491867 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:44.596562 osdx ca-certificates[118174]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:45.163179 osdx ca-certificates[119178]: 1 added, 0 removed; done.
Dec 03 13:16:45.166441 osdx ca-certificates[119184]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:45.170246 osdx ca-certificates[119186]: done.
Dec 03 13:16:45.190664 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:45.395095 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:45.396444 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:45.424426 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:45.429045 osdx dnscrypt-proxy[119249]: dnscrypt-proxy 2.0.45
Dec 03 13:16:45.429130 osdx dnscrypt-proxy[119249]: Network connectivity detected
Dec 03 13:16:45.429385 osdx dnscrypt-proxy[119249]: Dropping privileges
Dec 03 13:16:45.432964 osdx dnscrypt-proxy[119249]: Network connectivity detected
Dec 03 13:16:45.433212 osdx dnscrypt-proxy[119249]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:45.433258 osdx dnscrypt-proxy[119249]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:45.433321 osdx dnscrypt-proxy[119249]: Firefox workaround initialized
Dec 03 13:16:45.433358 osdx dnscrypt-proxy[119249]: Loading the set of cloaking rules from [/tmp/tmp3el_4q2i]
Dec 03 13:16:45.444666 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:45.684556 osdx dnscrypt-proxy[119249]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 03 13:16:45.684581 osdx dnscrypt-proxy[119249]: [RD] OK (DoH) - rtt: 228ms
Dec 03 13:16:45.684593 osdx dnscrypt-proxy[119249]: Server with the lowest initial latency: RD (rtt: 228ms)
Dec 03 13:16:45.684600 osdx dnscrypt-proxy[119249]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:16:50.604635 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:16:50.799620 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16
Show output
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392
Show output
Dec 03 13:16:51.021197 osdx systemd-journald[1835]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free.
Dec 03 13:16:51.022686 osdx systemd-journald[1835]: Received client request to rotate journal, rotating.
Dec 03 13:16:51.022764 osdx systemd-journald[1835]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f.
Dec 03 13:16:51.035044 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'system journal clear'.
Dec 03 13:16:51.352651 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:51.435402 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'delete '.
Dec 03 13:16:51.519339 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 03 13:16:51.614890 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:51.701392 osdx dnscrypt-proxy[119249]: Stopped.
Dec 03 13:16:51.701466 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 03 13:16:51.702971 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 03 13:16:51.703097 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:51.832644 osdx ca-certificates[119363]: Clearing symlinks in /etc/ssl/certs...
Dec 03 13:16:52.141330 osdx ca-certificates[119932]: done.
Dec 03 13:16:52.145461 osdx ca-certificates[119942]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:52.622400 osdx ca-certificates[120793]: 140 added, 0 removed; done.
Dec 03 13:16:52.625692 osdx ca-certificates[120799]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:52.629889 osdx ca-certificates[120801]: done.
Dec 03 13:16:52.675364 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:52.677849 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:52.719589 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:54.270102 osdx OSDxCLI[9822]: User 'admin' entered the configuration menu.
Dec 03 13:16:54.336112 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 03 13:16:54.457186 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 03 13:16:54.538036 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 03 13:16:54.647520 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 03 13:16:54.753634 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 20cbb339f943b7564dfff33f0d2ef3d34de1e142130cc6df36ef782f2bd85194'.
Dec 03 13:16:54.812835 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 03 13:16:54.915200 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 03 13:16:54.996435 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 03 13:16:55.139645 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 03 13:16:55.232027 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 03 13:16:55.380885 osdx OSDxCLI[9822]: User 'admin' added a new cfg line: 'show working'.
Dec 03 13:16:55.481165 osdx ca-certificates[120860]: Updating certificates in /etc/ssl/certs...
Dec 03 13:16:56.164098 osdx ca-certificates[121863]: 1 added, 0 removed; done.
Dec 03 13:16:56.167519 osdx ca-certificates[121870]: Running hooks in /etc/ca-certificates/update.d...
Dec 03 13:16:56.171636 osdx ca-certificates[121872]: done.
Dec 03 13:16:56.194661 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 03 13:16:56.411097 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 03 13:16:56.412572 osdx cfgd[1634]: [9822]Completed change to active configuration
Dec 03 13:16:56.435536 osdx dnscrypt-proxy[121935]: dnscrypt-proxy 2.0.45
Dec 03 13:16:56.435614 osdx dnscrypt-proxy[121935]: Network connectivity detected
Dec 03 13:16:56.435859 osdx dnscrypt-proxy[121935]: Dropping privileges
Dec 03 13:16:56.447157 osdx OSDxCLI[9822]: User 'admin' committed the configuration.
Dec 03 13:16:56.447374 osdx dnscrypt-proxy[121935]: Network connectivity detected
Dec 03 13:16:56.447409 osdx dnscrypt-proxy[121935]: Now listening to 127.0.0.1:53 [UDP]
Dec 03 13:16:56.447414 osdx dnscrypt-proxy[121935]: Now listening to 127.0.0.1:53 [TCP]
Dec 03 13:16:56.447475 osdx dnscrypt-proxy[121935]: Firefox workaround initialized
Dec 03 13:16:56.447480 osdx dnscrypt-proxy[121935]: Loading the set of cloaking rules from [/tmp/tmpvpcfb49b]
Dec 03 13:16:56.477895 osdx OSDxCLI[9822]: User 'admin' left the configuration menu.
Dec 03 13:16:56.651747 osdx dnscrypt-proxy[121935]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 03 13:16:56.651760 osdx dnscrypt-proxy[121935]: [RD] OK (DoH) - rtt: 165ms
Dec 03 13:16:56.651767 osdx dnscrypt-proxy[121935]: Server with the lowest initial latency: RD (rtt: 165ms)
Dec 03 13:16:56.651771 osdx dnscrypt-proxy[121935]: dnscrypt-proxy is ready - live servers: 1
Dec 03 13:17:01.666256 osdx OSDxCLI[9822]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 03 13:17:01.887128 osdx OSDxCLI[9822]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.