Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Feb 19 19:22:44.614534 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.1M, max 15.3M, 13.2M free. Feb 19 19:22:44.615886 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:22:44.615967 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:22:44.654293 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:22:45.590745 osdx osdx-coredump[106176]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:22:45.617180 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:22:46.641729 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:22:46.793095 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:22:46.930781 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:22:47.141851 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:22:47.267915 osdx INFO[106200]: FRR daemons did not change Feb 19 19:22:47.311799 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:22:47.548967 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:22:47.602467 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:22:47.668596 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:22:47.918957 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:22:48.288390 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:22:48.520525 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:22:48.726646 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:22:49.030164 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:22:49.280237 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:22:49.460509 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:22:49.646839 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 19 19:22:49.826609 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:22:50.009387 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:22:50.164720 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:22:50.389557 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:22:50.551765 osdx INFO[106323]: FRR daemons did not change Feb 19 19:22:50.590578 osdx ca-certificates[106339]: Updating certificates in /etc/ssl/certs... Feb 19 19:22:52.059639 osdx ca-certificates[107344]: 1 added, 0 removed; done. Feb 19 19:22:52.065902 osdx ca-certificates[107349]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:22:52.072667 osdx ca-certificates[107351]: done. Feb 19 19:22:52.212349 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:22:52.215387 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:22:52.219382 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:22:52.268013 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:22:52.287085 osdx dnscrypt-proxy[107355]: dnscrypt-proxy 2.0.45 Feb 19 19:22:52.287269 osdx dnscrypt-proxy[107355]: Network connectivity detected Feb 19 19:22:52.287930 osdx dnscrypt-proxy[107355]: Dropping privileges Feb 19 19:22:52.299083 osdx dnscrypt-proxy[107355]: Network connectivity detected Feb 19 19:22:52.299132 osdx dnscrypt-proxy[107355]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:22:52.299140 osdx dnscrypt-proxy[107355]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:22:52.299180 osdx dnscrypt-proxy[107355]: Firefox workaround initialized Feb 19 19:22:52.299188 osdx dnscrypt-proxy[107355]: Loading the set of cloaking rules from [/tmp/tmp5si0ket8] Feb 19 19:22:52.551877 osdx dnscrypt-proxy[107355]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 19 19:22:52.551908 osdx dnscrypt-proxy[107355]: [RD] OK (DoH) - rtt: 117ms Feb 19 19:22:52.551920 osdx dnscrypt-proxy[107355]: Server with the lowest initial latency: RD (rtt: 117ms) Feb 19 19:22:52.551929 osdx dnscrypt-proxy[107355]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:22:52.570347 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Feb 19 19:23:06.507606 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:06.511184 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:23:06.511261 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:23:06.527428 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:07.109801 osdx osdx-coredump[108987]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:07.124258 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:08.063057 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:08.340499 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:08.470387 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:08.728522 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:09.009099 osdx INFO[109011]: FRR daemons did not change Feb 19 19:23:09.079760 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:09.419453 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:09.487887 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:09.553598 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:09.826613 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:23:10.378626 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:10.601266 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:23:10.724856 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:23:10.926124 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:23:11.084149 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:23:11.231719 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:23:11.371627 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 19 19:23:11.508614 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:23:11.738330 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:11.889602 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:12.158193 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:12.386484 osdx INFO[109134]: FRR daemons did not change Feb 19 19:23:12.425557 osdx ca-certificates[109149]: Updating certificates in /etc/ssl/certs... Feb 19 19:23:14.094885 osdx ca-certificates[110155]: 1 added, 0 removed; done. Feb 19 19:23:14.103685 osdx ca-certificates[110160]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:23:14.113236 osdx ca-certificates[110162]: done. Feb 19 19:23:14.292833 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:23:14.303457 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:14.312342 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:14.380227 osdx dnscrypt-proxy[110166]: dnscrypt-proxy 2.0.45 Feb 19 19:23:14.380318 osdx dnscrypt-proxy[110166]: Network connectivity detected Feb 19 19:23:14.380672 osdx dnscrypt-proxy[110166]: Dropping privileges Feb 19 19:23:14.393606 osdx dnscrypt-proxy[110166]: Network connectivity detected Feb 19 19:23:14.393996 osdx dnscrypt-proxy[110166]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:23:14.394079 osdx dnscrypt-proxy[110166]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:23:14.394182 osdx dnscrypt-proxy[110166]: Firefox workaround initialized Feb 19 19:23:14.394254 osdx dnscrypt-proxy[110166]: Loading the set of cloaking rules from [/tmp/tmpvk2g4gqy] Feb 19 19:23:14.425451 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:14.559414 osdx dnscrypt-proxy[110166]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 19 19:23:14.559442 osdx dnscrypt-proxy[110166]: [RD] OK (DoH) - rtt: 94ms Feb 19 19:23:14.559460 osdx dnscrypt-proxy[110166]: Server with the lowest initial latency: RD (rtt: 94ms) Feb 19 19:23:14.559469 osdx dnscrypt-proxy[110166]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:23:14.688366 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Feb 19 19:23:15.149396 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:15.151644 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:23:15.151723 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:23:15.200619 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:15.859700 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:16.007268 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:23:16.265696 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:23:16.417559 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:16.620484 osdx dnscrypt-proxy[110166]: Stopped. Feb 19 19:23:16.636417 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:23:16.640090 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:23:16.640272 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:23:17.017457 osdx ca-certificates[110256]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:23:18.204172 osdx ca-certificates[110826]: done. Feb 19 19:23:18.210204 osdx ca-certificates[110835]: Updating certificates in /etc/ssl/certs... Feb 19 19:23:19.924546 osdx ca-certificates[111686]: 140 added, 0 removed; done. Feb 19 19:23:19.932703 osdx ca-certificates[111691]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:23:19.949039 osdx ca-certificates[111695]: done. Feb 19 19:23:20.044048 osdx INFO[111698]: FRR daemons did not change Feb 19 19:23:20.045552 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:20.056212 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:20.156141 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:22.715166 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:22.896494 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:23:23.076127 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:23:23.239552 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:23:23.367135 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:23:23.594379 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:23:23.738109 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 19 19:23:23.887441 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:23:24.127401 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:24.258424 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:24.532546 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:24.758170 osdx INFO[111741]: FRR daemons did not change Feb 19 19:23:24.784841 osdx ca-certificates[111756]: Updating certificates in /etc/ssl/certs... Feb 19 19:23:26.603550 osdx ca-certificates[112759]: 1 added, 0 removed; done. Feb 19 19:23:26.609730 osdx ca-certificates[112767]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:23:26.617705 osdx ca-certificates[112769]: done. Feb 19 19:23:26.667183 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:27.085223 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:23:27.097701 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:27.146824 osdx dnscrypt-proxy[112835]: dnscrypt-proxy 2.0.45 Feb 19 19:23:27.146915 osdx dnscrypt-proxy[112835]: Network connectivity detected Feb 19 19:23:27.147218 osdx dnscrypt-proxy[112835]: Dropping privileges Feb 19 19:23:27.152039 osdx dnscrypt-proxy[112835]: Network connectivity detected Feb 19 19:23:27.152099 osdx dnscrypt-proxy[112835]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:23:27.152107 osdx dnscrypt-proxy[112835]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:23:27.152148 osdx dnscrypt-proxy[112835]: Firefox workaround initialized Feb 19 19:23:27.152157 osdx dnscrypt-proxy[112835]: Loading the set of cloaking rules from [/tmp/tmpgii26zgv] Feb 19 19:23:27.158503 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:27.221326 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:27.369127 osdx dnscrypt-proxy[112835]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 19 19:23:27.369160 osdx dnscrypt-proxy[112835]: [RD] OK (DoH) - rtt: 87ms Feb 19 19:23:27.369178 osdx dnscrypt-proxy[112835]: Server with the lowest initial latency: RD (rtt: 87ms) Feb 19 19:23:27.369188 osdx dnscrypt-proxy[112835]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:23:27.467092 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Feb 19 19:23:27.915328 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:27.919311 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:23:27.919500 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:23:27.948807 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:28.628639 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:28.788735 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:23:28.973996 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:23:29.113031 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:29.260692 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:23:29.267435 osdx dnscrypt-proxy[112835]: Stopped. Feb 19 19:23:29.272232 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:23:29.272408 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:23:29.488260 osdx ca-certificates[112944]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:23:30.229174 osdx ca-certificates[113514]: done. Feb 19 19:23:30.241524 osdx ca-certificates[113522]: Updating certificates in /etc/ssl/certs... Feb 19 19:23:31.542814 osdx ca-certificates[114374]: 140 added, 0 removed; done. Feb 19 19:23:31.553091 osdx ca-certificates[114381]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:23:31.560175 osdx ca-certificates[114383]: done. Feb 19 19:23:31.628615 osdx INFO[114386]: FRR daemons did not change Feb 19 19:23:31.629097 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:31.632633 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:31.679829 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:34.483455 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:34.585058 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:23:34.750563 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:23:34.971487 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:23:35.102954 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:23:35.245959 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:23:35.384312 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 19 19:23:35.491335 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:23:35.723827 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:35.903319 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:36.038071 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Feb 19 19:23:36.096435 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:36.385652 osdx INFO[114430]: FRR daemons did not change Feb 19 19:23:36.452159 osdx ca-certificates[114446]: Updating certificates in /etc/ssl/certs... Feb 19 19:23:38.084838 osdx ca-certificates[115451]: 1 added, 0 removed; done. Feb 19 19:23:38.091048 osdx ca-certificates[115455]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:23:38.097290 osdx ca-certificates[115458]: done. Feb 19 19:23:38.135186 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:38.495813 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:23:38.498134 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:38.542854 osdx dnscrypt-proxy[115524]: dnscrypt-proxy 2.0.45 Feb 19 19:23:38.543026 osdx dnscrypt-proxy[115524]: Network connectivity detected Feb 19 19:23:38.543409 osdx dnscrypt-proxy[115524]: Dropping privileges Feb 19 19:23:38.550224 osdx dnscrypt-proxy[115524]: Network connectivity detected Feb 19 19:23:38.550274 osdx dnscrypt-proxy[115524]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:23:38.550282 osdx dnscrypt-proxy[115524]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:23:38.550324 osdx dnscrypt-proxy[115524]: Firefox workaround initialized Feb 19 19:23:38.550332 osdx dnscrypt-proxy[115524]: Loading the set of cloaking rules from [/tmp/tmpsvc_mx0h] Feb 19 19:23:38.560002 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:38.643244 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:38.705751 osdx dnscrypt-proxy[115524]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:23:38.705786 osdx dnscrypt-proxy[115524]: [RD] OK (DoH) - rtt: 93ms Feb 19 19:23:38.705799 osdx dnscrypt-proxy[115524]: Server with the lowest initial latency: RD (rtt: 93ms) Feb 19 19:23:38.705807 osdx dnscrypt-proxy[115524]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:23:38.966269 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Feb 19 19:23:53.641010 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:53.642008 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:23:53.642078 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:23:53.658267 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:54.289204 osdx osdx-coredump[117177]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:54.318001 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:55.185962 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:55.371974 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:55.482564 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:55.635743 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:55.779429 osdx INFO[117201]: FRR daemons did not change Feb 19 19:23:55.821961 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:56.022083 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:23:56.071836 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:23:56.129249 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:23:56.380679 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:23:56.746851 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:23:56.877911 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:23:57.067161 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:23:57.272113 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:23:57.396773 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:23:57.559122 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:23:57.727138 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:23:57.844465 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:23:58.026909 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:23:58.149150 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:23:58.341954 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:58.525136 osdx INFO[117324]: FRR daemons did not change Feb 19 19:23:58.591017 osdx ca-certificates[117339]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:00.031019 osdx ca-certificates[118343]: 1 added, 0 removed; done. Feb 19 19:24:00.037161 osdx ca-certificates[118346]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:00.049701 osdx ca-certificates[118352]: done. Feb 19 19:24:00.190935 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:00.193672 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:00.200988 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:00.241159 osdx dnscrypt-proxy[118356]: dnscrypt-proxy 2.0.45 Feb 19 19:24:00.241257 osdx dnscrypt-proxy[118356]: Network connectivity detected Feb 19 19:24:00.241654 osdx dnscrypt-proxy[118356]: Dropping privileges Feb 19 19:24:00.247502 osdx dnscrypt-proxy[118356]: Network connectivity detected Feb 19 19:24:00.247565 osdx dnscrypt-proxy[118356]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:24:00.247582 osdx dnscrypt-proxy[118356]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:24:00.247622 osdx dnscrypt-proxy[118356]: Firefox workaround initialized Feb 19 19:24:00.247631 osdx dnscrypt-proxy[118356]: Loading the set of cloaking rules from [/tmp/tmpjwqmt6as] Feb 19 19:24:00.251597 osdx dnscrypt-proxy[118356]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 19 19:24:00.282042 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:00.404024 osdx dnscrypt-proxy[118356]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:24:00.404052 osdx dnscrypt-proxy[118356]: [RD] OK (DoH) - rtt: 75ms Feb 19 19:24:00.404064 osdx dnscrypt-proxy[118356]: Server with the lowest initial latency: RD (rtt: 75ms) Feb 19 19:24:00.404072 osdx dnscrypt-proxy[118356]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Feb 19 19:24:16.515360 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:24:16.518803 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:24:16.518903 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:24:16.534676 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:17.349363 osdx osdx-coredump[119985]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:24:17.379121 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:24:18.570626 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:18.779343 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:24:18.899012 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:24:19.050311 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:19.172847 osdx INFO[120009]: FRR daemons did not change Feb 19 19:24:19.202588 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:19.398157 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:19.453086 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:19.554122 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:19.761780 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:24:20.123527 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:20.268637 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:24:20.411453 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:24:20.598835 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:24:20.734750 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:24:20.917547 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:24:21.120822 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:24:21.303578 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:24:21.584534 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:24:21.692158 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:24:21.838361 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:22.039820 osdx INFO[120132]: FRR daemons did not change Feb 19 19:24:22.084829 osdx ca-certificates[120149]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:23.481770 osdx ca-certificates[121152]: 1 added, 0 removed; done. Feb 19 19:24:23.494512 osdx ca-certificates[121158]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:23.510249 osdx ca-certificates[121160]: done. Feb 19 19:24:23.625593 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:23.630806 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:23.643319 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:23.715191 osdx dnscrypt-proxy[121164]: dnscrypt-proxy 2.0.45 Feb 19 19:24:23.715942 osdx dnscrypt-proxy[121164]: Network connectivity detected Feb 19 19:24:23.716749 osdx dnscrypt-proxy[121164]: Dropping privileges Feb 19 19:24:23.724760 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:23.726198 osdx dnscrypt-proxy[121164]: Network connectivity detected Feb 19 19:24:23.726248 osdx dnscrypt-proxy[121164]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:24:23.726256 osdx dnscrypt-proxy[121164]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:24:23.726298 osdx dnscrypt-proxy[121164]: Firefox workaround initialized Feb 19 19:24:23.726306 osdx dnscrypt-proxy[121164]: Loading the set of cloaking rules from [/tmp/tmp2hev67h7] Feb 19 19:24:23.731423 osdx dnscrypt-proxy[121164]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 19 19:24:23.923860 osdx dnscrypt-proxy[121164]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:24:23.923895 osdx dnscrypt-proxy[121164]: [RD] OK (DoH) - rtt: 57ms Feb 19 19:24:23.923908 osdx dnscrypt-proxy[121164]: Server with the lowest initial latency: RD (rtt: 57ms) Feb 19 19:24:23.923916 osdx dnscrypt-proxy[121164]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Feb 19 19:24:24.323087 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:24:24.332256 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:24:24.332376 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:24:24.359894 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:24.997169 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:25.166999 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:24:25.352487 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:24:25.482119 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:25.624320 osdx dnscrypt-proxy[121164]: Stopped. Feb 19 19:24:25.624682 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:24:25.626923 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:24:25.627252 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:25.821450 osdx ca-certificates[121250]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:24:26.465299 osdx ca-certificates[121820]: done. Feb 19 19:24:26.471947 osdx ca-certificates[121828]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:27.992419 osdx ca-certificates[122681]: 140 added, 0 removed; done. Feb 19 19:24:27.999297 osdx ca-certificates[122686]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:28.005816 osdx ca-certificates[122688]: done. Feb 19 19:24:28.070681 osdx INFO[122691]: FRR daemons did not change Feb 19 19:24:28.071616 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:28.079627 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:28.117329 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:30.599085 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:30.771313 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:24:30.962862 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:24:31.187023 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:24:31.323377 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:24:31.489423 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:24:31.645874 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 19 19:24:31.782476 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:24:31.965235 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:24:32.079059 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:24:32.348504 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:32.577004 osdx INFO[122733]: FRR daemons did not change Feb 19 19:24:32.606510 osdx ca-certificates[122748]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:33.815143 osdx ca-certificates[123754]: 1 added, 0 removed; done. Feb 19 19:24:33.823841 osdx ca-certificates[123759]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:33.829876 osdx ca-certificates[123761]: done. Feb 19 19:24:33.882582 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:34.263791 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:34.266328 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:34.344867 osdx dnscrypt-proxy[123827]: dnscrypt-proxy 2.0.45 Feb 19 19:24:34.344956 osdx dnscrypt-proxy[123827]: Network connectivity detected Feb 19 19:24:34.345812 osdx dnscrypt-proxy[123827]: Dropping privileges Feb 19 19:24:34.351192 osdx dnscrypt-proxy[123827]: Network connectivity detected Feb 19 19:24:34.351242 osdx dnscrypt-proxy[123827]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:24:34.351249 osdx dnscrypt-proxy[123827]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:24:34.351319 osdx dnscrypt-proxy[123827]: Firefox workaround initialized Feb 19 19:24:34.351328 osdx dnscrypt-proxy[123827]: Loading the set of cloaking rules from [/tmp/tmp_iiyclq9] Feb 19 19:24:34.361637 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:34.367368 osdx dnscrypt-proxy[123827]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 19 19:24:34.457646 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:34.561680 osdx dnscrypt-proxy[123827]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:24:34.561707 osdx dnscrypt-proxy[123827]: [RD] OK (DoH) - rtt: 69ms Feb 19 19:24:34.561720 osdx dnscrypt-proxy[123827]: Server with the lowest initial latency: RD (rtt: 69ms) Feb 19 19:24:34.561729 osdx dnscrypt-proxy[123827]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Feb 19 19:24:35.092140 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:24:35.098755 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:24:35.099064 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:24:35.130124 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:35.850914 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:36.009184 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:24:36.220427 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:24:36.478031 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:36.642865 osdx dnscrypt-proxy[123827]: Stopped. Feb 19 19:24:36.643591 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:24:36.647761 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:24:36.647944 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:36.853867 osdx ca-certificates[123933]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:24:37.489916 osdx ca-certificates[124502]: done. Feb 19 19:24:37.497446 osdx ca-certificates[124510]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:38.478149 osdx ca-certificates[125362]: 140 added, 0 removed; done. Feb 19 19:24:38.482915 osdx ca-certificates[125369]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:38.487803 osdx ca-certificates[125371]: done. Feb 19 19:24:38.552884 osdx INFO[125374]: FRR daemons did not change Feb 19 19:24:38.553562 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:38.558537 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:38.616137 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:41.193058 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:24:41.391945 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:24:41.590240 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:24:41.832484 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:24:42.016711 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:24:42.268956 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:24:42.478791 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:24:42.660876 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 19 19:24:42.779761 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:24:43.058409 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:24:43.202446 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:24:43.518352 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:43.719520 osdx INFO[125419]: FRR daemons did not change Feb 19 19:24:43.762181 osdx ca-certificates[125435]: Updating certificates in /etc/ssl/certs... Feb 19 19:24:45.363934 osdx ca-certificates[126437]: 1 added, 0 removed; done. Feb 19 19:24:45.371078 osdx ca-certificates[126441]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:24:45.379431 osdx ca-certificates[126447]: done. Feb 19 19:24:45.441419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:45.942828 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:24:45.949217 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:24:46.013508 osdx dnscrypt-proxy[126513]: dnscrypt-proxy 2.0.45 Feb 19 19:24:46.014013 osdx dnscrypt-proxy[126513]: Network connectivity detected Feb 19 19:24:46.018628 osdx dnscrypt-proxy[126513]: Dropping privileges Feb 19 19:24:46.026031 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:24:46.036906 osdx dnscrypt-proxy[126513]: Network connectivity detected Feb 19 19:24:46.036971 osdx dnscrypt-proxy[126513]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:24:46.036980 osdx dnscrypt-proxy[126513]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:24:46.037021 osdx dnscrypt-proxy[126513]: Firefox workaround initialized Feb 19 19:24:46.037030 osdx dnscrypt-proxy[126513]: Loading the set of cloaking rules from [/tmp/tmpg5jl60vy] Feb 19 19:24:46.044358 osdx dnscrypt-proxy[126513]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Feb 19 19:24:46.053134 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Feb 19 19:24:46.097603 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:24:46.220775 osdx dnscrypt-proxy[126513]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:24:46.220804 osdx dnscrypt-proxy[126513]: [RD] OK (DoH) - rtt: 77ms Feb 19 19:24:46.220823 osdx dnscrypt-proxy[126513]: Server with the lowest initial latency: RD (rtt: 77ms) Feb 19 19:24:46.220831 osdx dnscrypt-proxy[126513]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Feb 19 19:25:02.663454 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:02.667235 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:02.667344 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:02.691163 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:03.560277 osdx osdx-coredump[128168]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:03.579723 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:04.623142 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:04.804730 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:04.900376 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:05.124317 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:05.314763 osdx INFO[128192]: FRR daemons did not change Feb 19 19:25:05.391308 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:05.735239 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:05.785583 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:05.849773 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:06.116610 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:25:06.387439 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:06.519926 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:25:06.675990 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:25:06.872011 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:25:07.052755 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:25:07.204149 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:25:07.343996 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:25:07.524708 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 19 19:25:07.714331 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:25:07.886285 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:08.030020 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:08.212716 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:08.402960 osdx INFO[128318]: FRR daemons did not change Feb 19 19:25:08.438102 osdx ca-certificates[128333]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:09.783931 osdx ca-certificates[129336]: 1 added, 0 removed; done. Feb 19 19:25:09.789683 osdx ca-certificates[129344]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:09.802396 osdx ca-certificates[129346]: done. Feb 19 19:25:09.936213 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:09.939570 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:09.951209 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:09.988549 osdx dnscrypt-proxy[129350]: dnscrypt-proxy 2.0.45 Feb 19 19:25:09.988637 osdx dnscrypt-proxy[129350]: Network connectivity detected Feb 19 19:25:09.988955 osdx dnscrypt-proxy[129350]: Dropping privileges Feb 19 19:25:10.005481 osdx dnscrypt-proxy[129350]: Network connectivity detected Feb 19 19:25:10.005546 osdx dnscrypt-proxy[129350]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:25:10.005554 osdx dnscrypt-proxy[129350]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:25:10.005600 osdx dnscrypt-proxy[129350]: Firefox workaround initialized Feb 19 19:25:10.005608 osdx dnscrypt-proxy[129350]: Loading the set of cloaking rules from [/tmp/tmpgxoho9a9] Feb 19 19:25:10.024335 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:10.166313 osdx dnscrypt-proxy[129350]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 19 19:25:10.166347 osdx dnscrypt-proxy[129350]: [RD] OK (DoH) - rtt: 54ms Feb 19 19:25:10.166368 osdx dnscrypt-proxy[129350]: Server with the lowest initial latency: RD (rtt: 54ms) Feb 19 19:25:10.166376 osdx dnscrypt-proxy[129350]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:25:10.339335 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Feb 19 19:25:10.735017 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:10.735895 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:10.736017 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:10.754853 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:11.463526 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:11.639799 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:25:11.928840 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:25:12.156196 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:12.336656 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:25:12.338952 osdx dnscrypt-proxy[129350]: Stopped. Feb 19 19:25:12.350589 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:25:12.351241 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:12.588565 osdx ca-certificates[129442]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:25:13.397680 osdx ca-certificates[130011]: done. Feb 19 19:25:13.405538 osdx ca-certificates[130020]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:14.778258 osdx ca-certificates[130873]: 140 added, 0 removed; done. Feb 19 19:25:14.787182 osdx ca-certificates[130876]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:14.808062 osdx ca-certificates[130880]: done. Feb 19 19:25:14.894024 osdx INFO[130883]: FRR daemons did not change Feb 19 19:25:14.895683 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:14.901212 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:14.999652 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:17.651628 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:17.846846 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:25:18.046824 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:25:18.278833 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:25:18.422864 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:25:18.572944 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:25:18.758840 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:25:18.936611 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 19 19:25:19.101740 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:25:19.259375 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:19.416186 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:19.676627 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:19.886601 osdx INFO[130928]: FRR daemons did not change Feb 19 19:25:19.914554 osdx ca-certificates[130943]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:21.140975 osdx ca-certificates[131948]: 1 added, 0 removed; done. Feb 19 19:25:21.147586 osdx ca-certificates[131954]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:21.156848 osdx ca-certificates[131956]: done. Feb 19 19:25:21.211253 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:21.671565 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:21.680395 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:21.721648 osdx dnscrypt-proxy[132022]: dnscrypt-proxy 2.0.45 Feb 19 19:25:21.721746 osdx dnscrypt-proxy[132022]: Network connectivity detected Feb 19 19:25:21.722104 osdx dnscrypt-proxy[132022]: Dropping privileges Feb 19 19:25:21.747124 osdx dnscrypt-proxy[132022]: Network connectivity detected Feb 19 19:25:21.747176 osdx dnscrypt-proxy[132022]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:25:21.747185 osdx dnscrypt-proxy[132022]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:25:21.747322 osdx dnscrypt-proxy[132022]: Firefox workaround initialized Feb 19 19:25:21.747338 osdx dnscrypt-proxy[132022]: Loading the set of cloaking rules from [/tmp/tmpnayhzeue] Feb 19 19:25:21.758116 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:21.814924 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:21.887006 osdx dnscrypt-proxy[132022]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 19 19:25:21.887038 osdx dnscrypt-proxy[132022]: [RD] OK (DoH) - rtt: 52ms Feb 19 19:25:21.887051 osdx dnscrypt-proxy[132022]: Server with the lowest initial latency: RD (rtt: 52ms) Feb 19 19:25:21.887059 osdx dnscrypt-proxy[132022]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:25:22.069198 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Feb 19 19:25:22.485099 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:25:22.487354 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:22.487445 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:22.502231 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:23.134103 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:23.266049 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:25:23.430475 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:25:23.542857 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:23.682302 osdx dnscrypt-proxy[132022]: Stopped. Feb 19 19:25:23.682433 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:25:23.684447 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:25:23.684769 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:23.851986 osdx ca-certificates[132130]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:25:24.681170 osdx ca-certificates[132699]: done. Feb 19 19:25:24.686983 osdx ca-certificates[132707]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:25.731871 osdx ca-certificates[133559]: 140 added, 0 removed; done. Feb 19 19:25:25.738764 osdx ca-certificates[133562]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:25.744878 osdx ca-certificates[133567]: done. Feb 19 19:25:25.802723 osdx INFO[133571]: FRR daemons did not change Feb 19 19:25:25.803883 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:25.808070 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:25.851052 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:27.963481 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:28.083043 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:25:28.239930 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:25:28.391089 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:25:28.540375 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:25:28.706842 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:25:28.877816 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Feb 19 19:25:29.018779 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 19 19:25:29.172193 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:25:29.394105 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:29.533321 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:29.705529 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:29.878668 osdx INFO[133616]: FRR daemons did not change Feb 19 19:25:29.910371 osdx ca-certificates[133631]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:31.321648 osdx ca-certificates[134634]: 1 added, 0 removed; done. Feb 19 19:25:31.332791 osdx ca-certificates[134642]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:31.338806 osdx ca-certificates[134644]: done. Feb 19 19:25:31.386707 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:31.769282 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:31.786119 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:31.842285 osdx dnscrypt-proxy[134710]: dnscrypt-proxy 2.0.45 Feb 19 19:25:31.842384 osdx dnscrypt-proxy[134710]: Network connectivity detected Feb 19 19:25:31.842694 osdx dnscrypt-proxy[134710]: Dropping privileges Feb 19 19:25:31.858190 osdx dnscrypt-proxy[134710]: Network connectivity detected Feb 19 19:25:31.858235 osdx dnscrypt-proxy[134710]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:25:31.858242 osdx dnscrypt-proxy[134710]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:25:31.858274 osdx dnscrypt-proxy[134710]: Firefox workaround initialized Feb 19 19:25:31.858280 osdx dnscrypt-proxy[134710]: Loading the set of cloaking rules from [/tmp/tmpcow6vg5y] Feb 19 19:25:31.898261 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:32.007862 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:32.036772 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Feb 19 19:25:32.046053 osdx dnscrypt-proxy[134710]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:25:32.046092 osdx dnscrypt-proxy[134710]: [RD] OK (DoH) - rtt: 89ms Feb 19 19:25:32.046105 osdx dnscrypt-proxy[134710]: Server with the lowest initial latency: RD (rtt: 89ms) Feb 19 19:25:32.046113 osdx dnscrypt-proxy[134710]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:25:32.255230 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Feb 19 19:25:32.746611 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:32.749039 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:32.749114 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:32.810953 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:33.530853 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:33.704045 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:25:33.921812 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:25:34.168530 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:34.386006 osdx dnscrypt-proxy[134710]: Stopped. Feb 19 19:25:34.386192 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:25:34.387889 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:25:34.388152 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:34.666152 osdx ca-certificates[134821]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:25:35.438211 osdx ca-certificates[135391]: done. Feb 19 19:25:35.446197 osdx ca-certificates[135399]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:36.451467 osdx ca-certificates[136251]: 140 added, 0 removed; done. Feb 19 19:25:36.457475 osdx ca-certificates[136258]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:36.462900 osdx ca-certificates[136260]: done. Feb 19 19:25:36.517296 osdx INFO[136263]: FRR daemons did not change Feb 19 19:25:36.518219 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:36.545161 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:36.604739 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:39.063703 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:39.214648 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:25:39.396765 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:25:39.590671 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:25:39.810192 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:25:40.035771 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:25:40.224422 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 19 19:25:40.348290 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Feb 19 19:25:40.517591 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:25:40.745119 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:40.866114 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:41.056344 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:41.209495 osdx INFO[136308]: FRR daemons did not change Feb 19 19:25:41.246200 osdx ca-certificates[136323]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:42.922090 osdx ca-certificates[137328]: 1 added, 0 removed; done. Feb 19 19:25:42.925979 osdx ca-certificates[137333]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:42.934217 osdx ca-certificates[137336]: done. Feb 19 19:25:42.991225 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:43.389123 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:43.396255 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:43.452630 osdx dnscrypt-proxy[137402]: dnscrypt-proxy 2.0.45 Feb 19 19:25:43.452730 osdx dnscrypt-proxy[137402]: Network connectivity detected Feb 19 19:25:43.453099 osdx dnscrypt-proxy[137402]: Dropping privileges Feb 19 19:25:43.472849 osdx dnscrypt-proxy[137402]: Network connectivity detected Feb 19 19:25:43.472905 osdx dnscrypt-proxy[137402]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:25:43.472914 osdx dnscrypt-proxy[137402]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:25:43.472953 osdx dnscrypt-proxy[137402]: Firefox workaround initialized Feb 19 19:25:43.472961 osdx dnscrypt-proxy[137402]: Loading the set of cloaking rules from [/tmp/tmpjij51wuc] Feb 19 19:25:43.542320 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:43.698673 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:43.702508 osdx dnscrypt-proxy[137402]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Feb 19 19:25:43.702533 osdx dnscrypt-proxy[137402]: [RD] OK (DoH) - rtt: 79ms Feb 19 19:25:43.702546 osdx dnscrypt-proxy[137402]: Server with the lowest initial latency: RD (rtt: 79ms) Feb 19 19:25:43.702554 osdx dnscrypt-proxy[137402]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:25:44.329160 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Feb 19 19:25:44.897323 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:44.899225 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:44.899303 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:44.931533 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:45.610878 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:45.724925 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:25:45.892381 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:25:46.078730 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:46.293159 osdx dnscrypt-proxy[137402]: Stopped. Feb 19 19:25:46.293600 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:25:46.300101 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:25:46.300284 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:46.529456 osdx ca-certificates[137509]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:25:47.229286 osdx ca-certificates[138080]: done. Feb 19 19:25:47.234864 osdx ca-certificates[138090]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:48.242115 osdx ca-certificates[138940]: 140 added, 0 removed; done. Feb 19 19:25:48.250101 osdx ca-certificates[138944]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:48.254014 osdx ca-certificates[138949]: done. Feb 19 19:25:48.312737 osdx INFO[138952]: FRR daemons did not change Feb 19 19:25:48.313738 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:48.333141 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:48.412197 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:50.809177 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:50.958476 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:25:51.113794 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:25:51.307191 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:25:51.490872 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:25:51.657546 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:25:51.825831 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 19 19:25:51.963574 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Feb 19 19:25:52.137153 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:25:52.325233 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:25:52.492379 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:25:52.733699 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:52.942222 osdx INFO[138997]: FRR daemons did not change Feb 19 19:25:53.001126 osdx ca-certificates[139015]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:54.645515 osdx ca-certificates[140021]: 1 added, 0 removed; done. Feb 19 19:25:54.652164 osdx ca-certificates[140023]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:54.657867 osdx ca-certificates[140025]: done. Feb 19 19:25:54.699410 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:55.036572 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:55.045708 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:55.103099 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:55.153199 osdx dnscrypt-proxy[140091]: dnscrypt-proxy 2.0.45 Feb 19 19:25:55.153644 osdx dnscrypt-proxy[140091]: Network connectivity detected Feb 19 19:25:55.157492 osdx dnscrypt-proxy[140091]: Dropping privileges Feb 19 19:25:55.177436 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:25:55.179703 osdx dnscrypt-proxy[140091]: Network connectivity detected Feb 19 19:25:55.179762 osdx dnscrypt-proxy[140091]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:25:55.179771 osdx dnscrypt-proxy[140091]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:25:55.179813 osdx dnscrypt-proxy[140091]: Firefox workaround initialized Feb 19 19:25:55.179820 osdx dnscrypt-proxy[140091]: Loading the set of cloaking rules from [/tmp/tmpcf9soud_] Feb 19 19:25:55.397864 osdx dnscrypt-proxy[140091]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Feb 19 19:25:55.397891 osdx dnscrypt-proxy[140091]: [RD] OK (DoH) - rtt: 80ms Feb 19 19:25:55.397910 osdx dnscrypt-proxy[140091]: Server with the lowest initial latency: RD (rtt: 80ms) Feb 19 19:25:55.397920 osdx dnscrypt-proxy[140091]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:25:55.478090 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Feb 19 19:25:55.984861 osdx systemd-journald[1656]: Runtime Journal (/run/log/journal/9e929e613f1a4f1290b0c92170d5d508) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:55.987218 osdx systemd-journald[1656]: Received client request to rotate journal, rotating. Feb 19 19:25:55.987298 osdx systemd-journald[1656]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e929e613f1a4f1290b0c92170d5d508. Feb 19 19:25:56.016001 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:56.680621 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:25:56.869525 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'delete '. Feb 19 19:25:57.075764 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Feb 19 19:25:57.203638 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:57.333839 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Feb 19 19:25:57.334077 osdx dnscrypt-proxy[140091]: Stopped. Feb 19 19:25:57.335871 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Feb 19 19:25:57.336051 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:25:57.541614 osdx ca-certificates[140201]: Clearing symlinks in /etc/ssl/certs... Feb 19 19:25:58.136061 osdx ca-certificates[140770]: done. Feb 19 19:25:58.141035 osdx ca-certificates[140780]: Updating certificates in /etc/ssl/certs... Feb 19 19:25:58.953571 osdx ca-certificates[141632]: 140 added, 0 removed; done. Feb 19 19:25:58.959849 osdx ca-certificates[141637]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:25:58.966150 osdx ca-certificates[141639]: done. Feb 19 19:25:59.089261 osdx INFO[141642]: FRR daemons did not change Feb 19 19:25:59.091814 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:25:59.097271 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:25:59.159113 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:26:01.594851 osdx OSDxCLI[2457]: User 'admin' entered the configuration menu. Feb 19 19:26:01.867408 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Feb 19 19:26:02.000362 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Feb 19 19:26:02.184033 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Feb 19 19:26:02.310838 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Feb 19 19:26:02.573014 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'. Feb 19 19:26:02.741863 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Feb 19 19:26:02.892632 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Feb 19 19:26:03.005318 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Feb 19 19:26:03.192799 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Feb 19 19:26:03.313997 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Feb 19 19:26:03.566287 osdx OSDxCLI[2457]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:26:03.788065 osdx INFO[141691]: FRR daemons did not change Feb 19 19:26:03.827059 osdx ca-certificates[141707]: Updating certificates in /etc/ssl/certs... Feb 19 19:26:05.518335 osdx ca-certificates[142710]: 1 added, 0 removed; done. Feb 19 19:26:05.525477 osdx ca-certificates[142714]: Running hooks in /etc/ca-certificates/update.d... Feb 19 19:26:05.533999 osdx ca-certificates[142719]: done. Feb 19 19:26:05.571261 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:26:05.913800 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Feb 19 19:26:05.930192 osdx cfgd[1455]: [2457]Completed change to active configuration Feb 19 19:26:05.991890 osdx dnscrypt-proxy[142785]: dnscrypt-proxy 2.0.45 Feb 19 19:26:05.993060 osdx dnscrypt-proxy[142785]: Network connectivity detected Feb 19 19:26:05.993548 osdx dnscrypt-proxy[142785]: Dropping privileges Feb 19 19:26:05.999393 osdx dnscrypt-proxy[142785]: Network connectivity detected Feb 19 19:26:05.999441 osdx dnscrypt-proxy[142785]: Now listening to 127.0.0.1:53 [UDP] Feb 19 19:26:05.999449 osdx dnscrypt-proxy[142785]: Now listening to 127.0.0.1:53 [TCP] Feb 19 19:26:05.999493 osdx dnscrypt-proxy[142785]: Firefox workaround initialized Feb 19 19:26:05.999501 osdx dnscrypt-proxy[142785]: Loading the set of cloaking rules from [/tmp/tmpfgvmdung] Feb 19 19:26:06.021284 osdx OSDxCLI[2457]: User 'admin' committed the configuration. Feb 19 19:26:06.056152 osdx OSDxCLI[2457]: User 'admin' left the configuration menu. Feb 19 19:26:06.145042 osdx dnscrypt-proxy[142785]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Feb 19 19:26:06.145072 osdx dnscrypt-proxy[142785]: [RD] OK (DoH) - rtt: 83ms Feb 19 19:26:06.145088 osdx dnscrypt-proxy[142785]: Server with the lowest initial latency: RD (rtt: 83ms) Feb 19 19:26:06.145096 osdx dnscrypt-proxy[142785]: dnscrypt-proxy is ready - live servers: 1 Feb 19 19:26:06.320628 osdx OSDxCLI[2457]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.