Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 18 12:47:48.386608 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.2M free.
Mar 18 12:47:48.387174 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:47:48.387221 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:47:48.400044 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:47:48.822824 osdx osdx-coredump[160911]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:47:48.832939 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:47:49.440081 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:47:49.580409 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:47:49.654838 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:47:49.761565 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:47:49.854835 osdx INFO[160935]: FRR daemons did not change
Mar 18 12:47:49.879008 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:47:50.025720 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:47:50.061644 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:47:50.088208 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:47:50.264227 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:47:50.522856 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:47:50.615326 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:47:50.705063 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:47:50.832397 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:47:50.919439 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:47:51.011862 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:47:51.098393 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 18 12:47:51.183726 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:47:51.291376 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:47:51.364126 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:47:51.507269 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:47:51.606757 osdx INFO[161058]: FRR daemons did not change
Mar 18 12:47:51.623980 osdx ca-certificates[161074]: Updating certificates in /etc/ssl/certs...
Mar 18 12:47:52.338102 osdx ca-certificates[162077]: 1 added, 0 removed; done.
Mar 18 12:47:52.342383 osdx ca-certificates[162084]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:47:52.346345 osdx ca-certificates[162086]: done.
Mar 18 12:47:52.447441 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:47:52.449081 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:47:52.452311 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:47:52.490923 osdx dnscrypt-proxy[162090]: dnscrypt-proxy 2.0.45
Mar 18 12:47:52.491008 osdx dnscrypt-proxy[162090]: Network connectivity detected
Mar 18 12:47:52.491238 osdx dnscrypt-proxy[162090]: Dropping privileges
Mar 18 12:47:52.494220 osdx dnscrypt-proxy[162090]: Network connectivity detected
Mar 18 12:47:52.494286 osdx dnscrypt-proxy[162090]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:47:52.494294 osdx dnscrypt-proxy[162090]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:47:52.494326 osdx dnscrypt-proxy[162090]: Firefox workaround initialized
Mar 18 12:47:52.494332 osdx dnscrypt-proxy[162090]: Loading the set of cloaking rules from [/tmp/tmpijzjps7l]
Mar 18 12:47:52.509311 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:47:52.671603 osdx dnscrypt-proxy[162090]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 18 12:47:52.671632 osdx dnscrypt-proxy[162090]: [RD] OK (DoH) - rtt: 136ms
Mar 18 12:47:52.671646 osdx dnscrypt-proxy[162090]: Server with the lowest initial latency: RD (rtt: 136ms)
Mar 18 12:47:52.671653 osdx dnscrypt-proxy[162090]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:47:52.693692 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 18 12:48:01.402751 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:48:01.406523 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:01.406599 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:01.416709 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:01.840578 osdx osdx-coredump[163723]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:48:01.850935 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:48:02.492983 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:02.634746 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:02.710596 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:02.815213 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:02.912572 osdx INFO[163747]: FRR daemons did not change
Mar 18 12:48:02.938546 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:03.074618 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:03.110392 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:03.137289 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:03.315669 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:48:03.496078 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:03.590110 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:03.714909 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:03.816984 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:03.899836 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:04.062832 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:04.150177 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 18 12:48:04.236660 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:04.344905 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:04.418916 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:04.562820 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:04.665341 osdx INFO[163870]: FRR daemons did not change
Mar 18 12:48:04.683116 osdx ca-certificates[163886]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:05.394645 osdx ca-certificates[164890]: 1 added, 0 removed; done.
Mar 18 12:48:05.398572 osdx ca-certificates[164896]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:05.402695 osdx ca-certificates[164898]: done.
Mar 18 12:48:05.495042 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:05.496757 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:05.500268 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:05.526320 osdx dnscrypt-proxy[164902]: dnscrypt-proxy 2.0.45
Mar 18 12:48:05.526394 osdx dnscrypt-proxy[164902]: Network connectivity detected
Mar 18 12:48:05.526645 osdx dnscrypt-proxy[164902]: Dropping privileges
Mar 18 12:48:05.527643 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:05.529935 osdx dnscrypt-proxy[164902]: Network connectivity detected
Mar 18 12:48:05.529986 osdx dnscrypt-proxy[164902]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:05.529994 osdx dnscrypt-proxy[164902]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:05.530029 osdx dnscrypt-proxy[164902]: Firefox workaround initialized
Mar 18 12:48:05.530037 osdx dnscrypt-proxy[164902]: Loading the set of cloaking rules from [/tmp/tmpajkx18af]
Mar 18 12:48:05.733428 osdx dnscrypt-proxy[164902]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 18 12:48:05.733451 osdx dnscrypt-proxy[164902]: [RD] OK (DoH) - rtt: 172ms
Mar 18 12:48:05.733466 osdx dnscrypt-proxy[164902]: Server with the lowest initial latency: RD (rtt: 172ms)
Mar 18 12:48:05.733475 osdx dnscrypt-proxy[164902]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:48:10.716819 osdx OSDxCLI[56339]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Mar 18 12:48:12.869409 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 18 12:48:13.129371 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:48:13.130502 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:13.130555 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:13.142852 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:13.507198 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:13.595631 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:48:13.727272 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:48:13.821209 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:13.957125 osdx dnscrypt-proxy[164902]: Stopped.
Mar 18 12:48:13.957237 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:48:13.958733 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:48:13.958894 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:14.086649 osdx ca-certificates[164996]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:48:14.459453 osdx ca-certificates[165565]: done.
Mar 18 12:48:14.463975 osdx ca-certificates[165574]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:15.065615 osdx ca-certificates[166425]: 140 added, 0 removed; done.
Mar 18 12:48:15.069661 osdx ca-certificates[166432]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:15.073715 osdx ca-certificates[166434]: done.
Mar 18 12:48:15.112651 osdx INFO[166437]: FRR daemons did not change
Mar 18 12:48:15.113145 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:15.116766 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:15.141929 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:16.713794 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:16.809486 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:16.927805 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:17.028678 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:17.111631 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:17.204486 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:17.292122 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 18 12:48:17.376527 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:17.488169 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:17.561955 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:17.679034 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:17.780376 osdx INFO[166479]: FRR daemons did not change
Mar 18 12:48:17.796785 osdx ca-certificates[166495]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:18.515488 osdx ca-certificates[167499]: 1 added, 0 removed; done.
Mar 18 12:48:18.521016 osdx ca-certificates[167505]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:18.525404 osdx ca-certificates[167507]: done.
Mar 18 12:48:18.550548 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:18.763233 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:18.765386 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:18.792232 osdx dnscrypt-proxy[167573]: dnscrypt-proxy 2.0.45
Mar 18 12:48:18.792322 osdx dnscrypt-proxy[167573]: Network connectivity detected
Mar 18 12:48:18.792614 osdx dnscrypt-proxy[167573]: Dropping privileges
Mar 18 12:48:18.795348 osdx dnscrypt-proxy[167573]: Network connectivity detected
Mar 18 12:48:18.795387 osdx dnscrypt-proxy[167573]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:18.795393 osdx dnscrypt-proxy[167573]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:18.795417 osdx dnscrypt-proxy[167573]: Firefox workaround initialized
Mar 18 12:48:18.795422 osdx dnscrypt-proxy[167573]: Loading the set of cloaking rules from [/tmp/tmphqj55im1]
Mar 18 12:48:18.802481 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:18.855949 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:18.909669 osdx dnscrypt-proxy[167573]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 18 12:48:18.909686 osdx dnscrypt-proxy[167573]: [RD] OK (DoH) - rtt: 69ms
Mar 18 12:48:18.909695 osdx dnscrypt-proxy[167573]: Server with the lowest initial latency: RD (rtt: 69ms)
Mar 18 12:48:18.909700 osdx dnscrypt-proxy[167573]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:48:19.039382 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 18 12:48:19.278129 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:48:19.278755 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:19.278822 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:19.291698 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:19.637162 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:19.725968 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:48:19.830249 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:48:19.967883 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:20.056919 osdx dnscrypt-proxy[167573]: Stopped.
Mar 18 12:48:20.056994 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:48:20.058430 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:48:20.058618 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:20.189415 osdx ca-certificates[167682]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:48:20.563725 osdx ca-certificates[168252]: done.
Mar 18 12:48:20.568918 osdx ca-certificates[168261]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:21.195507 osdx ca-certificates[169112]: 140 added, 0 removed; done.
Mar 18 12:48:21.199971 osdx ca-certificates[169118]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:21.204340 osdx ca-certificates[169120]: done.
Mar 18 12:48:21.246969 osdx INFO[169123]: FRR daemons did not change
Mar 18 12:48:21.247556 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:21.251362 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:21.277714 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:22.882352 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:22.975659 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:23.095782 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:23.198491 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:23.282599 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:23.402684 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:23.490060 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 18 12:48:23.575893 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:23.688220 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:23.762226 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:23.874006 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:23.979019 osdx INFO[169165]: FRR daemons did not change
Mar 18 12:48:23.996130 osdx ca-certificates[169181]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:24.693215 osdx ca-certificates[170184]: 1 added, 0 removed; done.
Mar 18 12:48:24.697183 osdx ca-certificates[170191]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:24.701357 osdx ca-certificates[170193]: done.
Mar 18 12:48:24.726514 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:24.943121 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:24.944921 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:24.971580 osdx dnscrypt-proxy[170259]: dnscrypt-proxy 2.0.45
Mar 18 12:48:24.971655 osdx dnscrypt-proxy[170259]: Network connectivity detected
Mar 18 12:48:24.971876 osdx dnscrypt-proxy[170259]: Dropping privileges
Mar 18 12:48:24.974887 osdx dnscrypt-proxy[170259]: Network connectivity detected
Mar 18 12:48:24.974926 osdx dnscrypt-proxy[170259]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:24.974935 osdx dnscrypt-proxy[170259]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:24.974969 osdx dnscrypt-proxy[170259]: Firefox workaround initialized
Mar 18 12:48:24.974975 osdx dnscrypt-proxy[170259]: Loading the set of cloaking rules from [/tmp/tmpo9468n5v]
Mar 18 12:48:24.980994 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:25.022282 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:25.070298 osdx dnscrypt-proxy[170259]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:48:25.070433 osdx dnscrypt-proxy[170259]: [RD] OK (DoH) - rtt: 46ms
Mar 18 12:48:25.070508 osdx dnscrypt-proxy[170259]: Server with the lowest initial latency: RD (rtt: 46ms)
Mar 18 12:48:25.070575 osdx dnscrypt-proxy[170259]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:48:25.203981 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 18 12:48:33.000566 osdx systemd-timedated[171893]: Changed local time to Tue 2025-03-18 12:48:33 UTC
Mar 18 12:48:33.002792 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'set date 2025-03-18 12:48:33'.
Mar 18 12:48:33.004580 osdx systemd-journald[1668]: Time jumped backwards, rotating.
Mar 18 12:48:33.380904 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:48:33.384596 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:33.384688 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:33.395161 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:33.816057 osdx osdx-coredump[171911]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:48:33.826455 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:48:34.427077 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:34.587274 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:34.659352 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:34.813809 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:34.905071 osdx INFO[171936]: FRR daemons did not change
Mar 18 12:48:34.928587 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:35.064776 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:35.099464 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:35.123626 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:35.301333 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:48:35.539129 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:35.632413 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:35.725520 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:35.831516 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:35.940014 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:36.060341 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:36.145963 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:48:36.277811 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:36.387299 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:36.492374 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:36.657774 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:36.752658 osdx INFO[172059]: FRR daemons did not change
Mar 18 12:48:36.769777 osdx ca-certificates[172075]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:37.475066 osdx ca-certificates[173078]: 1 added, 0 removed; done.
Mar 18 12:48:37.479024 osdx ca-certificates[173085]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:37.483170 osdx ca-certificates[173087]: done.
Mar 18 12:48:37.568978 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:37.570595 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:37.574494 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:37.600250 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:37.601644 osdx dnscrypt-proxy[173091]: dnscrypt-proxy 2.0.45
Mar 18 12:48:37.601728 osdx dnscrypt-proxy[173091]: Network connectivity detected
Mar 18 12:48:37.602050 osdx dnscrypt-proxy[173091]: Dropping privileges
Mar 18 12:48:37.605023 osdx dnscrypt-proxy[173091]: Network connectivity detected
Mar 18 12:48:37.605059 osdx dnscrypt-proxy[173091]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:37.605065 osdx dnscrypt-proxy[173091]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:37.605096 osdx dnscrypt-proxy[173091]: Firefox workaround initialized
Mar 18 12:48:37.605102 osdx dnscrypt-proxy[173091]: Loading the set of cloaking rules from [/tmp/tmpbkmobdkd]
Mar 18 12:48:37.606090 osdx dnscrypt-proxy[173091]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 18 12:48:37.756448 osdx dnscrypt-proxy[173091]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:48:37.756474 osdx dnscrypt-proxy[173091]: [RD] OK (DoH) - rtt: 117ms
Mar 18 12:48:37.756487 osdx dnscrypt-proxy[173091]: Server with the lowest initial latency: RD (rtt: 117ms)
Mar 18 12:48:37.756497 osdx dnscrypt-proxy[173091]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 18 12:48:46.359077 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.1M, max 15.3M, 13.2M free.
Mar 18 12:48:46.361783 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:46.361871 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:46.373211 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:46.799104 osdx osdx-coredump[174718]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:48:46.809331 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:48:47.426965 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:47.574071 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:47.650865 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:47.762603 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:47.865428 osdx INFO[174742]: FRR daemons did not change
Mar 18 12:48:47.893749 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:48.027236 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:48.061482 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:48.086337 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:48.263723 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:48:48.444877 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:48.539048 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:48.656880 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:48.758936 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:48.843403 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:48.959264 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:49.044650 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:48:49.130849 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:49.238602 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:49.311873 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:49.453012 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:49.552612 osdx INFO[174865]: FRR daemons did not change
Mar 18 12:48:49.569304 osdx ca-certificates[174881]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:50.280199 osdx ca-certificates[175885]: 1 added, 0 removed; done.
Mar 18 12:48:50.284549 osdx ca-certificates[175891]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:50.288788 osdx ca-certificates[175893]: done.
Mar 18 12:48:50.374271 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:50.376348 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:50.379423 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:50.405939 osdx dnscrypt-proxy[175897]: dnscrypt-proxy 2.0.45
Mar 18 12:48:50.406030 osdx dnscrypt-proxy[175897]: Network connectivity detected
Mar 18 12:48:50.406441 osdx dnscrypt-proxy[175897]: Dropping privileges
Mar 18 12:48:50.407889 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:50.409525 osdx dnscrypt-proxy[175897]: Network connectivity detected
Mar 18 12:48:50.409565 osdx dnscrypt-proxy[175897]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:50.409570 osdx dnscrypt-proxy[175897]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:50.409603 osdx dnscrypt-proxy[175897]: Firefox workaround initialized
Mar 18 12:48:50.409608 osdx dnscrypt-proxy[175897]: Loading the set of cloaking rules from [/tmp/tmp9ydkpim3]
Mar 18 12:48:50.410622 osdx dnscrypt-proxy[175897]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 18 12:48:50.485177 osdx dnscrypt-proxy[175897]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:48:50.485199 osdx dnscrypt-proxy[175897]: [RD] OK (DoH) - rtt: 43ms
Mar 18 12:48:50.485216 osdx dnscrypt-proxy[175897]: Server with the lowest initial latency: RD (rtt: 43ms)
Mar 18 12:48:50.485226 osdx dnscrypt-proxy[175897]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 18 12:48:50.753281 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:48:50.753837 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:50.753884 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:50.768178 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:51.158076 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:51.247492 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:48:51.354067 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:48:51.444832 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:51.565186 osdx dnscrypt-proxy[175897]: Stopped.
Mar 18 12:48:51.565255 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:48:51.567086 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:48:51.567218 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:51.700607 osdx ca-certificates[175984]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:48:52.079111 osdx ca-certificates[176553]: done.
Mar 18 12:48:52.084562 osdx ca-certificates[176562]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:52.689550 osdx ca-certificates[177414]: 140 added, 0 removed; done.
Mar 18 12:48:52.693560 osdx ca-certificates[177420]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:52.697632 osdx ca-certificates[177422]: done.
Mar 18 12:48:52.740597 osdx INFO[177425]: FRR daemons did not change
Mar 18 12:48:52.741219 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:52.744539 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:52.781135 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:54.367891 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:54.460809 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:48:54.580432 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:48:54.680968 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:48:54.763354 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:48:54.888617 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:48:54.973331 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 18 12:48:55.084921 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:48:55.198235 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:48:55.275571 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:48:55.390624 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:55.498074 osdx INFO[177467]: FRR daemons did not change
Mar 18 12:48:55.515047 osdx ca-certificates[177483]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:56.212505 osdx ca-certificates[178486]: 1 added, 0 removed; done.
Mar 18 12:48:56.216435 osdx ca-certificates[178493]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:56.220692 osdx ca-certificates[178495]: done.
Mar 18 12:48:56.245743 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:48:56.478349 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:56.480509 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:56.507019 osdx dnscrypt-proxy[178561]: dnscrypt-proxy 2.0.45
Mar 18 12:48:56.507124 osdx dnscrypt-proxy[178561]: Network connectivity detected
Mar 18 12:48:56.507522 osdx dnscrypt-proxy[178561]: Dropping privileges
Mar 18 12:48:56.510698 osdx dnscrypt-proxy[178561]: Network connectivity detected
Mar 18 12:48:56.510736 osdx dnscrypt-proxy[178561]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:48:56.510742 osdx dnscrypt-proxy[178561]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:48:56.510773 osdx dnscrypt-proxy[178561]: Firefox workaround initialized
Mar 18 12:48:56.510778 osdx dnscrypt-proxy[178561]: Loading the set of cloaking rules from [/tmp/tmpq15wsxmw]
Mar 18 12:48:56.511991 osdx dnscrypt-proxy[178561]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 18 12:48:56.518570 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:56.561535 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:48:56.611564 osdx dnscrypt-proxy[178561]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:48:56.611592 osdx dnscrypt-proxy[178561]: [RD] OK (DoH) - rtt: 52ms
Mar 18 12:48:56.611606 osdx dnscrypt-proxy[178561]: Server with the lowest initial latency: RD (rtt: 52ms)
Mar 18 12:48:56.611614 osdx dnscrypt-proxy[178561]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 18 12:48:56.901635 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.1M, max 15.3M, 13.2M free.
Mar 18 12:48:56.902265 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:48:56.902318 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:48:56.915505 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:48:57.260417 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:48:57.347839 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:48:57.453275 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:48:57.593423 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:48:57.683615 osdx dnscrypt-proxy[178561]: Stopped.
Mar 18 12:48:57.683762 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:48:57.684770 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:48:57.684910 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:48:57.824653 osdx ca-certificates[178665]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:48:58.199956 osdx ca-certificates[179235]: done.
Mar 18 12:48:58.205142 osdx ca-certificates[179244]: Updating certificates in /etc/ssl/certs...
Mar 18 12:48:58.811749 osdx ca-certificates[180095]: 140 added, 0 removed; done.
Mar 18 12:48:58.815768 osdx ca-certificates[180101]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:48:58.820052 osdx ca-certificates[180103]: done.
Mar 18 12:48:58.859816 osdx INFO[180106]: FRR daemons did not change
Mar 18 12:48:58.860509 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:48:58.864294 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:48:58.891238 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:00.516378 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:00.614092 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:00.730918 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:00.829974 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:00.938344 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:01.060732 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:01.150282 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:49:01.243792 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 18 12:49:01.375672 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:01.494646 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:01.590580 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:01.747544 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:01.855005 osdx INFO[180154]: FRR daemons did not change
Mar 18 12:49:01.872911 osdx ca-certificates[180170]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:02.603087 osdx ca-certificates[181173]: 1 added, 0 removed; done.
Mar 18 12:49:02.607021 osdx ca-certificates[181180]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:02.610933 osdx ca-certificates[181182]: done.
Mar 18 12:49:02.637785 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:02.850250 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:02.853134 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:02.880663 osdx dnscrypt-proxy[181248]: dnscrypt-proxy 2.0.45
Mar 18 12:49:02.880759 osdx dnscrypt-proxy[181248]: Network connectivity detected
Mar 18 12:49:02.881075 osdx dnscrypt-proxy[181248]: Dropping privileges
Mar 18 12:49:02.884619 osdx dnscrypt-proxy[181248]: Network connectivity detected
Mar 18 12:49:02.884921 osdx dnscrypt-proxy[181248]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:02.884988 osdx dnscrypt-proxy[181248]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:02.885097 osdx dnscrypt-proxy[181248]: Firefox workaround initialized
Mar 18 12:49:02.885171 osdx dnscrypt-proxy[181248]: Loading the set of cloaking rules from [/tmp/tmp8j4rurz8]
Mar 18 12:49:02.886344 osdx dnscrypt-proxy[181248]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 18 12:49:02.892632 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:02.918061 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:02.999918 osdx dnscrypt-proxy[181248]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:49:02.999936 osdx dnscrypt-proxy[181248]: [RD] OK (DoH) - rtt: 79ms
Mar 18 12:49:02.999946 osdx dnscrypt-proxy[181248]: Server with the lowest initial latency: RD (rtt: 79ms)
Mar 18 12:49:02.999952 osdx dnscrypt-proxy[181248]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 18 12:49:12.379395 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:12.383127 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:12.383210 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:12.393122 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:12.815323 osdx osdx-coredump[182892]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 18 12:49:12.825495 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 18 12:49:13.430401 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:13.572080 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:13.647190 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:13.755860 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:13.849973 osdx INFO[182916]: FRR daemons did not change
Mar 18 12:49:13.875195 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:14.027720 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:14.062959 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:14.088885 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:14.267221 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 18 12:49:14.532005 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:14.626890 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:14.719809 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:14.824205 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:14.910385 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:15.034988 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:15.123602 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:49:15.217669 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 18 12:49:15.302762 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:15.411613 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:15.487246 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:15.609490 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:15.708041 osdx INFO[183042]: FRR daemons did not change
Mar 18 12:49:15.725642 osdx ca-certificates[183058]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:16.428084 osdx ca-certificates[184062]: 1 added, 0 removed; done.
Mar 18 12:49:16.432274 osdx ca-certificates[184068]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:16.436284 osdx ca-certificates[184070]: done.
Mar 18 12:49:16.511566 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:16.513085 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:16.517423 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:16.542882 osdx dnscrypt-proxy[184074]: dnscrypt-proxy 2.0.45
Mar 18 12:49:16.542956 osdx dnscrypt-proxy[184074]: Network connectivity detected
Mar 18 12:49:16.543231 osdx dnscrypt-proxy[184074]: Dropping privileges
Mar 18 12:49:16.543695 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:16.546121 osdx dnscrypt-proxy[184074]: Network connectivity detected
Mar 18 12:49:16.546159 osdx dnscrypt-proxy[184074]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:16.546165 osdx dnscrypt-proxy[184074]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:16.546192 osdx dnscrypt-proxy[184074]: Firefox workaround initialized
Mar 18 12:49:16.546197 osdx dnscrypt-proxy[184074]: Loading the set of cloaking rules from [/tmp/tmp6_lx48ng]
Mar 18 12:49:16.696586 osdx dnscrypt-proxy[184074]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 18 12:49:16.696606 osdx dnscrypt-proxy[184074]: [RD] OK (DoH) - rtt: 118ms
Mar 18 12:49:16.696617 osdx dnscrypt-proxy[184074]: Server with the lowest initial latency: RD (rtt: 118ms)
Mar 18 12:49:16.696623 osdx dnscrypt-proxy[184074]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:16.714131 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 18 12:49:16.982651 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:16.983249 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:16.983295 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:16.996032 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:17.340579 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:17.430644 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:49:17.560295 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:49:17.651075 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:17.771073 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:49:17.771140 osdx dnscrypt-proxy[184074]: Stopped.
Mar 18 12:49:17.772640 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:49:17.772785 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:17.908326 osdx ca-certificates[184165]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:49:18.285739 osdx ca-certificates[184734]: done.
Mar 18 12:49:18.290567 osdx ca-certificates[184744]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:18.923219 osdx ca-certificates[185594]: 140 added, 0 removed; done.
Mar 18 12:49:18.927560 osdx ca-certificates[185601]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:18.931456 osdx ca-certificates[185603]: done.
Mar 18 12:49:18.971269 osdx INFO[185606]: FRR daemons did not change
Mar 18 12:49:18.971860 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:18.974959 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:19.017931 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:20.630445 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:20.731963 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:20.855522 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:20.955627 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:21.086668 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:21.182549 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:21.299256 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:49:21.391145 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 18 12:49:21.475140 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:21.618012 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:21.692214 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:21.810181 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:21.913654 osdx INFO[185651]: FRR daemons did not change
Mar 18 12:49:21.930151 osdx ca-certificates[185667]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:22.625288 osdx ca-certificates[186670]: 1 added, 0 removed; done.
Mar 18 12:49:22.629480 osdx ca-certificates[186677]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:22.633451 osdx ca-certificates[186679]: done.
Mar 18 12:49:22.659215 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:22.871768 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:22.873845 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:22.901349 osdx dnscrypt-proxy[186745]: dnscrypt-proxy 2.0.45
Mar 18 12:49:22.901475 osdx dnscrypt-proxy[186745]: Network connectivity detected
Mar 18 12:49:22.901786 osdx dnscrypt-proxy[186745]: Dropping privileges
Mar 18 12:49:22.905116 osdx dnscrypt-proxy[186745]: Network connectivity detected
Mar 18 12:49:22.905181 osdx dnscrypt-proxy[186745]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:22.905191 osdx dnscrypt-proxy[186745]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:22.905231 osdx dnscrypt-proxy[186745]: Firefox workaround initialized
Mar 18 12:49:22.905240 osdx dnscrypt-proxy[186745]: Loading the set of cloaking rules from [/tmp/tmpeniujkn2]
Mar 18 12:49:22.912821 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:22.939521 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:23.068606 osdx dnscrypt-proxy[186745]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 18 12:49:23.068635 osdx dnscrypt-proxy[186745]: [RD] OK (DoH) - rtt: 127ms
Mar 18 12:49:23.068650 osdx dnscrypt-proxy[186745]: Server with the lowest initial latency: RD (rtt: 127ms)
Mar 18 12:49:23.068659 osdx dnscrypt-proxy[186745]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:23.124683 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 18 12:49:23.370779 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:23.371375 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:23.371420 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:23.384817 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:23.735981 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:23.825309 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:49:23.956628 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:49:24.065427 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:24.157563 osdx dnscrypt-proxy[186745]: Stopped.
Mar 18 12:49:24.157653 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:49:24.158673 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:49:24.158877 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:24.289052 osdx ca-certificates[186853]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:49:24.677899 osdx ca-certificates[187423]: done.
Mar 18 12:49:24.682866 osdx ca-certificates[187432]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:25.284842 osdx ca-certificates[188283]: 140 added, 0 removed; done.
Mar 18 12:49:25.289152 osdx ca-certificates[188289]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:25.293321 osdx ca-certificates[188291]: done.
Mar 18 12:49:25.332375 osdx INFO[188294]: FRR daemons did not change
Mar 18 12:49:25.333085 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:25.337413 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:25.380399 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:27.009197 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:27.100082 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:27.190089 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:27.289012 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:27.371101 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:27.467277 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:27.556882 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 18 12:49:27.651151 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 18 12:49:27.741213 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:27.852008 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:27.924396 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:28.040706 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:28.142558 osdx INFO[188339]: FRR daemons did not change
Mar 18 12:49:28.160105 osdx ca-certificates[188355]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:28.860174 osdx ca-certificates[189359]: 1 added, 0 removed; done.
Mar 18 12:49:28.864130 osdx ca-certificates[189365]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:28.868318 osdx ca-certificates[189367]: done.
Mar 18 12:49:28.895147 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:29.131854 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:29.134465 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:29.159476 osdx dnscrypt-proxy[189433]: dnscrypt-proxy 2.0.45
Mar 18 12:49:29.159559 osdx dnscrypt-proxy[189433]: Network connectivity detected
Mar 18 12:49:29.159852 osdx dnscrypt-proxy[189433]: Dropping privileges
Mar 18 12:49:29.162733 osdx dnscrypt-proxy[189433]: Network connectivity detected
Mar 18 12:49:29.162771 osdx dnscrypt-proxy[189433]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:29.162777 osdx dnscrypt-proxy[189433]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:29.162812 osdx dnscrypt-proxy[189433]: Firefox workaround initialized
Mar 18 12:49:29.162817 osdx dnscrypt-proxy[189433]: Loading the set of cloaking rules from [/tmp/tmprn_p4fro]
Mar 18 12:49:29.172392 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:29.211717 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:29.253059 osdx dnscrypt-proxy[189433]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:49:29.253080 osdx dnscrypt-proxy[189433]: [RD] OK (DoH) - rtt: 53ms
Mar 18 12:49:29.253090 osdx dnscrypt-proxy[189433]: Server with the lowest initial latency: RD (rtt: 53ms)
Mar 18 12:49:29.253096 osdx dnscrypt-proxy[189433]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:29.384285 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 18 12:49:29.657589 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:29.659155 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:29.659212 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:29.670838 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:30.047326 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:30.136949 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:49:30.271448 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:49:30.363174 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:30.484030 osdx dnscrypt-proxy[189433]: Stopped.
Mar 18 12:49:30.484091 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:49:30.485533 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:49:30.485707 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:30.617720 osdx ca-certificates[189541]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:49:30.988948 osdx ca-certificates[190110]: done.
Mar 18 12:49:30.993434 osdx ca-certificates[190119]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:31.597788 osdx ca-certificates[190970]: 140 added, 0 removed; done.
Mar 18 12:49:31.601882 osdx ca-certificates[190977]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:31.606097 osdx ca-certificates[190979]: done.
Mar 18 12:49:31.647631 osdx INFO[190982]: FRR daemons did not change
Mar 18 12:49:31.648260 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:31.651369 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:31.688710 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:33.304019 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:33.397305 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:33.536377 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:33.637200 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:33.752312 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:33.876318 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:33.969889 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 18 12:49:34.071320 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 18 12:49:34.157385 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:34.270111 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:34.345061 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:34.462125 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:34.561903 osdx INFO[191028]: FRR daemons did not change
Mar 18 12:49:34.579179 osdx ca-certificates[191044]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:35.273486 osdx ca-certificates[192047]: 1 added, 0 removed; done.
Mar 18 12:49:35.277456 osdx ca-certificates[192054]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:35.281651 osdx ca-certificates[192056]: done.
Mar 18 12:49:35.307151 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:35.511763 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:35.513867 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:35.541411 osdx dnscrypt-proxy[192122]: dnscrypt-proxy 2.0.45
Mar 18 12:49:35.541859 osdx dnscrypt-proxy[192122]: Network connectivity detected
Mar 18 12:49:35.542173 osdx dnscrypt-proxy[192122]: Dropping privileges
Mar 18 12:49:35.545462 osdx dnscrypt-proxy[192122]: Network connectivity detected
Mar 18 12:49:35.545505 osdx dnscrypt-proxy[192122]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:35.545511 osdx dnscrypt-proxy[192122]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:35.545541 osdx dnscrypt-proxy[192122]: Firefox workaround initialized
Mar 18 12:49:35.545546 osdx dnscrypt-proxy[192122]: Loading the set of cloaking rules from [/tmp/tmpgpochi68]
Mar 18 12:49:35.551650 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:35.587703 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:35.712335 osdx dnscrypt-proxy[192122]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 18 12:49:35.712358 osdx dnscrypt-proxy[192122]: [RD] OK (DoH) - rtt: 124ms
Mar 18 12:49:35.712369 osdx dnscrypt-proxy[192122]: Server with the lowest initial latency: RD (rtt: 124ms)
Mar 18 12:49:35.712376 osdx dnscrypt-proxy[192122]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:35.772745 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 18 12:49:36.049961 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:36.051188 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:36.051254 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:36.064583 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:36.431920 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:36.522126 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:49:36.656970 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:49:36.752578 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:36.870317 osdx dnscrypt-proxy[192122]: Stopped.
Mar 18 12:49:36.870376 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:49:36.871794 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:49:36.871952 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:37.003746 osdx ca-certificates[192232]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:49:37.385703 osdx ca-certificates[192801]: done.
Mar 18 12:49:37.389876 osdx ca-certificates[192810]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:38.011060 osdx ca-certificates[193661]: 140 added, 0 removed; done.
Mar 18 12:49:38.015044 osdx ca-certificates[193668]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:38.019435 osdx ca-certificates[193670]: done.
Mar 18 12:49:38.059470 osdx INFO[193673]: FRR daemons did not change
Mar 18 12:49:38.059864 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:38.063728 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:38.103518 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:39.724837 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:39.825866 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:39.944248 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:40.045664 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:40.128045 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:40.249011 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:40.343257 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 18 12:49:40.440245 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 18 12:49:40.551234 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:40.691289 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:40.764997 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:40.909699 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:41.010761 osdx INFO[193718]: FRR daemons did not change
Mar 18 12:49:41.027883 osdx ca-certificates[193734]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:41.747647 osdx ca-certificates[194738]: 1 added, 0 removed; done.
Mar 18 12:49:41.751539 osdx ca-certificates[194744]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:41.755608 osdx ca-certificates[194746]: done.
Mar 18 12:49:41.783126 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:42.011558 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:42.014410 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:42.030674 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Mar 18 12:49:42.042625 osdx dnscrypt-proxy[194812]: dnscrypt-proxy 2.0.45
Mar 18 12:49:42.042717 osdx dnscrypt-proxy[194812]: Network connectivity detected
Mar 18 12:49:42.042947 osdx dnscrypt-proxy[194812]: Dropping privileges
Mar 18 12:49:42.045829 osdx dnscrypt-proxy[194812]: Network connectivity detected
Mar 18 12:49:42.045867 osdx dnscrypt-proxy[194812]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:42.045873 osdx dnscrypt-proxy[194812]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:42.045898 osdx dnscrypt-proxy[194812]: Firefox workaround initialized
Mar 18 12:49:42.045903 osdx dnscrypt-proxy[194812]: Loading the set of cloaking rules from [/tmp/tmp4rihxbq0]
Mar 18 12:49:42.054548 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:42.082511 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:42.130925 osdx dnscrypt-proxy[194812]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 18 12:49:42.130946 osdx dnscrypt-proxy[194812]: [RD] OK (DoH) - rtt: 52ms
Mar 18 12:49:42.130956 osdx dnscrypt-proxy[194812]: Server with the lowest initial latency: RD (rtt: 52ms)
Mar 18 12:49:42.130962 osdx dnscrypt-proxy[194812]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:42.270757 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 18 12:49:42.517783 osdx systemd-journald[1668]: Runtime Journal (/run/log/journal/72104842365c481ca7f4174cfa44e1fe) is 2.0M, max 15.3M, 13.3M free.
Mar 18 12:49:42.519161 osdx systemd-journald[1668]: Received client request to rotate journal, rotating.
Mar 18 12:49:42.519215 osdx systemd-journald[1668]: Vacuuming done, freed 0B of archived journals from /run/log/journal/72104842365c481ca7f4174cfa44e1fe.
Mar 18 12:49:42.531448 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'system journal clear'.
Mar 18 12:49:42.869936 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:42.966114 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'delete '.
Mar 18 12:49:43.097570 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 18 12:49:43.196438 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:43.314259 osdx dnscrypt-proxy[194812]: Stopped.
Mar 18 12:49:43.314366 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 18 12:49:43.316065 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 18 12:49:43.316191 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:43.457074 osdx ca-certificates[194923]: Clearing symlinks in /etc/ssl/certs...
Mar 18 12:49:43.836246 osdx ca-certificates[195493]: done.
Mar 18 12:49:43.840772 osdx ca-certificates[195502]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:44.458548 osdx ca-certificates[196352]: 140 added, 0 removed; done.
Mar 18 12:49:44.462629 osdx ca-certificates[196359]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:44.466664 osdx ca-certificates[196361]: done.
Mar 18 12:49:44.506143 osdx INFO[196364]: FRR daemons did not change
Mar 18 12:49:44.506555 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:44.509582 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:44.535938 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:46.160769 osdx OSDxCLI[56339]: User 'admin' entered the configuration menu.
Mar 18 12:49:46.257014 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 18 12:49:46.351615 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 18 12:49:46.486142 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 18 12:49:46.572305 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 18 12:49:46.697072 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 18 12:49:46.788973 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 18 12:49:46.880761 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 18 12:49:47.014028 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 18 12:49:47.128927 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 18 12:49:47.250044 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 18 12:49:47.380386 osdx OSDxCLI[56339]: User 'admin' added a new cfg line: 'show working'.
Mar 18 12:49:47.482121 osdx INFO[196410]: FRR daemons did not change
Mar 18 12:49:47.498706 osdx ca-certificates[196426]: Updating certificates in /etc/ssl/certs...
Mar 18 12:49:48.206525 osdx ca-certificates[197430]: 1 added, 0 removed; done.
Mar 18 12:49:48.210464 osdx ca-certificates[197436]: Running hooks in /etc/ca-certificates/update.d...
Mar 18 12:49:48.214588 osdx ca-certificates[197438]: done.
Mar 18 12:49:48.243158 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 18 12:49:48.467637 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 18 12:49:48.469273 osdx cfgd[1456]: [56339]Completed change to active configuration
Mar 18 12:49:48.495669 osdx dnscrypt-proxy[197504]: dnscrypt-proxy 2.0.45
Mar 18 12:49:48.495764 osdx dnscrypt-proxy[197504]: Network connectivity detected
Mar 18 12:49:48.495987 osdx dnscrypt-proxy[197504]: Dropping privileges
Mar 18 12:49:48.498975 osdx dnscrypt-proxy[197504]: Network connectivity detected
Mar 18 12:49:48.499015 osdx dnscrypt-proxy[197504]: Now listening to 127.0.0.1:53 [UDP]
Mar 18 12:49:48.499021 osdx dnscrypt-proxy[197504]: Now listening to 127.0.0.1:53 [TCP]
Mar 18 12:49:48.499051 osdx dnscrypt-proxy[197504]: Firefox workaround initialized
Mar 18 12:49:48.499056 osdx dnscrypt-proxy[197504]: Loading the set of cloaking rules from [/tmp/tmpfd1x0zvg]
Mar 18 12:49:48.507578 osdx OSDxCLI[56339]: User 'admin' committed the configuration.
Mar 18 12:49:48.561203 osdx OSDxCLI[56339]: User 'admin' left the configuration menu.
Mar 18 12:49:48.658756 osdx dnscrypt-proxy[197504]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 18 12:49:48.658774 osdx dnscrypt-proxy[197504]: [RD] OK (DoH) - rtt: 121ms
Mar 18 12:49:48.658784 osdx dnscrypt-proxy[197504]: Server with the lowest initial latency: RD (rtt: 121ms)
Mar 18 12:49:48.658791 osdx dnscrypt-proxy[197504]: dnscrypt-proxy is ready - live servers: 1
Mar 18 12:49:48.744502 osdx OSDxCLI[56339]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---