Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 26 11:56:17.312979 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.2M free.
May 26 11:56:17.316090 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:56:17.316161 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:56:17.324685 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:56:17.661454 osdx osdx-coredump[66722]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 26 11:56:17.669639 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'.
May 26 11:56:18.231505 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:18.320569 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:18.416049 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:18.486674 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:18.585113 osdx INFO[66742]: FRR daemons did not change
May 26 11:56:18.604166 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:56:18.717327 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:18.744085 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:18.782114 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:18.934731 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 26 11:56:19.114316 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:19.216831 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:56:19.286997 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:56:19.457509 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:56:19.531319 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:56:19.663504 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:56:19.721955 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 26 11:56:19.819414 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:56:19.900059 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:20.016363 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:20.091003 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:20.192173 osdx INFO[66861]: FRR daemons did not change
May 26 11:56:20.211498 osdx ca-certificates[66877]: Updating certificates in /etc/ssl/certs...
May 26 11:56:20.734294 osdx ca-certificates[67881]: 1 added, 0 removed; done.
May 26 11:56:20.737277 osdx ca-certificates[67887]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:20.740010 osdx ca-certificates[67889]: done.
May 26 11:56:20.816414 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:20.817927 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:20.820996 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:20.848044 osdx dnscrypt-proxy[67893]: dnscrypt-proxy 2.0.45
May 26 11:56:20.848130 osdx dnscrypt-proxy[67893]: Network connectivity detected
May 26 11:56:20.848354 osdx dnscrypt-proxy[67893]: Dropping privileges
May 26 11:56:20.851115 osdx dnscrypt-proxy[67893]: Network connectivity detected
May 26 11:56:20.851148 osdx dnscrypt-proxy[67893]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:56:20.851153 osdx dnscrypt-proxy[67893]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:56:20.851177 osdx dnscrypt-proxy[67893]: Firefox workaround initialized
May 26 11:56:20.851181 osdx dnscrypt-proxy[67893]: Loading the set of cloaking rules from [/tmp/tmppc4k23cq]
May 26 11:56:20.860345 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:21.002685 osdx dnscrypt-proxy[67893]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 26 11:56:21.002732 osdx dnscrypt-proxy[67893]: [RD] OK (DoH) - rtt: 122ms
May 26 11:56:21.002741 osdx dnscrypt-proxy[67893]: Server with the lowest initial latency: RD (rtt: 122ms)
May 26 11:56:21.002746 osdx dnscrypt-proxy[67893]: dnscrypt-proxy is ready - live servers: 1
May 26 11:56:21.026265 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 26 11:56:28.342568 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:56:28.343188 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:56:28.343232 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:56:28.353146 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:56:28.688221 osdx osdx-coredump[69513]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 26 11:56:28.695659 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'.
May 26 11:56:29.177090 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:29.253614 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:29.335123 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:29.407872 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:29.504495 osdx INFO[69533]: FRR daemons did not change
May 26 11:56:29.523180 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:56:29.621094 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:29.652469 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:29.676781 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:29.823968 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 26 11:56:29.997168 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:30.076351 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:56:30.186505 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:56:30.270482 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:56:30.335035 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:56:30.444505 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:56:30.498936 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 26 11:56:30.594003 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:56:30.669019 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:30.752180 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:30.831109 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:30.950298 osdx INFO[69652]: FRR daemons did not change
May 26 11:56:30.963608 osdx ca-certificates[69668]: Updating certificates in /etc/ssl/certs...
May 26 11:56:31.472385 osdx ca-certificates[70671]: 1 added, 0 removed; done.
May 26 11:56:31.475438 osdx ca-certificates[70678]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:31.478227 osdx ca-certificates[70680]: done.
May 26 11:56:31.539465 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:31.540622 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:31.544979 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:31.572427 osdx dnscrypt-proxy[70684]: dnscrypt-proxy 2.0.45
May 26 11:56:31.572732 osdx dnscrypt-proxy[70684]: Network connectivity detected
May 26 11:56:31.572962 osdx dnscrypt-proxy[70684]: Dropping privileges
May 26 11:56:31.575097 osdx dnscrypt-proxy[70684]: Network connectivity detected
May 26 11:56:31.575128 osdx dnscrypt-proxy[70684]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:56:31.575132 osdx dnscrypt-proxy[70684]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:56:31.575152 osdx dnscrypt-proxy[70684]: Firefox workaround initialized
May 26 11:56:31.575157 osdx dnscrypt-proxy[70684]: Loading the set of cloaking rules from [/tmp/tmpn9hvmeqn]
May 26 11:56:31.575669 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:31.727099 osdx dnscrypt-proxy[70684]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 26 11:56:31.727252 osdx dnscrypt-proxy[70684]: [RD] OK (DoH) - rtt: 128ms
May 26 11:56:31.727298 osdx dnscrypt-proxy[70684]: Server with the lowest initial latency: RD (rtt: 128ms)
May 26 11:56:31.727337 osdx dnscrypt-proxy[70684]: dnscrypt-proxy is ready - live servers: 1
May 26 11:56:36.726681 osdx OSDxCLI[29144]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 26 11:56:38.819114 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 26 11:56:39.034884 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:56:39.035328 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:56:39.035358 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:56:39.043891 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:56:39.331573 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:39.428039 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:56:39.494915 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:56:39.594321 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:39.657358 osdx dnscrypt-proxy[70684]: Stopped.
May 26 11:56:39.657392 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:56:39.658330 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:56:39.658430 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:39.753780 osdx ca-certificates[70775]: Clearing symlinks in /etc/ssl/certs...
May 26 11:56:39.992671 osdx ca-certificates[71345]: done.
May 26 11:56:39.996943 osdx ca-certificates[71355]: Updating certificates in /etc/ssl/certs...
May 26 11:56:40.414995 osdx ca-certificates[72204]: 140 added, 0 removed; done.
May 26 11:56:40.418621 osdx ca-certificates[72211]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:40.421299 osdx ca-certificates[72213]: done.
May 26 11:56:40.449536 osdx INFO[72216]: FRR daemons did not change
May 26 11:56:40.449773 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:40.452938 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:40.469999 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:41.666773 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:41.728447 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:56:41.839624 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:56:41.947210 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:56:42.060819 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:56:42.180290 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:56:42.244685 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 26 11:56:42.338634 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:56:42.422360 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:42.516158 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:42.592228 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:42.687634 osdx INFO[72254]: FRR daemons did not change
May 26 11:56:42.701134 osdx ca-certificates[72270]: Updating certificates in /etc/ssl/certs...
May 26 11:56:43.192500 osdx ca-certificates[73273]: 1 added, 0 removed; done.
May 26 11:56:43.195363 osdx ca-certificates[73280]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:43.198120 osdx ca-certificates[73282]: done.
May 26 11:56:43.219182 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:56:43.379436 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:43.380599 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:43.402412 osdx dnscrypt-proxy[73348]: dnscrypt-proxy 2.0.45
May 26 11:56:43.402481 osdx dnscrypt-proxy[73348]: Network connectivity detected
May 26 11:56:43.402716 osdx dnscrypt-proxy[73348]: Dropping privileges
May 26 11:56:43.404974 osdx dnscrypt-proxy[73348]: Network connectivity detected
May 26 11:56:43.405001 osdx dnscrypt-proxy[73348]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:56:43.405005 osdx dnscrypt-proxy[73348]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:56:43.405031 osdx dnscrypt-proxy[73348]: Firefox workaround initialized
May 26 11:56:43.405035 osdx dnscrypt-proxy[73348]: Loading the set of cloaking rules from [/tmp/tmp8gbrqkzc]
May 26 11:56:43.409695 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:43.441594 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:43.559464 osdx dnscrypt-proxy[73348]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 26 11:56:43.559488 osdx dnscrypt-proxy[73348]: [RD] OK (DoH) - rtt: 129ms
May 26 11:56:43.559500 osdx dnscrypt-proxy[73348]: Server with the lowest initial latency: RD (rtt: 129ms)
May 26 11:56:43.559506 osdx dnscrypt-proxy[73348]: dnscrypt-proxy is ready - live servers: 1
May 26 11:56:43.599646 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 26 11:56:43.826095 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.4M, max 15.3M, 12.8M free.
May 26 11:56:43.827191 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:56:43.827248 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:56:43.835195 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:56:44.149111 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:44.206768 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:56:44.317733 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:56:44.380723 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:44.481134 osdx dnscrypt-proxy[73348]: Stopped.
May 26 11:56:44.481137 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:56:44.482122 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:56:44.482224 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:44.576086 osdx ca-certificates[73455]: Clearing symlinks in /etc/ssl/certs...
May 26 11:56:44.818214 osdx ca-certificates[74024]: done.
May 26 11:56:44.821966 osdx ca-certificates[74034]: Updating certificates in /etc/ssl/certs...
May 26 11:56:45.236198 osdx ca-certificates[74884]: 140 added, 0 removed; done.
May 26 11:56:45.239052 osdx ca-certificates[74891]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:45.241732 osdx ca-certificates[74893]: done.
May 26 11:56:45.279965 osdx INFO[74896]: FRR daemons did not change
May 26 11:56:45.280650 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:45.283612 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:45.301092 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:46.503539 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:46.563840 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:56:46.661765 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:56:46.725944 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:56:46.819593 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:56:46.921638 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:56:46.988812 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 26 11:56:47.095395 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:56:47.183966 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:47.275471 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:47.376327 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:47.488538 osdx INFO[74934]: FRR daemons did not change
May 26 11:56:47.501810 osdx ca-certificates[74950]: Updating certificates in /etc/ssl/certs...
May 26 11:56:48.006251 osdx ca-certificates[75954]: 1 added, 0 removed; done.
May 26 11:56:48.008997 osdx ca-certificates[75960]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:48.011607 osdx ca-certificates[75962]: done.
May 26 11:56:48.035184 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:56:48.223479 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:48.224633 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:48.245411 osdx dnscrypt-proxy[76028]: dnscrypt-proxy 2.0.45
May 26 11:56:48.245468 osdx dnscrypt-proxy[76028]: Network connectivity detected
May 26 11:56:48.245641 osdx dnscrypt-proxy[76028]: Dropping privileges
May 26 11:56:48.248052 osdx dnscrypt-proxy[76028]: Network connectivity detected
May 26 11:56:48.248090 osdx dnscrypt-proxy[76028]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:56:48.248096 osdx dnscrypt-proxy[76028]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:56:48.248122 osdx dnscrypt-proxy[76028]: Firefox workaround initialized
May 26 11:56:48.248128 osdx dnscrypt-proxy[76028]: Loading the set of cloaking rules from [/tmp/tmpqe5gzxuy]
May 26 11:56:48.252267 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:48.269965 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:48.392407 osdx dnscrypt-proxy[76028]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 26 11:56:48.392422 osdx dnscrypt-proxy[76028]: [RD] OK (DoH) - rtt: 111ms
May 26 11:56:48.392430 osdx dnscrypt-proxy[76028]: Server with the lowest initial latency: RD (rtt: 111ms)
May 26 11:56:48.392436 osdx dnscrypt-proxy[76028]: dnscrypt-proxy is ready - live servers: 1
May 26 11:56:48.449495 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 26 11:56:55.298763 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:56:55.301917 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:56:55.301980 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:56:55.310261 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:56:55.694769 osdx osdx-coredump[77668]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 26 11:56:55.704580 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'.
May 26 11:56:56.166743 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:56.241310 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:56.326806 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:56.393628 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:56.520818 osdx INFO[77688]: FRR daemons did not change
May 26 11:56:56.541915 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:56:56.642408 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:56.675592 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:56.710550 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:56.855570 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 26 11:56:57.041805 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:56:57.181823 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:56:57.261218 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:56:57.377428 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:56:57.454727 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:56:57.575734 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:56:57.645309 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:56:57.742837 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:56:57.837011 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:56:57.928354 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:56:58.005498 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:56:58.107602 osdx INFO[77807]: FRR daemons did not change
May 26 11:56:58.121111 osdx ca-certificates[77823]: Updating certificates in /etc/ssl/certs...
May 26 11:56:58.621329 osdx ca-certificates[78827]: 1 added, 0 removed; done.
May 26 11:56:58.624381 osdx ca-certificates[78833]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:56:58.627063 osdx ca-certificates[78835]: done.
May 26 11:56:58.710220 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:56:58.711463 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:56:58.713813 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:56:58.731271 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:56:58.735192 osdx dnscrypt-proxy[78839]: dnscrypt-proxy 2.0.45
May 26 11:56:58.735254 osdx dnscrypt-proxy[78839]: Network connectivity detected
May 26 11:56:58.735442 osdx dnscrypt-proxy[78839]: Dropping privileges
May 26 11:56:58.737448 osdx dnscrypt-proxy[78839]: Network connectivity detected
May 26 11:56:58.737651 osdx dnscrypt-proxy[78839]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:56:58.737696 osdx dnscrypt-proxy[78839]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:56:58.737762 osdx dnscrypt-proxy[78839]: Firefox workaround initialized
May 26 11:56:58.737805 osdx dnscrypt-proxy[78839]: Loading the set of cloaking rules from [/tmp/tmpdqacz8i6]
May 26 11:56:58.738576 osdx dnscrypt-proxy[78839]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 26 11:57:05.350615 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:05.351395 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:05.351429 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:05.359781 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:05.669275 osdx osdx-coredump[80459]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 26 11:57:05.676825 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'.
May 26 11:57:06.155622 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:06.235774 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:06.322160 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:06.395565 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:06.492791 osdx INFO[80479]: FRR daemons did not change
May 26 11:57:06.515408 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:06.628200 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:06.660660 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:06.677747 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:06.816510 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 26 11:57:07.023456 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:07.083106 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:07.183637 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:07.249217 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:07.342336 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:07.417347 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:07.532258 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:57:07.585750 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:07.690026 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:07.744931 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:07.849997 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:07.927202 osdx INFO[80598]: FRR daemons did not change
May 26 11:57:07.939381 osdx ca-certificates[80614]: Updating certificates in /etc/ssl/certs...
May 26 11:57:08.430454 osdx ca-certificates[81618]: 1 added, 0 removed; done.
May 26 11:57:08.433218 osdx ca-certificates[81624]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:08.435876 osdx ca-certificates[81626]: done.
May 26 11:57:08.503711 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:08.504822 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:08.507116 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:08.525588 osdx dnscrypt-proxy[81630]: dnscrypt-proxy 2.0.45
May 26 11:57:08.525658 osdx dnscrypt-proxy[81630]: Network connectivity detected
May 26 11:57:08.525873 osdx dnscrypt-proxy[81630]: Dropping privileges
May 26 11:57:08.528692 osdx dnscrypt-proxy[81630]: Network connectivity detected
May 26 11:57:08.528726 osdx dnscrypt-proxy[81630]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:08.528732 osdx dnscrypt-proxy[81630]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:08.528757 osdx dnscrypt-proxy[81630]: Firefox workaround initialized
May 26 11:57:08.528762 osdx dnscrypt-proxy[81630]: Loading the set of cloaking rules from [/tmp/tmpq5llsfx1]
May 26 11:57:08.529481 osdx dnscrypt-proxy[81630]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 26 11:57:08.530254 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:08.669103 osdx dnscrypt-proxy[81630]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 26 11:57:08.669126 osdx dnscrypt-proxy[81630]: [RD] OK (DoH) - rtt: 116ms
May 26 11:57:08.669137 osdx dnscrypt-proxy[81630]: Server with the lowest initial latency: RD (rtt: 116ms)
May 26 11:57:08.669143 osdx dnscrypt-proxy[81630]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 26 11:57:08.774405 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:08.775388 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:08.775438 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:08.784888 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:09.047113 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:09.122327 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:09.231805 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:09.291953 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:09.408020 osdx dnscrypt-proxy[81630]: Stopped.
May 26 11:57:09.408069 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:09.409013 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:09.409123 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:09.516687 osdx ca-certificates[81711]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:09.761810 osdx ca-certificates[82280]: done.
May 26 11:57:09.764635 osdx ca-certificates[82289]: Updating certificates in /etc/ssl/certs...
May 26 11:57:10.229221 osdx ca-certificates[83141]: 140 added, 0 removed; done.
May 26 11:57:10.232034 osdx ca-certificates[83147]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:10.234811 osdx ca-certificates[83149]: done.
May 26 11:57:10.266029 osdx INFO[83152]: FRR daemons did not change
May 26 11:57:10.266629 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:10.269447 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:10.295867 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:11.508211 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:11.639493 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:11.708542 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:11.831503 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:11.889056 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:12.014013 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:12.076709 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 26 11:57:12.169863 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:12.243737 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:12.324787 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:12.393546 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:12.497882 osdx INFO[83190]: FRR daemons did not change
May 26 11:57:12.510161 osdx ca-certificates[83206]: Updating certificates in /etc/ssl/certs...
May 26 11:57:13.013665 osdx ca-certificates[84210]: 1 added, 0 removed; done.
May 26 11:57:13.017556 osdx ca-certificates[84216]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:13.020503 osdx ca-certificates[84218]: done.
May 26 11:57:13.043393 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:13.219725 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:13.221030 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:13.248194 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:13.250347 osdx dnscrypt-proxy[84284]: dnscrypt-proxy 2.0.45
May 26 11:57:13.250423 osdx dnscrypt-proxy[84284]: Network connectivity detected
May 26 11:57:13.250653 osdx dnscrypt-proxy[84284]: Dropping privileges
May 26 11:57:13.254359 osdx dnscrypt-proxy[84284]: Network connectivity detected
May 26 11:57:13.254594 osdx dnscrypt-proxy[84284]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:13.254640 osdx dnscrypt-proxy[84284]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:13.254685 osdx dnscrypt-proxy[84284]: Firefox workaround initialized
May 26 11:57:13.254717 osdx dnscrypt-proxy[84284]: Loading the set of cloaking rules from [/tmp/tmpecmz3e04]
May 26 11:57:13.255587 osdx dnscrypt-proxy[84284]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 26 11:57:13.272354 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 26 11:57:13.522049 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:13.523386 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:13.523437 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:13.531669 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:13.787936 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:13.844347 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:13.952393 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:14.018653 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:14.116415 osdx dnscrypt-proxy[84284]: Stopped.
May 26 11:57:14.116448 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:14.117264 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:14.117354 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:14.209039 osdx ca-certificates[84385]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:14.471367 osdx ca-certificates[84954]: done.
May 26 11:57:14.474242 osdx ca-certificates[84963]: Updating certificates in /etc/ssl/certs...
May 26 11:57:14.913494 osdx ca-certificates[85815]: 140 added, 0 removed; done.
May 26 11:57:14.916267 osdx ca-certificates[85821]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:14.918979 osdx ca-certificates[85823]: done.
May 26 11:57:14.949361 osdx INFO[85826]: FRR daemons did not change
May 26 11:57:14.949617 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:14.951894 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:14.969092 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:16.243639 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:16.349457 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:16.423599 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:16.496527 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:16.594657 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:16.659491 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:16.758386 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:57:16.820122 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 26 11:57:16.945172 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:17.023817 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:17.108263 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:17.198639 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:17.302593 osdx INFO[85867]: FRR daemons did not change
May 26 11:57:17.317486 osdx ca-certificates[85883]: Updating certificates in /etc/ssl/certs...
May 26 11:57:17.849843 osdx ca-certificates[86888]: 1 added, 0 removed; done.
May 26 11:57:17.853691 osdx ca-certificates[86895]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:17.857163 osdx ca-certificates[86897]: done.
May 26 11:57:17.883395 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:18.047800 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:18.049371 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:18.068879 osdx dnscrypt-proxy[86963]: dnscrypt-proxy 2.0.45
May 26 11:57:18.068937 osdx dnscrypt-proxy[86963]: Network connectivity detected
May 26 11:57:18.069133 osdx dnscrypt-proxy[86963]: Dropping privileges
May 26 11:57:18.071186 osdx dnscrypt-proxy[86963]: Network connectivity detected
May 26 11:57:18.071213 osdx dnscrypt-proxy[86963]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:18.071217 osdx dnscrypt-proxy[86963]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:18.071238 osdx dnscrypt-proxy[86963]: Firefox workaround initialized
May 26 11:57:18.071242 osdx dnscrypt-proxy[86963]: Loading the set of cloaking rules from [/tmp/tmp4klkauv5]
May 26 11:57:18.071933 osdx dnscrypt-proxy[86963]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 26 11:57:18.089647 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:18.107339 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 26 11:57:25.290568 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.5M, max 15.3M, 12.7M free.
May 26 11:57:25.293251 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:25.293311 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:25.301636 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:25.645859 osdx osdx-coredump[88599]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 26 11:57:25.653860 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system coredump delete all'.
May 26 11:57:26.163872 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:26.255308 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:26.349507 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:26.425954 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:26.522795 osdx INFO[88619]: FRR daemons did not change
May 26 11:57:26.545252 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:26.662232 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:26.692915 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:26.710789 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:26.876637 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 26 11:57:27.111588 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:27.212102 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:27.320342 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:27.385936 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:27.482224 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:27.615877 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:27.677823 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:57:27.768758 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 26 11:57:27.821567 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:27.933458 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:27.987050 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:28.104406 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:28.179204 osdx INFO[88741]: FRR daemons did not change
May 26 11:57:28.193321 osdx ca-certificates[88757]: Updating certificates in /etc/ssl/certs...
May 26 11:57:28.709671 osdx ca-certificates[89760]: 1 added, 0 removed; done.
May 26 11:57:28.712704 osdx ca-certificates[89767]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:28.715527 osdx ca-certificates[89769]: done.
May 26 11:57:28.797565 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:28.798842 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:28.801935 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:28.819668 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:28.827038 osdx dnscrypt-proxy[89773]: dnscrypt-proxy 2.0.45
May 26 11:57:28.827098 osdx dnscrypt-proxy[89773]: Network connectivity detected
May 26 11:57:28.827287 osdx dnscrypt-proxy[89773]: Dropping privileges
May 26 11:57:28.829704 osdx dnscrypt-proxy[89773]: Network connectivity detected
May 26 11:57:28.829736 osdx dnscrypt-proxy[89773]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:28.829740 osdx dnscrypt-proxy[89773]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:28.829764 osdx dnscrypt-proxy[89773]: Firefox workaround initialized
May 26 11:57:28.829768 osdx dnscrypt-proxy[89773]: Loading the set of cloaking rules from [/tmp/tmpfb32bpa_]
May 26 11:57:28.968974 osdx dnscrypt-proxy[89773]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 26 11:57:28.968987 osdx dnscrypt-proxy[89773]: [RD] OK (DoH) - rtt: 113ms
May 26 11:57:28.968996 osdx dnscrypt-proxy[89773]: Server with the lowest initial latency: RD (rtt: 113ms)
May 26 11:57:28.968999 osdx dnscrypt-proxy[89773]: dnscrypt-proxy is ready - live servers: 1
May 26 11:57:33.981008 osdx OSDxCLI[29144]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 26 11:57:36.071246 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 26 11:57:36.271585 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:36.273256 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:36.273300 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:36.280800 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:36.595107 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:36.651134 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:36.775080 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:36.835130 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:36.935488 osdx dnscrypt-proxy[89773]: Stopped.
May 26 11:57:36.935547 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:36.936524 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:36.936653 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:37.048188 osdx ca-certificates[89862]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:37.312674 osdx ca-certificates[90431]: done.
May 26 11:57:37.317302 osdx ca-certificates[90439]: Updating certificates in /etc/ssl/certs...
May 26 11:57:37.744561 osdx ca-certificates[91292]: 140 added, 0 removed; done.
May 26 11:57:37.747578 osdx ca-certificates[91298]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:37.750529 osdx ca-certificates[91300]: done.
May 26 11:57:37.781766 osdx INFO[91303]: FRR daemons did not change
May 26 11:57:37.782193 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:37.785604 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:37.804964 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:38.990842 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:39.050700 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:39.164762 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:39.229910 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:39.322305 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:39.380445 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:39.480910 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:57:39.547710 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 26 11:57:39.646268 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:39.760569 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:39.814711 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:39.930599 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:40.002647 osdx INFO[91344]: FRR daemons did not change
May 26 11:57:40.015918 osdx ca-certificates[91360]: Updating certificates in /etc/ssl/certs...
May 26 11:57:40.495811 osdx ca-certificates[92364]: 1 added, 0 removed; done.
May 26 11:57:40.499555 osdx ca-certificates[92370]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:40.502486 osdx ca-certificates[92372]: done.
May 26 11:57:40.521254 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:40.693534 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:40.695198 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:40.743175 osdx dnscrypt-proxy[92438]: dnscrypt-proxy 2.0.45
May 26 11:57:40.743313 osdx dnscrypt-proxy[92438]: Network connectivity detected
May 26 11:57:40.743502 osdx dnscrypt-proxy[92438]: Dropping privileges
May 26 11:57:40.745489 osdx dnscrypt-proxy[92438]: Network connectivity detected
May 26 11:57:40.745515 osdx dnscrypt-proxy[92438]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:40.745519 osdx dnscrypt-proxy[92438]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:40.745537 osdx dnscrypt-proxy[92438]: Firefox workaround initialized
May 26 11:57:40.745541 osdx dnscrypt-proxy[92438]: Loading the set of cloaking rules from [/tmp/tmpi7xlnvse]
May 26 11:57:40.751024 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:40.768568 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:40.898913 osdx dnscrypt-proxy[92438]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 26 11:57:40.898930 osdx dnscrypt-proxy[92438]: [RD] OK (DoH) - rtt: 129ms
May 26 11:57:40.898940 osdx dnscrypt-proxy[92438]: Server with the lowest initial latency: RD (rtt: 129ms)
May 26 11:57:40.898945 osdx dnscrypt-proxy[92438]: dnscrypt-proxy is ready - live servers: 1
May 26 11:57:40.923345 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 26 11:57:41.125895 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:41.129249 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:41.129296 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:41.134891 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:41.413624 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:41.477898 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:41.582576 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:41.652240 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:41.778267 osdx dnscrypt-proxy[92438]: Stopped.
May 26 11:57:41.778297 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:41.779495 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:41.779611 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:41.874382 osdx ca-certificates[92543]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:42.119318 osdx ca-certificates[93112]: done.
May 26 11:57:42.124657 osdx ca-certificates[93121]: Updating certificates in /etc/ssl/certs...
May 26 11:57:42.557077 osdx ca-certificates[93973]: 140 added, 0 removed; done.
May 26 11:57:42.560008 osdx ca-certificates[93979]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:42.563246 osdx ca-certificates[93981]: done.
May 26 11:57:42.603485 osdx INFO[93984]: FRR daemons did not change
May 26 11:57:42.604026 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:42.607117 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:42.629468 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:43.840903 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:43.902439 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:44.002489 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:44.068436 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:44.163357 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:44.225726 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:44.322461 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 26 11:57:44.382637 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 26 11:57:44.476072 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:44.548633 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:44.635416 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:44.710199 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:44.811361 osdx INFO[94025]: FRR daemons did not change
May 26 11:57:44.823852 osdx ca-certificates[94040]: Updating certificates in /etc/ssl/certs...
May 26 11:57:45.355942 osdx ca-certificates[95045]: 1 added, 0 removed; done.
May 26 11:57:45.359704 osdx ca-certificates[95051]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:45.362580 osdx ca-certificates[95053]: done.
May 26 11:57:45.381252 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:45.561688 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:45.563234 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:45.587582 osdx dnscrypt-proxy[95119]: dnscrypt-proxy 2.0.45
May 26 11:57:45.587644 osdx dnscrypt-proxy[95119]: Network connectivity detected
May 26 11:57:45.587840 osdx dnscrypt-proxy[95119]: Dropping privileges
May 26 11:57:45.589753 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:45.590747 osdx dnscrypt-proxy[95119]: Network connectivity detected
May 26 11:57:45.590779 osdx dnscrypt-proxy[95119]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:45.590783 osdx dnscrypt-proxy[95119]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:45.590805 osdx dnscrypt-proxy[95119]: Firefox workaround initialized
May 26 11:57:45.590808 osdx dnscrypt-proxy[95119]: Loading the set of cloaking rules from [/tmp/tmprk4t_gmf]
May 26 11:57:45.608860 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:45.736696 osdx dnscrypt-proxy[95119]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 26 11:57:45.736719 osdx dnscrypt-proxy[95119]: [RD] OK (DoH) - rtt: 116ms
May 26 11:57:45.736730 osdx dnscrypt-proxy[95119]: Server with the lowest initial latency: RD (rtt: 116ms)
May 26 11:57:45.736738 osdx dnscrypt-proxy[95119]: dnscrypt-proxy is ready - live servers: 1
May 26 11:57:45.759937 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 26 11:57:45.974202 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:45.977252 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:45.977318 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:45.985178 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:46.270846 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:46.348486 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:46.468509 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:46.530363 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:46.659868 osdx dnscrypt-proxy[95119]: Stopped.
May 26 11:57:46.659888 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:46.661261 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:46.661375 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:46.763690 osdx ca-certificates[95224]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:47.030615 osdx ca-certificates[95793]: done.
May 26 11:57:47.034356 osdx ca-certificates[95801]: Updating certificates in /etc/ssl/certs...
May 26 11:57:47.456514 osdx ca-certificates[96654]: 140 added, 0 removed; done.
May 26 11:57:47.459520 osdx ca-certificates[96660]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:47.463411 osdx ca-certificates[96662]: done.
May 26 11:57:47.494383 osdx INFO[96665]: FRR daemons did not change
May 26 11:57:47.494653 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:47.498099 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:47.522831 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:48.909064 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:48.968597 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:49.069347 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:49.134803 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:49.231030 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:49.331353 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:49.387570 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 26 11:57:49.488086 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 26 11:57:49.541033 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:49.656409 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:49.710012 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:49.832208 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:49.904825 osdx INFO[96706]: FRR daemons did not change
May 26 11:57:49.918422 osdx ca-certificates[96722]: Updating certificates in /etc/ssl/certs...
May 26 11:57:50.416828 osdx ca-certificates[97726]: 1 added, 0 removed; done.
May 26 11:57:50.419708 osdx ca-certificates[97732]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:50.422409 osdx ca-certificates[97734]: done.
May 26 11:57:50.441260 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:50.617663 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:50.619612 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:50.670747 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:50.672474 osdx dnscrypt-proxy[97800]: dnscrypt-proxy 2.0.45
May 26 11:57:50.672532 osdx dnscrypt-proxy[97800]: Network connectivity detected
May 26 11:57:50.672716 osdx dnscrypt-proxy[97800]: Dropping privileges
May 26 11:57:50.675234 osdx dnscrypt-proxy[97800]: Network connectivity detected
May 26 11:57:50.675261 osdx dnscrypt-proxy[97800]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:50.675265 osdx dnscrypt-proxy[97800]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:50.675283 osdx dnscrypt-proxy[97800]: Firefox workaround initialized
May 26 11:57:50.675286 osdx dnscrypt-proxy[97800]: Loading the set of cloaking rules from [/tmp/tmppvcmjh8l]
May 26 11:57:50.689349 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:50.812268 osdx dnscrypt-proxy[97800]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 26 11:57:50.812283 osdx dnscrypt-proxy[97800]: [RD] OK (DoH) - rtt: 115ms
May 26 11:57:50.812292 osdx dnscrypt-proxy[97800]: Server with the lowest initial latency: RD (rtt: 115ms)
May 26 11:57:50.812298 osdx dnscrypt-proxy[97800]: dnscrypt-proxy is ready - live servers: 1
May 26 11:57:50.837017 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 26 11:57:51.043521 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:51.045253 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:51.045319 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:51.055718 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:51.313628 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:51.375630 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:51.490786 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:51.568383 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:51.643028 osdx dnscrypt-proxy[97800]: Stopped.
May 26 11:57:51.643064 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:51.644192 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:51.644306 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:51.753139 osdx ca-certificates[97904]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:52.021731 osdx ca-certificates[98474]: done.
May 26 11:57:52.026520 osdx ca-certificates[98484]: Updating certificates in /etc/ssl/certs...
May 26 11:57:52.463445 osdx ca-certificates[99335]: 140 added, 0 removed; done.
May 26 11:57:52.466324 osdx ca-certificates[99341]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:52.469109 osdx ca-certificates[99343]: done.
May 26 11:57:52.498321 osdx INFO[99346]: FRR daemons did not change
May 26 11:57:52.498575 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:52.500909 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:52.520108 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:53.822431 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:53.885474 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:53.988350 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:54.058903 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:54.153942 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:54.259787 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:54.314687 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 26 11:57:54.419123 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 26 11:57:54.489680 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:54.612845 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:54.673083 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:54.796748 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:54.887715 osdx INFO[99387]: FRR daemons did not change
May 26 11:57:54.901011 osdx ca-certificates[99403]: Updating certificates in /etc/ssl/certs...
May 26 11:57:55.030823 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
May 26 11:57:55.413202 osdx ca-certificates[100408]: 1 added, 0 removed; done.
May 26 11:57:55.416258 osdx ca-certificates[100415]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:55.418917 osdx ca-certificates[100417]: done.
May 26 11:57:55.441257 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:57:55.605570 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:55.606879 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:55.627332 osdx dnscrypt-proxy[100483]: dnscrypt-proxy 2.0.45
May 26 11:57:55.627408 osdx dnscrypt-proxy[100483]: Network connectivity detected
May 26 11:57:55.627638 osdx dnscrypt-proxy[100483]: Dropping privileges
May 26 11:57:55.629909 osdx dnscrypt-proxy[100483]: Network connectivity detected
May 26 11:57:55.629940 osdx dnscrypt-proxy[100483]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:57:55.629944 osdx dnscrypt-proxy[100483]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:57:55.629963 osdx dnscrypt-proxy[100483]: Firefox workaround initialized
May 26 11:57:55.629967 osdx dnscrypt-proxy[100483]: Loading the set of cloaking rules from [/tmp/tmpc44n_zlc]
May 26 11:57:55.635769 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:55.655458 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:55.796055 osdx dnscrypt-proxy[100483]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 26 11:57:55.796083 osdx dnscrypt-proxy[100483]: [RD] OK (DoH) - rtt: 136ms
May 26 11:57:55.796094 osdx dnscrypt-proxy[100483]: Server with the lowest initial latency: RD (rtt: 136ms)
May 26 11:57:55.796100 osdx dnscrypt-proxy[100483]: dnscrypt-proxy is ready - live servers: 1
May 26 11:57:55.837365 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 26 11:57:56.046405 osdx systemd-journald[1847]: Runtime Journal (/run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8) is 2.0M, max 15.3M, 13.3M free.
May 26 11:57:56.049262 osdx systemd-journald[1847]: Received client request to rotate journal, rotating.
May 26 11:57:56.049323 osdx systemd-journald[1847]: Vacuuming done, freed 0B of archived journals from /run/log/journal/f6c1fe6bbcb147bb817825fa9dee7ff8.
May 26 11:57:56.056400 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'system journal clear'.
May 26 11:57:56.318286 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:56.408317 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'delete '.
May 26 11:57:56.479081 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 26 11:57:56.597822 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:57:56.664917 osdx dnscrypt-proxy[100483]: Stopped.
May 26 11:57:56.664949 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 26 11:57:56.666000 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 26 11:57:56.666106 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:57:56.761437 osdx ca-certificates[100587]: Clearing symlinks in /etc/ssl/certs...
May 26 11:57:57.026433 osdx ca-certificates[101156]: done.
May 26 11:57:57.030101 osdx ca-certificates[101164]: Updating certificates in /etc/ssl/certs...
May 26 11:57:57.524130 osdx ca-certificates[102016]: 140 added, 0 removed; done.
May 26 11:57:57.528292 osdx ca-certificates[102023]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:57:57.532577 osdx ca-certificates[102025]: done.
May 26 11:57:57.562917 osdx INFO[102028]: FRR daemons did not change
May 26 11:57:57.563221 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:57:57.566263 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:57:57.585705 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:57:58.938387 osdx OSDxCLI[29144]: User 'admin' entered the configuration menu.
May 26 11:57:59.018605 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 26 11:57:59.087697 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 26 11:57:59.196036 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 26 11:57:59.254240 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 26 11:57:59.393970 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
May 26 11:57:59.462668 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 26 11:57:59.563530 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 26 11:57:59.638644 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 26 11:57:59.763181 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 26 11:57:59.857700 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 26 11:57:59.992792 osdx OSDxCLI[29144]: User 'admin' added a new cfg line: 'show working'.
May 26 11:58:00.070439 osdx INFO[102069]: FRR daemons did not change
May 26 11:58:00.082967 osdx ca-certificates[102085]: Updating certificates in /etc/ssl/certs...
May 26 11:58:00.580250 osdx ca-certificates[103089]: 1 added, 0 removed; done.
May 26 11:58:00.583191 osdx ca-certificates[103095]: Running hooks in /etc/ca-certificates/update.d...
May 26 11:58:00.586067 osdx ca-certificates[103097]: done.
May 26 11:58:00.609254 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 26 11:58:00.805579 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 26 11:58:00.806679 osdx cfgd[1653]: [29144]Completed change to active configuration
May 26 11:58:00.829091 osdx dnscrypt-proxy[103163]: dnscrypt-proxy 2.0.45
May 26 11:58:00.829168 osdx dnscrypt-proxy[103163]: Network connectivity detected
May 26 11:58:00.829378 osdx dnscrypt-proxy[103163]: Dropping privileges
May 26 11:58:00.831800 osdx dnscrypt-proxy[103163]: Network connectivity detected
May 26 11:58:00.831835 osdx dnscrypt-proxy[103163]: Now listening to 127.0.0.1:53 [UDP]
May 26 11:58:00.831840 osdx dnscrypt-proxy[103163]: Now listening to 127.0.0.1:53 [TCP]
May 26 11:58:00.831867 osdx dnscrypt-proxy[103163]: Firefox workaround initialized
May 26 11:58:00.831872 osdx dnscrypt-proxy[103163]: Loading the set of cloaking rules from [/tmp/tmpchno7wja]
May 26 11:58:00.841934 osdx OSDxCLI[29144]: User 'admin' committed the configuration.
May 26 11:58:00.860593 osdx OSDxCLI[29144]: User 'admin' left the configuration menu.
May 26 11:58:00.967227 osdx dnscrypt-proxy[103163]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 26 11:58:00.967240 osdx dnscrypt-proxy[103163]: [RD] OK (DoH) - rtt: 108ms
May 26 11:58:00.967247 osdx dnscrypt-proxy[103163]: Server with the lowest initial latency: RD (rtt: 108ms)
May 26 11:58:00.967251 osdx dnscrypt-proxy[103163]: dnscrypt-proxy is ready - live servers: 1
May 26 11:58:01.037031 osdx OSDxCLI[29144]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---