Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 23 07:56:37.304246 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 07:56:37.304844 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:56:37.304887 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:56:37.313959 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:56:37.523819 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:56:37.756298 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:56:37.849540 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:56:37.933756 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:56:38.022328 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:56:38.146918 osdx INFO[143081]: FRR daemons did not change Jun 23 07:56:38.168829 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:56:38.269249 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:56:38.303246 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:56:38.321578 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:56:38.471350 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:56:38.671273 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:56:38.732847 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:56:38.832588 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:56:38.898545 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:56:38.994741 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:56:39.057547 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:56:39.154085 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 23 07:56:39.209997 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:56:39.325916 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:56:39.379868 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:56:39.503348 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:56:39.582982 osdx INFO[143200]: FRR daemons did not change Jun 23 07:56:39.598315 osdx ca-certificates[143216]: Updating certificates in /etc/ssl/certs... Jun 23 07:56:40.112674 osdx ubnt-cfgd[144214]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:56:40.122126 osdx ca-certificates[144220]: 1 added, 0 removed; done. Jun 23 07:56:40.125242 osdx ca-certificates[144226]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:56:40.128257 osdx ca-certificates[144228]: done. Jun 23 07:56:40.189258 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:56:40.190616 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:56:40.192995 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:56:40.221486 osdx dnscrypt-proxy[144232]: dnscrypt-proxy 2.0.45 Jun 23 07:56:40.221555 osdx dnscrypt-proxy[144232]: Network connectivity detected Jun 23 07:56:40.221744 osdx dnscrypt-proxy[144232]: Dropping privileges Jun 23 07:56:40.224002 osdx dnscrypt-proxy[144232]: Network connectivity detected Jun 23 07:56:40.224029 osdx dnscrypt-proxy[144232]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:56:40.224033 osdx dnscrypt-proxy[144232]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:56:40.224054 osdx dnscrypt-proxy[144232]: Firefox workaround initialized Jun 23 07:56:40.224058 osdx dnscrypt-proxy[144232]: Loading the set of cloaking rules from [/tmp/tmphtbh_z20] Jun 23 07:56:40.235013 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:56:40.369953 osdx dnscrypt-proxy[144232]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 23 07:56:40.369967 osdx dnscrypt-proxy[144232]: [RD] OK (DoH) - rtt: 123ms Jun 23 07:56:40.369975 osdx dnscrypt-proxy[144232]: Server with the lowest initial latency: RD (rtt: 123ms) Jun 23 07:56:40.369980 osdx dnscrypt-proxy[144232]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:56:40.403499 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 23 07:56:47.345290 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.3M, max 15.3M, 12.9M free. Jun 23 07:56:47.345909 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:56:47.345950 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:56:47.355812 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:56:47.578470 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:56:47.832569 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:56:47.907650 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:56:48.000338 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:56:48.070763 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:56:48.200301 osdx INFO[145863]: FRR daemons did not change Jun 23 07:56:48.221387 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:56:48.333072 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:56:48.366617 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:56:48.390790 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:56:48.542975 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:56:48.716960 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:56:48.783887 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:56:48.888159 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:56:49.023697 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:56:49.083182 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:56:49.185732 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:56:49.244404 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 23 07:56:49.348695 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:56:49.450844 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:56:49.504727 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:56:49.627017 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:56:49.708923 osdx INFO[145982]: FRR daemons did not change Jun 23 07:56:49.721357 osdx ca-certificates[145997]: Updating certificates in /etc/ssl/certs... Jun 23 07:56:50.223567 osdx ubnt-cfgd[146996]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:56:50.232769 osdx ca-certificates[147002]: 1 added, 0 removed; done. Jun 23 07:56:50.235670 osdx ca-certificates[147008]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:56:50.238418 osdx ca-certificates[147010]: done. Jun 23 07:56:50.309807 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:56:50.311280 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:56:50.313949 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:56:50.333257 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:56:50.342616 osdx dnscrypt-proxy[147014]: dnscrypt-proxy 2.0.45 Jun 23 07:56:50.342694 osdx dnscrypt-proxy[147014]: Network connectivity detected Jun 23 07:56:50.342931 osdx dnscrypt-proxy[147014]: Dropping privileges Jun 23 07:56:50.345643 osdx dnscrypt-proxy[147014]: Network connectivity detected Jun 23 07:56:50.345881 osdx dnscrypt-proxy[147014]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:56:50.345936 osdx dnscrypt-proxy[147014]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:56:50.346004 osdx dnscrypt-proxy[147014]: Firefox workaround initialized Jun 23 07:56:50.346055 osdx dnscrypt-proxy[147014]: Loading the set of cloaking rules from [/tmp/tmpurmnz90f] Jun 23 07:56:50.488101 osdx dnscrypt-proxy[147014]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 23 07:56:50.488118 osdx dnscrypt-proxy[147014]: [RD] OK (DoH) - rtt: 111ms Jun 23 07:56:50.488129 osdx dnscrypt-proxy[147014]: Server with the lowest initial latency: RD (rtt: 111ms) Jun 23 07:56:50.488135 osdx dnscrypt-proxy[147014]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:56:55.500177 osdx OSDxCLI[4485]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 23 07:56:57.601050 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 23 07:56:57.813505 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:56:57.817396 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:56:57.817471 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:56:57.824299 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:56:58.087265 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:56:58.144559 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:56:58.257921 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:56:58.319260 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:56:58.421005 osdx dnscrypt-proxy[147014]: Stopped. Jun 23 07:56:58.421013 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:56:58.422711 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:56:58.422832 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:56:58.542628 osdx ca-certificates[147105]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:56:58.822268 osdx ca-certificates[147676]: done. Jun 23 07:56:58.826325 osdx ca-certificates[147684]: Updating certificates in /etc/ssl/certs... Jun 23 07:56:59.267323 osdx ubnt-cfgd[148530]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:56:59.275319 osdx ca-certificates[148536]: 140 added, 0 removed; done. Jun 23 07:56:59.278741 osdx ca-certificates[148542]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:56:59.282554 osdx ca-certificates[148544]: done. Jun 23 07:56:59.312724 osdx INFO[148547]: FRR daemons did not change Jun 23 07:56:59.313167 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:56:59.315050 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:56:59.330878 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:00.596791 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:00.658783 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:00.758763 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:00.826268 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:00.929561 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:01.060020 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:01.165417 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 23 07:57:01.261470 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:01.391421 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:01.485554 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:01.564934 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:01.678524 osdx INFO[148588]: FRR daemons did not change Jun 23 07:57:01.691807 osdx ca-certificates[148604]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:02.191710 osdx ubnt-cfgd[149602]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:02.201527 osdx ca-certificates[149608]: 1 added, 0 removed; done. Jun 23 07:57:02.204647 osdx ca-certificates[149614]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:02.207411 osdx ca-certificates[149616]: done. Jun 23 07:57:02.225391 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:02.397683 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:02.399391 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:02.422221 osdx dnscrypt-proxy[149682]: dnscrypt-proxy 2.0.45 Jun 23 07:57:02.422299 osdx dnscrypt-proxy[149682]: Network connectivity detected Jun 23 07:57:02.422556 osdx dnscrypt-proxy[149682]: Dropping privileges Jun 23 07:57:02.425841 osdx dnscrypt-proxy[149682]: Network connectivity detected Jun 23 07:57:02.425875 osdx dnscrypt-proxy[149682]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:02.425880 osdx dnscrypt-proxy[149682]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:02.425903 osdx dnscrypt-proxy[149682]: Firefox workaround initialized Jun 23 07:57:02.425908 osdx dnscrypt-proxy[149682]: Loading the set of cloaking rules from [/tmp/tmpz7n7v9dh] Jun 23 07:57:02.427545 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:02.443549 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:02.573935 osdx dnscrypt-proxy[149682]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 23 07:57:02.574104 osdx dnscrypt-proxy[149682]: [RD] OK (DoH) - rtt: 118ms Jun 23 07:57:02.574169 osdx dnscrypt-proxy[149682]: Server with the lowest initial latency: RD (rtt: 118ms) Jun 23 07:57:02.574216 osdx dnscrypt-proxy[149682]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:57:02.616830 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 23 07:57:02.838322 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:02.841384 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:02.841456 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:02.848938 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:03.171875 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:03.265744 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:03.346563 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:03.480396 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:03.597856 osdx dnscrypt-proxy[149682]: Stopped. Jun 23 07:57:03.597884 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:03.599193 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:03.599310 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:03.709947 osdx ca-certificates[149786]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:04.012127 osdx ca-certificates[150354]: done. Jun 23 07:57:04.016048 osdx ca-certificates[150365]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:04.493890 osdx ubnt-cfgd[151210]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:04.504553 osdx ca-certificates[151215]: 140 added, 0 removed; done. Jun 23 07:57:04.508389 osdx ca-certificates[151222]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:04.511349 osdx ca-certificates[151224]: done. Jun 23 07:57:04.541714 osdx INFO[151227]: FRR daemons did not change Jun 23 07:57:04.542058 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:04.544237 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:04.562200 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:05.932444 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:05.995625 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:06.098786 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:06.176249 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:06.279049 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:06.383678 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:06.440917 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 23 07:57:06.537463 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:06.627394 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:06.713520 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:06.806384 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:06.915093 osdx INFO[151265]: FRR daemons did not change Jun 23 07:57:06.928862 osdx ca-certificates[151281]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:07.410785 osdx ubnt-cfgd[152279]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:07.419862 osdx ca-certificates[152285]: 1 added, 0 removed; done. Jun 23 07:57:07.422864 osdx ca-certificates[152291]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:07.425760 osdx ca-certificates[152293]: done. Jun 23 07:57:07.445393 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:07.637696 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:07.638907 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:07.676401 osdx dnscrypt-proxy[152359]: dnscrypt-proxy 2.0.45 Jun 23 07:57:07.676464 osdx dnscrypt-proxy[152359]: Network connectivity detected Jun 23 07:57:07.676662 osdx dnscrypt-proxy[152359]: Dropping privileges Jun 23 07:57:07.678824 osdx dnscrypt-proxy[152359]: Network connectivity detected Jun 23 07:57:07.678858 osdx dnscrypt-proxy[152359]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:07.678863 osdx dnscrypt-proxy[152359]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:07.678892 osdx dnscrypt-proxy[152359]: Firefox workaround initialized Jun 23 07:57:07.678897 osdx dnscrypt-proxy[152359]: Loading the set of cloaking rules from [/tmp/tmpjlbvifua] Jun 23 07:57:07.679632 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:07.708236 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:07.817646 osdx dnscrypt-proxy[152359]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:07.817666 osdx dnscrypt-proxy[152359]: [RD] OK (DoH) - rtt: 109ms Jun 23 07:57:07.817676 osdx dnscrypt-proxy[152359]: Server with the lowest initial latency: RD (rtt: 109ms) Jun 23 07:57:07.817682 osdx dnscrypt-proxy[152359]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:57:07.855171 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 23 07:57:15.356979 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:15.357543 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:15.357575 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:15.368516 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:15.604753 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:57:15.820248 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:15.900649 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:15.981228 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:16.054402 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:16.152880 osdx INFO[154009]: FRR daemons did not change Jun 23 07:57:16.177549 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:16.292381 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:16.321750 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:16.346007 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:16.495413 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:57:16.706933 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:16.769896 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:16.878728 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:16.944931 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:17.029110 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:17.090718 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:17.190538 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:17.245191 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:17.358890 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:17.413096 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:17.539207 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:17.622046 osdx INFO[154128]: FRR daemons did not change Jun 23 07:57:17.633433 osdx ca-certificates[154144]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:18.157066 osdx ubnt-cfgd[155142]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:18.164396 osdx ca-certificates[155148]: 1 added, 0 removed; done. Jun 23 07:57:18.168252 osdx ca-certificates[155154]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:18.172162 osdx ca-certificates[155156]: done. Jun 23 07:57:18.257881 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:18.259487 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:18.261772 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:18.278575 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:18.280817 osdx dnscrypt-proxy[155160]: dnscrypt-proxy 2.0.45 Jun 23 07:57:18.280895 osdx dnscrypt-proxy[155160]: Network connectivity detected Jun 23 07:57:18.281102 osdx dnscrypt-proxy[155160]: Dropping privileges Jun 23 07:57:18.283010 osdx dnscrypt-proxy[155160]: Network connectivity detected Jun 23 07:57:18.283210 osdx dnscrypt-proxy[155160]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:18.283259 osdx dnscrypt-proxy[155160]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:18.283321 osdx dnscrypt-proxy[155160]: Firefox workaround initialized Jun 23 07:57:18.283358 osdx dnscrypt-proxy[155160]: Loading the set of cloaking rules from [/tmp/tmpehysfarv] Jun 23 07:57:18.284244 osdx dnscrypt-proxy[155160]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 23 07:57:18.419796 osdx dnscrypt-proxy[155160]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:18.419809 osdx dnscrypt-proxy[155160]: [RD] OK (DoH) - rtt: 108ms Jun 23 07:57:18.419816 osdx dnscrypt-proxy[155160]: Server with the lowest initial latency: RD (rtt: 108ms) Jun 23 07:57:18.419821 osdx dnscrypt-proxy[155160]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 23 07:57:25.343816 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:25.346591 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:25.346662 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:25.355625 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:25.602668 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:57:25.885746 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:25.983673 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:26.076008 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:26.163293 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:26.275767 osdx INFO[156787]: FRR daemons did not change Jun 23 07:57:26.294591 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:26.400592 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:26.427405 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:26.457582 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:26.621295 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:57:26.798615 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:26.864483 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:26.989331 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:27.061831 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:27.146770 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:27.209092 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:27.311154 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:27.377974 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:27.501510 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:27.580817 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:27.652323 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:27.764506 osdx INFO[156906]: FRR daemons did not change Jun 23 07:57:27.778398 osdx ca-certificates[156922]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:28.269456 osdx ubnt-cfgd[157920]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:28.277628 osdx ca-certificates[157925]: 1 added, 0 removed; done. Jun 23 07:57:28.280739 osdx ca-certificates[157932]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:28.283521 osdx ca-certificates[157934]: done. Jun 23 07:57:28.359126 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:28.360788 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:28.362958 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:28.389350 osdx dnscrypt-proxy[157938]: dnscrypt-proxy 2.0.45 Jun 23 07:57:28.389726 osdx dnscrypt-proxy[157938]: Network connectivity detected Jun 23 07:57:28.390023 osdx dnscrypt-proxy[157938]: Dropping privileges Jun 23 07:57:28.393116 osdx dnscrypt-proxy[157938]: Network connectivity detected Jun 23 07:57:28.393154 osdx dnscrypt-proxy[157938]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:28.393158 osdx dnscrypt-proxy[157938]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:28.393183 osdx dnscrypt-proxy[157938]: Firefox workaround initialized Jun 23 07:57:28.393187 osdx dnscrypt-proxy[157938]: Loading the set of cloaking rules from [/tmp/tmp3c2_yuth] Jun 23 07:57:28.394144 osdx dnscrypt-proxy[157938]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 23 07:57:28.402694 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:28.551463 osdx dnscrypt-proxy[157938]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:28.551477 osdx dnscrypt-proxy[157938]: [RD] OK (DoH) - rtt: 122ms Jun 23 07:57:28.551485 osdx dnscrypt-proxy[157938]: Server with the lowest initial latency: RD (rtt: 122ms) Jun 23 07:57:28.551489 osdx dnscrypt-proxy[157938]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 23 07:57:28.652352 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:28.654580 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:28.654652 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:28.662804 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:28.979745 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:29.037906 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:29.151636 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:29.222302 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:29.340764 osdx dnscrypt-proxy[157938]: Stopped. Jun 23 07:57:29.340780 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:29.342010 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:29.342115 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:29.481540 osdx ca-certificates[158020]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:29.761121 osdx ca-certificates[158589]: done. Jun 23 07:57:29.764304 osdx ca-certificates[158598]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:30.226794 osdx ubnt-cfgd[159444]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:30.237387 osdx ca-certificates[159449]: 140 added, 0 removed; done. Jun 23 07:57:30.241305 osdx ca-certificates[159456]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:30.245559 osdx ca-certificates[159458]: done. Jun 23 07:57:30.278474 osdx INFO[159461]: FRR daemons did not change Jun 23 07:57:30.278962 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:30.281407 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:30.300568 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:31.623576 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:31.683201 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:31.794412 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:31.862064 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:32.008462 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:32.077459 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:32.177564 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 23 07:57:32.237667 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:32.370462 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:32.426949 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:32.530555 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:32.668789 osdx INFO[159499]: FRR daemons did not change Jun 23 07:57:32.681124 osdx ca-certificates[159515]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:33.181989 osdx ubnt-cfgd[160513]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:33.190327 osdx ca-certificates[160519]: 1 added, 0 removed; done. Jun 23 07:57:33.193149 osdx ca-certificates[160525]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:33.195917 osdx ca-certificates[160527]: done. Jun 23 07:57:33.218586 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:33.386820 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:33.387868 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:33.408012 osdx dnscrypt-proxy[160593]: dnscrypt-proxy 2.0.45 Jun 23 07:57:33.408361 osdx dnscrypt-proxy[160593]: Network connectivity detected Jun 23 07:57:33.408624 osdx dnscrypt-proxy[160593]: Dropping privileges Jun 23 07:57:33.410749 osdx dnscrypt-proxy[160593]: Network connectivity detected Jun 23 07:57:33.410777 osdx dnscrypt-proxy[160593]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:33.410781 osdx dnscrypt-proxy[160593]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:33.410801 osdx dnscrypt-proxy[160593]: Firefox workaround initialized Jun 23 07:57:33.410805 osdx dnscrypt-proxy[160593]: Loading the set of cloaking rules from [/tmp/tmpjiaxfv4i] Jun 23 07:57:33.411721 osdx dnscrypt-proxy[160593]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 23 07:57:33.414425 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:33.443659 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:33.562473 osdx dnscrypt-proxy[160593]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:33.562492 osdx dnscrypt-proxy[160593]: [RD] OK (DoH) - rtt: 123ms Jun 23 07:57:33.562501 osdx dnscrypt-proxy[160593]: Server with the lowest initial latency: RD (rtt: 123ms) Jun 23 07:57:33.562507 osdx dnscrypt-proxy[160593]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 23 07:57:33.703403 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:33.706584 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:33.706642 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:33.713291 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:33.963761 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:34.021733 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:34.132427 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:34.192604 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:34.293798 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:34.293946 osdx dnscrypt-proxy[160593]: Stopped. Jun 23 07:57:34.294630 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:34.294725 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:34.389529 osdx ca-certificates[160694]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:34.641938 osdx ca-certificates[161264]: done. Jun 23 07:57:34.645727 osdx ca-certificates[161273]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:35.066150 osdx ubnt-cfgd[162118]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:35.074347 osdx ca-certificates[162123]: 140 added, 0 removed; done. Jun 23 07:57:35.078186 osdx ca-certificates[162130]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:35.081236 osdx ca-certificates[162132]: done. Jun 23 07:57:35.110938 osdx INFO[162135]: FRR daemons did not change Jun 23 07:57:35.111338 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:35.113568 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:35.162643 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:36.406664 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:36.465284 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:36.565710 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:36.633460 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:36.727366 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:36.787128 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:36.884565 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:36.941445 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 23 07:57:37.036173 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:37.108542 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:37.195098 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:37.267252 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:37.371699 osdx INFO[162176]: FRR daemons did not change Jun 23 07:57:37.385630 osdx ca-certificates[162191]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:37.877168 osdx ubnt-cfgd[163190]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:37.885879 osdx ca-certificates[163195]: 1 added, 0 removed; done. Jun 23 07:57:37.889734 osdx ca-certificates[163202]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:37.892597 osdx ca-certificates[163204]: done. Jun 23 07:57:37.914596 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:38.082851 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:38.084280 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:38.127765 osdx dnscrypt-proxy[163270]: dnscrypt-proxy 2.0.45 Jun 23 07:57:38.127843 osdx dnscrypt-proxy[163270]: Network connectivity detected Jun 23 07:57:38.128093 osdx dnscrypt-proxy[163270]: Dropping privileges Jun 23 07:57:38.131198 osdx dnscrypt-proxy[163270]: Network connectivity detected Jun 23 07:57:38.131242 osdx dnscrypt-proxy[163270]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:38.131248 osdx dnscrypt-proxy[163270]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:38.131273 osdx dnscrypt-proxy[163270]: Firefox workaround initialized Jun 23 07:57:38.131278 osdx dnscrypt-proxy[163270]: Loading the set of cloaking rules from [/tmp/tmp6k_o0yr3] Jun 23 07:57:38.132283 osdx dnscrypt-proxy[163270]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 23 07:57:38.135777 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:38.153680 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:38.280276 osdx dnscrypt-proxy[163270]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:38.280424 osdx dnscrypt-proxy[163270]: [RD] OK (DoH) - rtt: 115ms Jun 23 07:57:38.280468 osdx dnscrypt-proxy[163270]: Server with the lowest initial latency: RD (rtt: 115ms) Jun 23 07:57:38.280507 osdx dnscrypt-proxy[163270]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 23 07:57:44.334510 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:44.336669 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:44.336733 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:44.344976 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:44.596102 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 07:57:44.857935 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:44.950247 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:45.037014 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:45.112054 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:45.222549 osdx INFO[164916]: FRR daemons did not change Jun 23 07:57:45.244675 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:45.377158 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:45.409352 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:45.444716 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:45.586937 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 07:57:45.843042 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:45.929494 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:46.059357 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:46.138045 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:46.290225 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:46.381350 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:46.508074 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:46.585388 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 23 07:57:46.690232 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:46.793131 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:46.858686 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:46.985436 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:47.072982 osdx INFO[165038]: FRR daemons did not change Jun 23 07:57:47.086598 osdx ca-certificates[165054]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:47.641305 osdx ubnt-cfgd[166052]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:47.651138 osdx ca-certificates[166057]: 1 added, 0 removed; done. Jun 23 07:57:47.654543 osdx ca-certificates[166064]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:47.657545 osdx ca-certificates[166066]: done. Jun 23 07:57:47.749000 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:47.751240 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:47.753629 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:47.770818 osdx dnscrypt-proxy[166070]: dnscrypt-proxy 2.0.45 Jun 23 07:57:47.770891 osdx dnscrypt-proxy[166070]: Network connectivity detected Jun 23 07:57:47.771136 osdx dnscrypt-proxy[166070]: Dropping privileges Jun 23 07:57:47.773400 osdx dnscrypt-proxy[166070]: Network connectivity detected Jun 23 07:57:47.773426 osdx dnscrypt-proxy[166070]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:47.773430 osdx dnscrypt-proxy[166070]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:47.773449 osdx dnscrypt-proxy[166070]: Firefox workaround initialized Jun 23 07:57:47.773453 osdx dnscrypt-proxy[166070]: Loading the set of cloaking rules from [/tmp/tmpqraq9js7] Jun 23 07:57:47.786103 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:47.911522 osdx dnscrypt-proxy[166070]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 23 07:57:47.911541 osdx dnscrypt-proxy[166070]: [RD] OK (DoH) - rtt: 113ms Jun 23 07:57:47.911548 osdx dnscrypt-proxy[166070]: Server with the lowest initial latency: RD (rtt: 113ms) Jun 23 07:57:47.911552 osdx dnscrypt-proxy[166070]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:57:47.992367 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 23 07:57:48.229392 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:48.232668 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:48.232743 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:48.240008 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:48.499276 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:48.557702 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:48.676333 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:48.739956 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:48.839199 osdx dnscrypt-proxy[166070]: Stopped. Jun 23 07:57:48.839240 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:48.840177 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:48.840270 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:48.941933 osdx ca-certificates[166154]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:49.227460 osdx ca-certificates[166724]: done. Jun 23 07:57:49.230593 osdx ca-certificates[166733]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:49.675191 osdx ubnt-cfgd[167579]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:49.684457 osdx ca-certificates[167585]: 140 added, 0 removed; done. Jun 23 07:57:49.687399 osdx ca-certificates[167591]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:49.690100 osdx ca-certificates[167593]: done. Jun 23 07:57:49.720064 osdx INFO[167596]: FRR daemons did not change Jun 23 07:57:49.720300 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:49.722749 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:49.760953 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:51.026211 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:51.111831 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:51.212258 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:51.277551 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:51.373466 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:51.434610 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:51.532813 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:51.590064 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 23 07:57:51.734854 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:51.813788 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:51.900232 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:51.970512 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:52.080897 osdx INFO[167637]: FRR daemons did not change Jun 23 07:57:52.093598 osdx ca-certificates[167652]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:52.614546 osdx ubnt-cfgd[168651]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:52.623540 osdx ca-certificates[168656]: 1 added, 0 removed; done. Jun 23 07:57:52.627669 osdx ca-certificates[168663]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:52.630482 osdx ca-certificates[168665]: done. Jun 23 07:57:52.652672 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:52.837037 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:52.838694 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:52.863098 osdx dnscrypt-proxy[168731]: dnscrypt-proxy 2.0.45 Jun 23 07:57:52.863181 osdx dnscrypt-proxy[168731]: Network connectivity detected Jun 23 07:57:52.863441 osdx dnscrypt-proxy[168731]: Dropping privileges Jun 23 07:57:52.866088 osdx dnscrypt-proxy[168731]: Network connectivity detected Jun 23 07:57:52.866122 osdx dnscrypt-proxy[168731]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:52.866131 osdx dnscrypt-proxy[168731]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:52.866168 osdx dnscrypt-proxy[168731]: Firefox workaround initialized Jun 23 07:57:52.866173 osdx dnscrypt-proxy[168731]: Loading the set of cloaking rules from [/tmp/tmp2zz2u8dr] Jun 23 07:57:52.871818 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:52.890513 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:53.006912 osdx dnscrypt-proxy[168731]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 23 07:57:53.006927 osdx dnscrypt-proxy[168731]: [RD] OK (DoH) - rtt: 115ms Jun 23 07:57:53.006934 osdx dnscrypt-proxy[168731]: Server with the lowest initial latency: RD (rtt: 115ms) Jun 23 07:57:53.006938 osdx dnscrypt-proxy[168731]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:57:53.084545 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 23 07:57:53.326986 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:53.328669 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:53.328730 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:53.336749 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:53.644869 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:53.726548 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:53.859579 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:53.923855 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:54.040258 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:54.040432 osdx dnscrypt-proxy[168731]: Stopped. Jun 23 07:57:54.041529 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:54.041634 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:54.158690 osdx ca-certificates[168836]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:54.456435 osdx ca-certificates[169406]: done. Jun 23 07:57:54.459244 osdx ca-certificates[169416]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:54.932756 osdx ubnt-cfgd[170260]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:54.943209 osdx ca-certificates[170266]: 140 added, 0 removed; done. Jun 23 07:57:54.946358 osdx ca-certificates[170272]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:54.949345 osdx ca-certificates[170274]: done. Jun 23 07:57:54.990646 osdx INFO[170277]: FRR daemons did not change Jun 23 07:57:54.991094 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:54.992977 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:55.020116 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:56.532028 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:56.630800 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:57:56.766949 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:57:56.844166 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:57:56.956770 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:57:57.067862 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:57:57.125629 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 23 07:57:57.230517 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 23 07:57:57.283872 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:57:57.402091 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:57:57.458248 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:57:57.576292 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:57.660440 osdx INFO[170318]: FRR daemons did not change Jun 23 07:57:57.673086 osdx ca-certificates[170334]: Updating certificates in /etc/ssl/certs... Jun 23 07:57:58.181270 osdx ubnt-cfgd[171332]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:57:58.188985 osdx ca-certificates[171338]: 1 added, 0 removed; done. Jun 23 07:57:58.192997 osdx ca-certificates[171344]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:57:58.196661 osdx ca-certificates[171346]: done. Jun 23 07:57:58.220672 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:57:58.400957 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:58.402084 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:57:58.424626 osdx dnscrypt-proxy[171412]: dnscrypt-proxy 2.0.45 Jun 23 07:57:58.424693 osdx dnscrypt-proxy[171412]: Network connectivity detected Jun 23 07:57:58.424891 osdx dnscrypt-proxy[171412]: Dropping privileges Jun 23 07:57:58.427211 osdx dnscrypt-proxy[171412]: Network connectivity detected Jun 23 07:57:58.427236 osdx dnscrypt-proxy[171412]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:57:58.427240 osdx dnscrypt-proxy[171412]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:57:58.427262 osdx dnscrypt-proxy[171412]: Firefox workaround initialized Jun 23 07:57:58.427266 osdx dnscrypt-proxy[171412]: Loading the set of cloaking rules from [/tmp/tmpszwdoqc5] Jun 23 07:57:58.428680 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:57:58.445973 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:57:58.568367 osdx dnscrypt-proxy[171412]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:57:58.568384 osdx dnscrypt-proxy[171412]: [RD] OK (DoH) - rtt: 116ms Jun 23 07:57:58.568394 osdx dnscrypt-proxy[171412]: Server with the lowest initial latency: RD (rtt: 116ms) Jun 23 07:57:58.568399 osdx dnscrypt-proxy[171412]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:57:58.591180 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 23 07:57:58.798808 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:57:58.800669 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:57:58.800709 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:57:58.809401 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:57:59.059441 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:57:59.116997 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:57:59.228486 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:57:59.288298 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:57:59.390619 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:57:59.390632 osdx dnscrypt-proxy[171412]: Stopped. Jun 23 07:57:59.391632 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:57:59.391726 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:57:59.495452 osdx ca-certificates[171517]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:57:59.750834 osdx ca-certificates[172086]: done. Jun 23 07:57:59.754357 osdx ca-certificates[172097]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:00.147448 osdx ubnt-cfgd[172941]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:00.155104 osdx ca-certificates[172947]: 140 added, 0 removed; done. Jun 23 07:58:00.157884 osdx ca-certificates[172953]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:00.160735 osdx ca-certificates[172955]: done. Jun 23 07:58:00.189134 osdx INFO[172958]: FRR daemons did not change Jun 23 07:58:00.189579 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:00.191639 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:00.207061 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:01.471774 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:58:01.531881 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:58:01.631222 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:58:01.697575 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:58:01.794094 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:58:01.895011 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:58:01.953860 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 23 07:58:02.065376 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 23 07:58:02.120905 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:58:02.236466 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:58:02.292077 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:58:02.420789 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:58:02.508053 osdx INFO[173002]: FRR daemons did not change Jun 23 07:58:02.521093 osdx ca-certificates[173018]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:03.009859 osdx ubnt-cfgd[174016]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:03.019333 osdx ca-certificates[174022]: 1 added, 0 removed; done. Jun 23 07:58:03.022370 osdx ca-certificates[174028]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:03.025055 osdx ca-certificates[174030]: done. Jun 23 07:58:03.044677 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:58:03.200924 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:58:03.201873 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:03.241528 osdx dnscrypt-proxy[174096]: dnscrypt-proxy 2.0.45 Jun 23 07:58:03.241613 osdx dnscrypt-proxy[174096]: Network connectivity detected Jun 23 07:58:03.241914 osdx dnscrypt-proxy[174096]: Dropping privileges Jun 23 07:58:03.244417 osdx dnscrypt-proxy[174096]: Network connectivity detected Jun 23 07:58:03.244448 osdx dnscrypt-proxy[174096]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:58:03.244453 osdx dnscrypt-proxy[174096]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:58:03.244475 osdx dnscrypt-proxy[174096]: Firefox workaround initialized Jun 23 07:58:03.244479 osdx dnscrypt-proxy[174096]: Loading the set of cloaking rules from [/tmp/tmp8_asghfu] Jun 23 07:58:03.245688 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:03.267343 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:03.395877 osdx dnscrypt-proxy[174096]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 23 07:58:03.395900 osdx dnscrypt-proxy[174096]: [RD] OK (DoH) - rtt: 122ms Jun 23 07:58:03.395910 osdx dnscrypt-proxy[174096]: Server with the lowest initial latency: RD (rtt: 122ms) Jun 23 07:58:03.395915 osdx dnscrypt-proxy[174096]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:58:03.416260 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 23 07:58:03.612789 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:58:03.616665 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:58:03.616724 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:58:03.623951 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:58:03.883513 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:58:03.956590 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:58:04.071402 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:58:04.132940 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:58:04.256358 osdx dnscrypt-proxy[174096]: Stopped. Jun 23 07:58:04.256401 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:58:04.257024 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:58:04.257128 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:58:04.370322 osdx ca-certificates[174201]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:58:04.647513 osdx ca-certificates[174770]: done. Jun 23 07:58:04.651354 osdx ca-certificates[174779]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:05.127475 osdx ubnt-cfgd[175625]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:05.135533 osdx ca-certificates[175631]: 140 added, 0 removed; done. Jun 23 07:58:05.138313 osdx ca-certificates[175637]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:05.141588 osdx ca-certificates[175639]: done. Jun 23 07:58:05.173118 osdx INFO[175642]: FRR daemons did not change Jun 23 07:58:05.173600 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:05.175677 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:05.203181 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:06.560927 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:58:06.636809 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:58:06.748091 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:58:06.815875 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:58:06.911479 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:58:06.974735 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:58:07.073569 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 23 07:58:07.135645 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 23 07:58:07.270899 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:58:07.357538 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:58:07.451208 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:58:07.545273 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:58:07.639917 osdx INFO[175684]: FRR daemons did not change Jun 23 07:58:07.654968 osdx ca-certificates[175700]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:08.194100 osdx ubnt-cfgd[176698]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:08.202554 osdx ca-certificates[176704]: 1 added, 0 removed; done. Jun 23 07:58:08.205339 osdx ca-certificates[176710]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:08.208646 osdx ca-certificates[176712]: done. Jun 23 07:58:08.232674 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:58:08.429116 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:58:08.430643 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:08.457219 osdx dnscrypt-proxy[176778]: dnscrypt-proxy 2.0.45 Jun 23 07:58:08.457296 osdx dnscrypt-proxy[176778]: Network connectivity detected Jun 23 07:58:08.457528 osdx dnscrypt-proxy[176778]: Dropping privileges Jun 23 07:58:08.460324 osdx dnscrypt-proxy[176778]: Network connectivity detected Jun 23 07:58:08.460360 osdx dnscrypt-proxy[176778]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:58:08.460376 osdx dnscrypt-proxy[176778]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:58:08.460402 osdx dnscrypt-proxy[176778]: Firefox workaround initialized Jun 23 07:58:08.460407 osdx dnscrypt-proxy[176778]: Loading the set of cloaking rules from [/tmp/tmpcn_wslwt] Jun 23 07:58:08.467018 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:08.501980 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:08.625371 osdx dnscrypt-proxy[176778]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 23 07:58:08.625389 osdx dnscrypt-proxy[176778]: [RD] OK (DoH) - rtt: 135ms Jun 23 07:58:08.625397 osdx dnscrypt-proxy[176778]: Server with the lowest initial latency: RD (rtt: 135ms) Jun 23 07:58:08.625403 osdx dnscrypt-proxy[176778]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:58:08.680878 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 23 07:58:08.900005 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 07:58:08.900684 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 07:58:08.900736 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 07:58:08.910645 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'system journal clear'. Jun 23 07:58:09.208541 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:58:09.265611 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'delete '. Jun 23 07:58:09.382688 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 23 07:58:09.446246 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:58:09.552502 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 23 07:58:09.552520 osdx dnscrypt-proxy[176778]: Stopped. Jun 23 07:58:09.553665 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 23 07:58:09.553786 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:58:09.657817 osdx ca-certificates[176884]: Clearing symlinks in /etc/ssl/certs... Jun 23 07:58:09.911167 osdx ca-certificates[177453]: done. Jun 23 07:58:09.913798 osdx ca-certificates[177462]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:10.318977 osdx ubnt-cfgd[178308]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:10.327056 osdx ca-certificates[178313]: 140 added, 0 removed; done. Jun 23 07:58:10.329865 osdx ca-certificates[178320]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:10.332698 osdx ca-certificates[178322]: done. Jun 23 07:58:10.361789 osdx INFO[178325]: FRR daemons did not change Jun 23 07:58:10.362059 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:10.364204 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:10.379813 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:11.724786 osdx OSDxCLI[4485]: User 'admin' entered the configuration menu. Jun 23 07:58:11.786040 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 23 07:58:11.898057 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 23 07:58:11.972115 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 23 07:58:12.079509 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 23 07:58:12.185985 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 23 07:58:12.243468 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 23 07:58:12.341628 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 23 07:58:12.395262 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 23 07:58:12.515136 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 23 07:58:12.584415 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 23 07:58:12.709148 osdx OSDxCLI[4485]: User 'admin' added a new cfg line: 'show working'. Jun 23 07:58:12.791143 osdx INFO[178366]: FRR daemons did not change Jun 23 07:58:12.802575 osdx ca-certificates[178381]: Updating certificates in /etc/ssl/certs... Jun 23 07:58:13.284901 osdx ubnt-cfgd[179380]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 23 07:58:13.295461 osdx ca-certificates[179386]: 1 added, 0 removed; done. Jun 23 07:58:13.298469 osdx ca-certificates[179392]: Running hooks in /etc/ca-certificates/update.d... Jun 23 07:58:13.301494 osdx ca-certificates[179394]: done. Jun 23 07:58:13.320671 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 07:58:13.501045 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 23 07:58:13.503118 osdx cfgd[1453]: [4485]Completed change to active configuration Jun 23 07:58:13.527252 osdx dnscrypt-proxy[179460]: dnscrypt-proxy 2.0.45 Jun 23 07:58:13.527545 osdx dnscrypt-proxy[179460]: Network connectivity detected Jun 23 07:58:13.527773 osdx dnscrypt-proxy[179460]: Dropping privileges Jun 23 07:58:13.529798 osdx dnscrypt-proxy[179460]: Network connectivity detected Jun 23 07:58:13.529981 osdx dnscrypt-proxy[179460]: Now listening to 127.0.0.1:53 [UDP] Jun 23 07:58:13.530018 osdx dnscrypt-proxy[179460]: Now listening to 127.0.0.1:53 [TCP] Jun 23 07:58:13.530061 osdx dnscrypt-proxy[179460]: Firefox workaround initialized Jun 23 07:58:13.530085 osdx dnscrypt-proxy[179460]: Loading the set of cloaking rules from [/tmp/tmpu4zxtxll] Jun 23 07:58:13.535308 osdx OSDxCLI[4485]: User 'admin' committed the configuration. Jun 23 07:58:13.566173 osdx OSDxCLI[4485]: User 'admin' left the configuration menu. Jun 23 07:58:13.666560 osdx dnscrypt-proxy[179460]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 23 07:58:13.666581 osdx dnscrypt-proxy[179460]: [RD] OK (DoH) - rtt: 113ms Jun 23 07:58:13.666592 osdx dnscrypt-proxy[179460]: Server with the lowest initial latency: RD (rtt: 113ms) Jun 23 07:58:13.666599 osdx dnscrypt-proxy[179460]: dnscrypt-proxy is ready - live servers: 1 Jun 23 07:58:13.708263 osdx OSDxCLI[4485]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.