Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 19 17:18:52.434390 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free.
Feb 19 17:18:52.435395 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:18:52.435463 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:18:52.453287 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:18:53.261733 osdx osdx-coredump[175436]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 17:18:53.275164 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 17:18:54.249979 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:18:54.410019 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:18:54.519418 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:18:54.675439 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:18:54.812757 osdx INFO[175460]: FRR daemons did not change
Feb 19 17:18:54.842682 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:18:55.047040 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:18:55.092988 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:18:55.136664 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:18:55.339652 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 19 17:18:55.600587 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:18:55.741384 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:18:55.873845 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:18:56.046117 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:18:56.185597 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:18:56.340166 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:18:56.502150 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 19 17:18:56.615012 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:18:56.811180 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:18:56.956991 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:18:57.129341 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:18:57.275816 osdx INFO[175583]: FRR daemons did not change
Feb 19 17:18:57.302158 osdx ca-certificates[175599]: Updating certificates in /etc/ssl/certs...
Feb 19 17:18:58.161196 osdx ca-certificates[176603]: 1 added, 0 removed; done.
Feb 19 17:18:58.165973 osdx ca-certificates[176609]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:18:58.171322 osdx ca-certificates[176611]: done.
Feb 19 17:18:58.285488 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:18:58.291054 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:18:58.299698 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:18:58.330422 osdx dnscrypt-proxy[176615]: dnscrypt-proxy 2.0.45
Feb 19 17:18:58.330539 osdx dnscrypt-proxy[176615]: Network connectivity detected
Feb 19 17:18:58.330925 osdx dnscrypt-proxy[176615]: Dropping privileges
Feb 19 17:18:58.336393 osdx dnscrypt-proxy[176615]: Network connectivity detected
Feb 19 17:18:58.336926 osdx dnscrypt-proxy[176615]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:18:58.337017 osdx dnscrypt-proxy[176615]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:18:58.337136 osdx dnscrypt-proxy[176615]: Firefox workaround initialized
Feb 19 17:18:58.337220 osdx dnscrypt-proxy[176615]: Loading the set of cloaking rules from [/tmp/tmpmw7ffn7n]
Feb 19 17:18:58.344173 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:18:58.460857 osdx dnscrypt-proxy[176615]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 19 17:18:58.460901 osdx dnscrypt-proxy[176615]: [RD] OK (DoH) - rtt: 77ms
Feb 19 17:18:58.460917 osdx dnscrypt-proxy[176615]: Server with the lowest initial latency: RD (rtt: 77ms)
Feb 19 17:18:58.460927 osdx dnscrypt-proxy[176615]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:18:58.565422 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 19 17:19:10.490861 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:19:10.493655 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:19:10.493746 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:19:10.516322 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:19:11.182905 osdx osdx-coredump[178249]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 17:19:11.196963 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 17:19:12.029553 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:12.179748 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:12.285387 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:12.476015 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:12.600912 osdx INFO[178273]: FRR daemons did not change
Feb 19 17:19:12.633659 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:19:12.852658 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:12.895565 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:12.932978 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:13.159611 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 19 17:19:13.501582 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:13.679345 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:19:13.825502 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:19:13.955117 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:19:14.113839 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:19:14.270537 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:19:14.467581 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 19 17:19:14.647011 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:19:14.876076 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:15.021116 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:15.213300 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:15.394954 osdx INFO[178396]: FRR daemons did not change
Feb 19 17:19:15.419392 osdx ca-certificates[178412]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:16.775037 osdx ca-certificates[179416]: 1 added, 0 removed; done.
Feb 19 17:19:16.781147 osdx ca-certificates[179422]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:16.787225 osdx ca-certificates[179424]: done.
Feb 19 17:19:16.902540 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:16.919378 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:16.925413 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:16.946001 osdx dnscrypt-proxy[179428]: dnscrypt-proxy 2.0.45
Feb 19 17:19:16.946948 osdx dnscrypt-proxy[179428]: Network connectivity detected
Feb 19 17:19:16.947706 osdx dnscrypt-proxy[179428]: Dropping privileges
Feb 19 17:19:16.952886 osdx dnscrypt-proxy[179428]: Network connectivity detected
Feb 19 17:19:16.952950 osdx dnscrypt-proxy[179428]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:19:16.952960 osdx dnscrypt-proxy[179428]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:19:16.953006 osdx dnscrypt-proxy[179428]: Firefox workaround initialized
Feb 19 17:19:16.953040 osdx dnscrypt-proxy[179428]: Loading the set of cloaking rules from [/tmp/tmpp_hs3uzg]
Feb 19 17:19:16.991083 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:17.104397 osdx dnscrypt-proxy[179428]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 19 17:19:17.104451 osdx dnscrypt-proxy[179428]: [RD] OK (DoH) - rtt: 75ms
Feb 19 17:19:17.104464 osdx dnscrypt-proxy[179428]: Server with the lowest initial latency: RD (rtt: 75ms)
Feb 19 17:19:17.104477 osdx dnscrypt-proxy[179428]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:19:17.249937 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 19 17:19:17.609861 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:19:17.613666 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:19:17.613872 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:19:17.629415 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:19:18.094146 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:18.197909 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:19:18.357551 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:19:18.493940 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:18.620577 osdx dnscrypt-proxy[179428]: Stopped.
Feb 19 17:19:18.621784 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:19:18.622783 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:19:18.622966 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:18.853894 osdx ca-certificates[179519]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:19:19.514898 osdx ca-certificates[180089]: done.
Feb 19 17:19:19.520934 osdx ca-certificates[180102]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:20.529877 osdx ca-certificates[180951]: 140 added, 0 removed; done.
Feb 19 17:19:20.535872 osdx ca-certificates[180956]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:20.543849 osdx ca-certificates[180958]: done.
Feb 19 17:19:20.602653 osdx INFO[180961]: FRR daemons did not change
Feb 19 17:19:20.603115 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:20.606396 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:20.652831 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:22.549622 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:22.714741 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:19:22.851551 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:19:23.009600 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:19:23.108820 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:19:23.267495 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:19:23.374693 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 19 17:19:23.494610 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:19:23.635928 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:23.733137 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:23.890759 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:24.038226 osdx INFO[181003]: FRR daemons did not change
Feb 19 17:19:24.058751 osdx ca-certificates[181019]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:25.031919 osdx ca-certificates[182022]: 1 added, 0 removed; done.
Feb 19 17:19:25.039975 osdx ca-certificates[182029]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:25.049882 osdx ca-certificates[182031]: done.
Feb 19 17:19:25.089657 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:19:25.414330 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:25.416851 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:25.452176 osdx dnscrypt-proxy[182097]: dnscrypt-proxy 2.0.45
Feb 19 17:19:25.452716 osdx dnscrypt-proxy[182097]: Network connectivity detected
Feb 19 17:19:25.453116 osdx dnscrypt-proxy[182097]: Dropping privileges
Feb 19 17:19:25.458628 osdx dnscrypt-proxy[182097]: Network connectivity detected
Feb 19 17:19:25.458683 osdx dnscrypt-proxy[182097]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:19:25.458692 osdx dnscrypt-proxy[182097]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:19:25.458731 osdx dnscrypt-proxy[182097]: Firefox workaround initialized
Feb 19 17:19:25.458739 osdx dnscrypt-proxy[182097]: Loading the set of cloaking rules from [/tmp/tmpnr687uxi]
Feb 19 17:19:25.490870 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:25.554815 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:25.654529 osdx dnscrypt-proxy[182097]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 19 17:19:25.654556 osdx dnscrypt-proxy[182097]: [RD] OK (DoH) - rtt: 88ms
Feb 19 17:19:25.654569 osdx dnscrypt-proxy[182097]: Server with the lowest initial latency: RD (rtt: 88ms)
Feb 19 17:19:25.654578 osdx dnscrypt-proxy[182097]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:19:25.787693 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 19 17:19:26.159976 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:19:26.161679 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:19:26.161747 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:19:26.178403 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:19:26.719948 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:26.851076 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:19:27.033625 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:19:27.214251 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:27.376660 osdx dnscrypt-proxy[182097]: Stopped.
Feb 19 17:19:27.376779 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:19:27.378052 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:19:27.378278 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:27.619659 osdx ca-certificates[182205]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:19:28.195878 osdx ca-certificates[182775]: done.
Feb 19 17:19:28.198799 osdx ca-certificates[182783]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:29.312345 osdx ca-certificates[183636]: 140 added, 0 removed; done.
Feb 19 17:19:29.318829 osdx ca-certificates[183643]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:29.325280 osdx ca-certificates[183645]: done.
Feb 19 17:19:29.385893 osdx INFO[183648]: FRR daemons did not change
Feb 19 17:19:29.386393 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:29.390260 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:29.446210 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:31.556763 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:31.696874 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:19:31.852248 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:19:31.999517 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:19:32.147147 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:19:32.278028 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:19:32.388416 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 19 17:19:32.501579 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:19:32.654079 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:32.757142 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:32.908168 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:33.047753 osdx INFO[183690]: FRR daemons did not change
Feb 19 17:19:33.066338 osdx ca-certificates[183705]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:34.122074 osdx ca-certificates[184709]: 1 added, 0 removed; done.
Feb 19 17:19:34.128484 osdx ca-certificates[184716]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:34.134944 osdx ca-certificates[184718]: done.
Feb 19 17:19:34.165663 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:19:34.485227 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:34.497963 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:34.566652 osdx dnscrypt-proxy[184784]: dnscrypt-proxy 2.0.45
Feb 19 17:19:34.566753 osdx dnscrypt-proxy[184784]: Network connectivity detected
Feb 19 17:19:34.567154 osdx dnscrypt-proxy[184784]: Dropping privileges
Feb 19 17:19:34.579829 osdx dnscrypt-proxy[184784]: Network connectivity detected
Feb 19 17:19:34.579890 osdx dnscrypt-proxy[184784]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:19:34.579899 osdx dnscrypt-proxy[184784]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:19:34.579947 osdx dnscrypt-proxy[184784]: Firefox workaround initialized
Feb 19 17:19:34.579957 osdx dnscrypt-proxy[184784]: Loading the set of cloaking rules from [/tmp/tmpoyihd6ak]
Feb 19 17:19:34.580371 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:34.649280 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:34.727025 osdx dnscrypt-proxy[184784]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:19:34.727050 osdx dnscrypt-proxy[184784]: [RD] OK (DoH) - rtt: 56ms
Feb 19 17:19:34.727064 osdx dnscrypt-proxy[184784]: Server with the lowest initial latency: RD (rtt: 56ms)
Feb 19 17:19:34.727072 osdx dnscrypt-proxy[184784]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:19:34.904182 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 19 17:19:47.757793 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 3.8M, max 15.3M, 11.5M free.
Feb 19 17:19:47.760510 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:19:47.760635 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:19:47.806950 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:19:48.617159 osdx osdx-coredump[186435]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 17:19:48.635862 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 17:19:49.546245 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:49.715762 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:49.825658 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:50.072310 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:50.250834 osdx INFO[186459]: FRR daemons did not change
Feb 19 17:19:50.296544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:19:50.521747 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:50.578415 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:50.638145 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:50.905839 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 19 17:19:51.196716 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:19:51.326875 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:19:51.462971 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:19:51.632503 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:19:51.778919 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:19:51.930623 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:19:52.067076 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:19:52.175603 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:19:52.336754 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:19:52.455602 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:19:52.675951 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:19:52.862171 osdx INFO[186582]: FRR daemons did not change
Feb 19 17:19:52.889685 osdx ca-certificates[186597]: Updating certificates in /etc/ssl/certs...
Feb 19 17:19:54.167394 osdx ca-certificates[187602]: 1 added, 0 removed; done.
Feb 19 17:19:54.178520 osdx ca-certificates[187606]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:19:54.185200 osdx ca-certificates[187610]: done.
Feb 19 17:19:54.299035 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:19:54.301455 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:19:54.306898 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:19:54.343358 osdx dnscrypt-proxy[187614]: dnscrypt-proxy 2.0.45
Feb 19 17:19:54.343459 osdx dnscrypt-proxy[187614]: Network connectivity detected
Feb 19 17:19:54.343762 osdx dnscrypt-proxy[187614]: Dropping privileges
Feb 19 17:19:54.347737 osdx dnscrypt-proxy[187614]: Network connectivity detected
Feb 19 17:19:54.347791 osdx dnscrypt-proxy[187614]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:19:54.347800 osdx dnscrypt-proxy[187614]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:19:54.347843 osdx dnscrypt-proxy[187614]: Firefox workaround initialized
Feb 19 17:19:54.347851 osdx dnscrypt-proxy[187614]: Loading the set of cloaking rules from [/tmp/tmpxc6dzsek]
Feb 19 17:19:54.349069 osdx dnscrypt-proxy[187614]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 19 17:19:54.357488 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:19:54.522661 osdx dnscrypt-proxy[187614]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:19:54.522855 osdx dnscrypt-proxy[187614]: [RD] OK (DoH) - rtt: 122ms
Feb 19 17:19:54.522939 osdx dnscrypt-proxy[187614]: Server with the lowest initial latency: RD (rtt: 122ms)
Feb 19 17:19:54.523024 osdx dnscrypt-proxy[187614]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 19 17:20:07.429400 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.3M, max 15.3M, 13.0M free.
Feb 19 17:20:07.431525 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:20:07.431605 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:20:07.448060 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:20:08.149160 osdx osdx-coredump[189242]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 17:20:08.161063 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 17:20:09.041860 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:09.178754 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:09.281172 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:09.407130 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:09.521282 osdx INFO[189266]: FRR daemons did not change
Feb 19 17:20:09.555556 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:20:09.730657 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:09.791457 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:09.839391 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:10.127056 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 19 17:20:10.441368 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:10.616294 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:20:10.809867 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:20:10.997455 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:20:11.141002 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:20:11.266013 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:20:11.401592 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:20:11.512413 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:20:11.683665 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:11.779442 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:11.961506 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:12.159900 osdx INFO[189389]: FRR daemons did not change
Feb 19 17:20:12.193505 osdx ca-certificates[189405]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:13.121457 osdx ca-certificates[190408]: 1 added, 0 removed; done.
Feb 19 17:20:13.132950 osdx ca-certificates[190412]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:13.138274 osdx ca-certificates[190417]: done.
Feb 19 17:20:13.240192 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:13.244782 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:13.252299 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:13.300187 osdx dnscrypt-proxy[190421]: dnscrypt-proxy 2.0.45
Feb 19 17:20:13.300283 osdx dnscrypt-proxy[190421]: Network connectivity detected
Feb 19 17:20:13.300664 osdx dnscrypt-proxy[190421]: Dropping privileges
Feb 19 17:20:13.305192 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:13.308424 osdx dnscrypt-proxy[190421]: Network connectivity detected
Feb 19 17:20:13.309009 osdx dnscrypt-proxy[190421]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:20:13.309018 osdx dnscrypt-proxy[190421]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:20:13.309054 osdx dnscrypt-proxy[190421]: Firefox workaround initialized
Feb 19 17:20:13.309062 osdx dnscrypt-proxy[190421]: Loading the set of cloaking rules from [/tmp/tmpdyjijctz]
Feb 19 17:20:13.311214 osdx dnscrypt-proxy[190421]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 19 17:20:13.525553 osdx dnscrypt-proxy[190421]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:20:13.525574 osdx dnscrypt-proxy[190421]: [RD] OK (DoH) - rtt: 105ms
Feb 19 17:20:13.525584 osdx dnscrypt-proxy[190421]: Server with the lowest initial latency: RD (rtt: 105ms)
Feb 19 17:20:13.525593 osdx dnscrypt-proxy[190421]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 19 17:20:13.943745 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:20:13.947598 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:20:13.947727 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:20:13.963025 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:20:14.527457 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:14.658723 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:20:14.830027 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:20:14.995305 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:15.141830 osdx dnscrypt-proxy[190421]: Stopped.
Feb 19 17:20:15.141933 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:20:15.143594 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:20:15.143948 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:15.406100 osdx ca-certificates[190503]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:20:16.155045 osdx ca-certificates[191075]: done.
Feb 19 17:20:16.160867 osdx ca-certificates[191083]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:17.152713 osdx ca-certificates[191934]: 140 added, 0 removed; done.
Feb 19 17:20:17.159618 osdx ca-certificates[191941]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:17.165910 osdx ca-certificates[191943]: done.
Feb 19 17:20:17.245977 osdx INFO[191946]: FRR daemons did not change
Feb 19 17:20:17.246916 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:17.254119 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:17.318717 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:19.725410 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:19.911692 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:20:20.098601 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:20:20.310141 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:20:20.438015 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:20:20.576442 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:20:20.747014 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 19 17:20:20.922302 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:20:21.140771 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:21.242792 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:21.409110 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:21.560534 osdx INFO[191988]: FRR daemons did not change
Feb 19 17:20:21.583624 osdx ca-certificates[192003]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:22.637587 osdx ca-certificates[193007]: 1 added, 0 removed; done.
Feb 19 17:20:22.642426 osdx ca-certificates[193014]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:22.647736 osdx ca-certificates[193016]: done.
Feb 19 17:20:22.699619 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:20:23.084317 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:23.092926 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:23.143182 osdx dnscrypt-proxy[193082]: dnscrypt-proxy 2.0.45
Feb 19 17:20:23.143283 osdx dnscrypt-proxy[193082]: Network connectivity detected
Feb 19 17:20:23.143650 osdx dnscrypt-proxy[193082]: Dropping privileges
Feb 19 17:20:23.152816 osdx dnscrypt-proxy[193082]: Network connectivity detected
Feb 19 17:20:23.152855 osdx dnscrypt-proxy[193082]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:20:23.152861 osdx dnscrypt-proxy[193082]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:20:23.152890 osdx dnscrypt-proxy[193082]: Firefox workaround initialized
Feb 19 17:20:23.152896 osdx dnscrypt-proxy[193082]: Loading the set of cloaking rules from [/tmp/tmpo4oq4a1d]
Feb 19 17:20:23.158379 osdx dnscrypt-proxy[193082]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 19 17:20:23.167611 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:23.271945 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:23.413765 osdx dnscrypt-proxy[193082]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:20:23.413796 osdx dnscrypt-proxy[193082]: [RD] OK (DoH) - rtt: 119ms
Feb 19 17:20:23.413809 osdx dnscrypt-proxy[193082]: Server with the lowest initial latency: RD (rtt: 119ms)
Feb 19 17:20:23.413818 osdx dnscrypt-proxy[193082]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 19 17:20:23.743194 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:20:23.743898 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:20:23.743946 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:20:23.759952 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:20:24.354209 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:24.510320 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:20:24.683459 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:20:24.821922 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:24.965500 osdx dnscrypt-proxy[193082]: Stopped.
Feb 19 17:20:24.965658 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:20:24.967493 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:20:24.967726 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:25.147104 osdx ca-certificates[193188]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:20:25.669044 osdx ca-certificates[193757]: done.
Feb 19 17:20:25.679401 osdx ca-certificates[193765]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:26.643741 osdx ca-certificates[194617]: 140 added, 0 removed; done.
Feb 19 17:20:26.650684 osdx ca-certificates[194624]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:26.655438 osdx ca-certificates[194626]: done.
Feb 19 17:20:26.710595 osdx INFO[194629]: FRR daemons did not change
Feb 19 17:20:26.711171 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:26.715120 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:26.747384 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:29.106604 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:29.245785 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:20:29.376924 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:20:29.512498 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:20:29.677693 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:20:29.847987 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:20:29.952455 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:20:30.080704 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 19 17:20:30.202604 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:20:30.411078 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:30.517074 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:30.728283 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:30.870458 osdx INFO[194674]: FRR daemons did not change
Feb 19 17:20:30.901986 osdx ca-certificates[194690]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:32.013629 osdx ca-certificates[195693]: 1 added, 0 removed; done.
Feb 19 17:20:32.019850 osdx ca-certificates[195700]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:32.033480 osdx ca-certificates[195702]: done.
Feb 19 17:20:32.067538 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:20:32.356074 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:32.358556 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:32.400615 osdx dnscrypt-proxy[195768]: dnscrypt-proxy 2.0.45
Feb 19 17:20:32.400734 osdx dnscrypt-proxy[195768]: Network connectivity detected
Feb 19 17:20:32.401087 osdx dnscrypt-proxy[195768]: Dropping privileges
Feb 19 17:20:32.404767 osdx dnscrypt-proxy[195768]: Network connectivity detected
Feb 19 17:20:32.404818 osdx dnscrypt-proxy[195768]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:20:32.404827 osdx dnscrypt-proxy[195768]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:20:32.404859 osdx dnscrypt-proxy[195768]: Firefox workaround initialized
Feb 19 17:20:32.404867 osdx dnscrypt-proxy[195768]: Loading the set of cloaking rules from [/tmp/tmp_nouj_ma]
Feb 19 17:20:32.406116 osdx dnscrypt-proxy[195768]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 19 17:20:32.413577 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:32.460769 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:32.576810 osdx dnscrypt-proxy[195768]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:20:32.576837 osdx dnscrypt-proxy[195768]: [RD] OK (DoH) - rtt: 115ms
Feb 19 17:20:32.576850 osdx dnscrypt-proxy[195768]: Server with the lowest initial latency: RD (rtt: 115ms)
Feb 19 17:20:32.576858 osdx dnscrypt-proxy[195768]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 19 17:20:45.001018 osdx systemd-timedated[197402]: Changed local time to Wed 2025-02-19 17:20:45 UTC
Feb 19 17:20:45.002163 osdx systemd-journald[1749]: Time jumped backwards, rotating.
Feb 19 17:20:45.004659 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'set date 2025-02-19 17:20:45'.
Feb 19 17:20:45.608108 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.7M, max 15.3M, 12.6M free.
Feb 19 17:20:45.609616 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:20:45.609761 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:20:45.634044 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:20:46.267815 osdx osdx-coredump[197420]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Feb 19 17:20:46.280803 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 19 17:20:47.155900 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:47.293721 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:47.415505 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:47.578520 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:47.695181 osdx INFO[197444]: FRR daemons did not change
Feb 19 17:20:47.725587 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:20:47.921535 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:47.969667 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:48.014511 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:48.197298 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 19 17:20:48.444042 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:48.579308 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:20:48.712099 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:20:48.900196 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:20:49.015913 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:20:49.191904 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:20:49.363862 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:20:49.485528 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 19 17:20:49.584414 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:20:49.736397 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:49.819855 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:49.979117 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:50.097433 osdx INFO[197570]: FRR daemons did not change
Feb 19 17:20:50.119117 osdx ca-certificates[197585]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:51.277860 osdx ca-certificates[198589]: 1 added, 0 removed; done.
Feb 19 17:20:51.282747 osdx ca-certificates[198596]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:51.287666 osdx ca-certificates[198598]: done.
Feb 19 17:20:51.394855 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:51.399629 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:51.407107 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:51.461756 osdx dnscrypt-proxy[198602]: dnscrypt-proxy 2.0.45
Feb 19 17:20:51.461862 osdx dnscrypt-proxy[198602]: Network connectivity detected
Feb 19 17:20:51.462830 osdx dnscrypt-proxy[198602]: Dropping privileges
Feb 19 17:20:51.463514 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:51.487929 osdx dnscrypt-proxy[198602]: Network connectivity detected
Feb 19 17:20:51.487983 osdx dnscrypt-proxy[198602]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:20:51.487992 osdx dnscrypt-proxy[198602]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:20:51.488036 osdx dnscrypt-proxy[198602]: Firefox workaround initialized
Feb 19 17:20:51.488044 osdx dnscrypt-proxy[198602]: Loading the set of cloaking rules from [/tmp/tmpkhe3w_7c]
Feb 19 17:20:51.641838 osdx dnscrypt-proxy[198602]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 19 17:20:51.642060 osdx dnscrypt-proxy[198602]: [RD] OK (DoH) - rtt: 100ms
Feb 19 17:20:51.642161 osdx dnscrypt-proxy[198602]: Server with the lowest initial latency: RD (rtt: 100ms)
Feb 19 17:20:51.642243 osdx dnscrypt-proxy[198602]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:20:51.694272 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 19 17:20:52.090298 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free.
Feb 19 17:20:52.093599 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:20:52.093668 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:20:52.112487 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:20:52.771793 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:52.919007 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:20:53.143785 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:20:53.295555 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:53.442712 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:20:53.445280 osdx dnscrypt-proxy[198602]: Stopped.
Feb 19 17:20:53.449642 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:20:53.450058 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:20:53.676550 osdx ca-certificates[198692]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:20:54.400300 osdx ca-certificates[199262]: done.
Feb 19 17:20:54.410979 osdx ca-certificates[199272]: Updating certificates in /etc/ssl/certs...
Feb 19 17:20:55.311100 osdx ca-certificates[200121]: 140 added, 0 removed; done.
Feb 19 17:20:55.320718 osdx ca-certificates[200129]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:20:55.326365 osdx ca-certificates[200131]: done.
Feb 19 17:20:55.389534 osdx INFO[200134]: FRR daemons did not change
Feb 19 17:20:55.390739 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:20:55.397234 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:20:55.457851 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:20:57.776261 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:20:57.904628 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:20:58.049965 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:20:58.284341 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:20:58.400201 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:20:58.563927 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:20:58.679900 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:20:58.823189 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 19 17:20:58.935609 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:20:59.085257 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:20:59.224513 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:20:59.405868 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:20:59.552365 osdx INFO[200179]: FRR daemons did not change
Feb 19 17:20:59.585619 osdx ca-certificates[200194]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:00.773795 osdx ca-certificates[201198]: 1 added, 0 removed; done.
Feb 19 17:21:00.779801 osdx ca-certificates[201205]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:00.788581 osdx ca-certificates[201207]: done.
Feb 19 17:21:00.833605 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:21:01.264574 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:01.274297 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:01.388494 osdx dnscrypt-proxy[201273]: dnscrypt-proxy 2.0.45
Feb 19 17:21:01.389255 osdx dnscrypt-proxy[201273]: Network connectivity detected
Feb 19 17:21:01.389969 osdx dnscrypt-proxy[201273]: Dropping privileges
Feb 19 17:21:01.403899 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:01.420429 osdx dnscrypt-proxy[201273]: Network connectivity detected
Feb 19 17:21:01.421007 osdx dnscrypt-proxy[201273]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:21:01.421118 osdx dnscrypt-proxy[201273]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:21:01.421258 osdx dnscrypt-proxy[201273]: Firefox workaround initialized
Feb 19 17:21:01.421357 osdx dnscrypt-proxy[201273]: Loading the set of cloaking rules from [/tmp/tmpyra0n7jd]
Feb 19 17:21:01.483280 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:01.723732 osdx dnscrypt-proxy[201273]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 19 17:21:01.724305 osdx dnscrypt-proxy[201273]: [RD] OK (DoH) - rtt: 140ms
Feb 19 17:21:01.724573 osdx dnscrypt-proxy[201273]: Server with the lowest initial latency: RD (rtt: 140ms)
Feb 19 17:21:01.724583 osdx dnscrypt-proxy[201273]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:21:02.067848 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 19 17:21:02.545219 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.1M, max 15.3M, 13.2M free.
Feb 19 17:21:02.546000 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:21:02.546063 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:21:02.580763 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:21:03.175950 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:03.335219 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:21:03.540488 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:21:03.677422 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:03.833657 osdx dnscrypt-proxy[201273]: Stopped.
Feb 19 17:21:03.833818 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:21:03.835320 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:21:03.835486 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:04.058451 osdx ca-certificates[201386]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:21:04.709487 osdx ca-certificates[201956]: done.
Feb 19 17:21:04.717049 osdx ca-certificates[201958]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:05.986092 osdx ca-certificates[202815]: 140 added, 0 removed; done.
Feb 19 17:21:05.992154 osdx ca-certificates[202822]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:05.999274 osdx ca-certificates[202824]: done.
Feb 19 17:21:06.088838 osdx INFO[202827]: FRR daemons did not change
Feb 19 17:21:06.090091 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:06.101424 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:06.152534 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:08.077997 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:08.210376 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:21:08.365244 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:21:08.506477 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:21:08.657888 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:21:08.807662 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:21:08.930294 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 19 17:21:09.072700 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 19 17:21:09.194703 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:21:09.348976 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:21:09.450916 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:21:09.623137 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:09.874462 osdx INFO[202872]: FRR daemons did not change
Feb 19 17:21:09.907209 osdx ca-certificates[202887]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:11.520320 osdx ca-certificates[203891]: 1 added, 0 removed; done.
Feb 19 17:21:11.529840 osdx ca-certificates[203896]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:11.537953 osdx ca-certificates[203900]: done.
Feb 19 17:21:11.598474 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:21:12.092006 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:12.094500 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:12.153034 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:12.186612 osdx dnscrypt-proxy[203966]: dnscrypt-proxy 2.0.45
Feb 19 17:21:12.186697 osdx dnscrypt-proxy[203966]: Network connectivity detected
Feb 19 17:21:12.186993 osdx dnscrypt-proxy[203966]: Dropping privileges
Feb 19 17:21:12.197582 osdx dnscrypt-proxy[203966]: Network connectivity detected
Feb 19 17:21:12.198055 osdx dnscrypt-proxy[203966]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:21:12.198161 osdx dnscrypt-proxy[203966]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:21:12.198305 osdx dnscrypt-proxy[203966]: Firefox workaround initialized
Feb 19 17:21:12.198521 osdx dnscrypt-proxy[203966]: Loading the set of cloaking rules from [/tmp/tmpm0uubfsh]
Feb 19 17:21:12.251661 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:12.683604 osdx dnscrypt-proxy[203966]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:21:12.683813 osdx dnscrypt-proxy[203966]: [RD] OK (DoH) - rtt: 95ms
Feb 19 17:21:12.683923 osdx dnscrypt-proxy[203966]: Server with the lowest initial latency: RD (rtt: 95ms)
Feb 19 17:21:12.684004 osdx dnscrypt-proxy[203966]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:21:15.031831 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Feb 19 17:21:17.599898 osdx OSDxCLI[95458]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Feb 19 17:21:17.924835 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 19 17:21:18.240653 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:21:18.241601 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:21:18.241773 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:21:18.260542 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:21:18.708112 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:18.829957 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:21:18.980800 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:21:19.138220 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:19.261081 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:21:19.263215 osdx dnscrypt-proxy[203966]: Stopped.
Feb 19 17:21:19.265619 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:21:19.265818 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:19.465785 osdx ca-certificates[204081]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:21:19.970819 osdx ca-certificates[204650]: done.
Feb 19 17:21:19.977449 osdx ca-certificates[204659]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:20.756433 osdx ca-certificates[205511]: 140 added, 0 removed; done.
Feb 19 17:21:20.762610 osdx ca-certificates[205517]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:20.767599 osdx ca-certificates[205519]: done.
Feb 19 17:21:20.823560 osdx INFO[205522]: FRR daemons did not change
Feb 19 17:21:20.824266 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:20.828977 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:20.861437 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:22.762608 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:22.887770 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:21:23.005235 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:21:23.151860 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:21:23.262772 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:21:23.418013 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:21:23.604917 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 19 17:21:23.792809 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 19 17:21:23.966612 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:21:24.150807 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:21:24.303992 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:21:24.485025 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:24.622046 osdx INFO[205567]: FRR daemons did not change
Feb 19 17:21:24.644221 osdx ca-certificates[205583]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:25.879612 osdx ca-certificates[206586]: 1 added, 0 removed; done.
Feb 19 17:21:25.883992 osdx ca-certificates[206593]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:25.890216 osdx ca-certificates[206595]: done.
Feb 19 17:21:25.921591 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:21:26.222425 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:26.227140 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:26.269378 osdx dnscrypt-proxy[206661]: dnscrypt-proxy 2.0.45
Feb 19 17:21:26.269496 osdx dnscrypt-proxy[206661]: Network connectivity detected
Feb 19 17:21:26.269927 osdx dnscrypt-proxy[206661]: Dropping privileges
Feb 19 17:21:26.274382 osdx dnscrypt-proxy[206661]: Network connectivity detected
Feb 19 17:21:26.274437 osdx dnscrypt-proxy[206661]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:21:26.274445 osdx dnscrypt-proxy[206661]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:21:26.274485 osdx dnscrypt-proxy[206661]: Firefox workaround initialized
Feb 19 17:21:26.274492 osdx dnscrypt-proxy[206661]: Loading the set of cloaking rules from [/tmp/tmp5ea3_g72]
Feb 19 17:21:26.286043 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:26.334080 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:26.416824 osdx dnscrypt-proxy[206661]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 19 17:21:26.416857 osdx dnscrypt-proxy[206661]: [RD] OK (DoH) - rtt: 85ms
Feb 19 17:21:26.416871 osdx dnscrypt-proxy[206661]: Server with the lowest initial latency: RD (rtt: 85ms)
Feb 19 17:21:26.416880 osdx dnscrypt-proxy[206661]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:21:26.555257 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 19 17:21:26.924627 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free.
Feb 19 17:21:26.925907 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:21:26.925976 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:21:26.949616 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:21:27.516025 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:27.620112 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:21:27.803622 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:21:27.941142 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:28.088216 osdx dnscrypt-proxy[206661]: Stopped.
Feb 19 17:21:28.090132 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:21:28.095751 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:21:28.096090 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:28.407384 osdx ca-certificates[206773]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:21:28.968004 osdx ca-certificates[207341]: done.
Feb 19 17:21:28.973987 osdx ca-certificates[207350]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:29.764886 osdx ca-certificates[208200]: 140 added, 0 removed; done.
Feb 19 17:21:29.772194 osdx ca-certificates[208207]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:29.779350 osdx ca-certificates[208209]: done.
Feb 19 17:21:29.831547 osdx INFO[208212]: FRR daemons did not change
Feb 19 17:21:29.832350 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:29.843913 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:29.892603 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:32.264419 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:32.399415 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:21:32.564925 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:21:32.725206 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:21:32.831895 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:21:32.957144 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:21:33.082027 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 19 17:21:33.218765 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 19 17:21:33.359291 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:21:33.513390 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:21:33.630884 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:21:33.830613 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:34.026142 osdx INFO[208257]: FRR daemons did not change
Feb 19 17:21:34.062449 osdx ca-certificates[208273]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:35.096651 osdx ca-certificates[209277]: 1 added, 0 removed; done.
Feb 19 17:21:35.103240 osdx ca-certificates[209283]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:35.109939 osdx ca-certificates[209285]: done.
Feb 19 17:21:35.145614 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:21:35.442491 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:35.450103 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:35.492546 osdx dnscrypt-proxy[209351]: dnscrypt-proxy 2.0.45
Feb 19 17:21:35.492650 osdx dnscrypt-proxy[209351]: Network connectivity detected
Feb 19 17:21:35.492999 osdx dnscrypt-proxy[209351]: Dropping privileges
Feb 19 17:21:35.496929 osdx dnscrypt-proxy[209351]: Network connectivity detected
Feb 19 17:21:35.496984 osdx dnscrypt-proxy[209351]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:21:35.496993 osdx dnscrypt-proxy[209351]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:21:35.497038 osdx dnscrypt-proxy[209351]: Firefox workaround initialized
Feb 19 17:21:35.497045 osdx dnscrypt-proxy[209351]: Loading the set of cloaking rules from [/tmp/tmpx2uhki7t]
Feb 19 17:21:35.505990 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:35.561230 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:35.635383 osdx dnscrypt-proxy[209351]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 19 17:21:35.635413 osdx dnscrypt-proxy[209351]: [RD] OK (DoH) - rtt: 85ms
Feb 19 17:21:35.635426 osdx dnscrypt-proxy[209351]: Server with the lowest initial latency: RD (rtt: 85ms)
Feb 19 17:21:35.635435 osdx dnscrypt-proxy[209351]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:21:35.799903 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 19 17:21:36.119645 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 3.8M, max 15.3M, 11.5M free.
Feb 19 17:21:36.121584 osdx systemd-journald[1749]: Received client request to rotate journal, rotating.
Feb 19 17:21:36.121662 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406.
Feb 19 17:21:36.140403 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'system journal clear'.
Feb 19 17:21:36.664463 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:36.809921 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'delete '.
Feb 19 17:21:37.025806 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 19 17:21:37.236980 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:37.428458 osdx dnscrypt-proxy[209351]: Stopped.
Feb 19 17:21:37.428960 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 19 17:21:37.430719 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 19 17:21:37.430955 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:37.792713 osdx ca-certificates[209458]: Clearing symlinks in /etc/ssl/certs...
Feb 19 17:21:38.690841 osdx ca-certificates[210029]: done.
Feb 19 17:21:38.696869 osdx ca-certificates[210034]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:40.115417 osdx ca-certificates[210891]: 140 added, 0 removed; done.
Feb 19 17:21:40.121582 osdx ca-certificates[210896]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:40.134046 osdx ca-certificates[210898]: done.
Feb 19 17:21:40.218671 osdx INFO[210901]: FRR daemons did not change
Feb 19 17:21:40.220851 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:40.231481 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:40.323871 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:42.657553 osdx OSDxCLI[95458]: User 'admin' entered the configuration menu.
Feb 19 17:21:42.777029 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 19 17:21:42.924498 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 19 17:21:43.048294 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 19 17:21:43.151953 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 19 17:21:43.309129 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3c15e90bd022a1619161d18b235841fbb951fd9251cbf16baaf9244baed3a840'.
Feb 19 17:21:43.423743 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 19 17:21:43.589945 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 19 17:21:43.685705 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 19 17:21:43.832315 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 19 17:21:43.940664 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 19 17:21:44.104802 osdx OSDxCLI[95458]: User 'admin' added a new cfg line: 'show working'.
Feb 19 17:21:44.259811 osdx INFO[210946]: FRR daemons did not change
Feb 19 17:21:44.302866 osdx ca-certificates[210962]: Updating certificates in /etc/ssl/certs...
Feb 19 17:21:45.472704 osdx ca-certificates[211966]: 1 added, 0 removed; done.
Feb 19 17:21:45.481076 osdx ca-certificates[211970]: Running hooks in /etc/ca-certificates/update.d...
Feb 19 17:21:45.488763 osdx ca-certificates[211974]: done.
Feb 19 17:21:45.529613 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 19 17:21:45.850395 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 19 17:21:45.853088 osdx cfgd[1448]: [95458]Completed change to active configuration
Feb 19 17:21:45.896886 osdx dnscrypt-proxy[212040]: dnscrypt-proxy 2.0.45
Feb 19 17:21:45.896987 osdx dnscrypt-proxy[212040]: Network connectivity detected
Feb 19 17:21:45.897330 osdx dnscrypt-proxy[212040]: Dropping privileges
Feb 19 17:21:45.924326 osdx dnscrypt-proxy[212040]: Network connectivity detected
Feb 19 17:21:45.924381 osdx dnscrypt-proxy[212040]: Now listening to 127.0.0.1:53 [UDP]
Feb 19 17:21:45.924390 osdx dnscrypt-proxy[212040]: Now listening to 127.0.0.1:53 [TCP]
Feb 19 17:21:45.924432 osdx dnscrypt-proxy[212040]: Firefox workaround initialized
Feb 19 17:21:45.924441 osdx dnscrypt-proxy[212040]: Loading the set of cloaking rules from [/tmp/tmpdz7drr2n]
Feb 19 17:21:45.928615 osdx OSDxCLI[95458]: User 'admin' committed the configuration.
Feb 19 17:21:46.013804 osdx OSDxCLI[95458]: User 'admin' left the configuration menu.
Feb 19 17:21:46.067983 osdx dnscrypt-proxy[212040]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 19 17:21:46.068015 osdx dnscrypt-proxy[212040]: [RD] OK (DoH) - rtt: 83ms
Feb 19 17:21:46.068038 osdx dnscrypt-proxy[212040]: Server with the lowest initial latency: RD (rtt: 83ms)
Feb 19 17:21:46.068047 osdx dnscrypt-proxy[212040]: dnscrypt-proxy is ready - live servers: 1
Feb 19 17:21:46.294134 osdx OSDxCLI[95458]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---