Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 21 16:20:56.457177 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.1M, max 15.3M, 13.1M free.
Mar 21 16:20:56.460458 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:20:56.460541 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:20:56.477221 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:20:57.107887 osdx osdx-coredump[75862]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 16:20:57.131824 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 16:20:58.047167 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:20:58.194475 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:20:58.356139 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:20:58.545849 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:20:58.675500 osdx ubnt-cfgd[75884]: inactive
Mar 21 16:20:58.808055 osdx INFO[75896]: FRR daemons did not change
Mar 21 16:20:58.987317 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:20:59.026420 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:20:59.084963 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:20:59.345080 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 21 16:20:59.628467 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:20:59.775624 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:20:59.912214 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:21:00.077501 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:21:00.219211 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:21:00.351780 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:21:00.461684 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 21 16:21:00.574600 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:21:00.775349 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:00.863975 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:01.081283 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:01.277971 osdx ubnt-cfgd[76064]: inactive
Mar 21 16:21:01.415234 osdx INFO[76076]: FRR daemons did not change
Mar 21 16:21:01.437946 osdx ca-certificates[76092]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:02.587271 osdx ca-certificates[77095]: 1 added, 0 removed; done.
Mar 21 16:21:02.594193 osdx ca-certificates[77102]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:02.603672 osdx ca-certificates[77104]: done.
Mar 21 16:21:02.713372 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:02.718986 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:02.732479 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:02.754520 osdx dnscrypt-proxy[77108]: dnscrypt-proxy 2.0.45
Mar 21 16:21:02.754603 osdx dnscrypt-proxy[77108]: Network connectivity detected
Mar 21 16:21:02.754902 osdx dnscrypt-proxy[77108]: Dropping privileges
Mar 21 16:21:02.758204 osdx dnscrypt-proxy[77108]: Network connectivity detected
Mar 21 16:21:02.758548 osdx dnscrypt-proxy[77108]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:21:02.758621 osdx dnscrypt-proxy[77108]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:21:02.758724 osdx dnscrypt-proxy[77108]: Firefox workaround initialized
Mar 21 16:21:02.758816 osdx dnscrypt-proxy[77108]: Loading the set of cloaking rules from [/tmp/tmphirp64b6]
Mar 21 16:21:02.808090 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:02.855001 osdx dnscrypt-proxy[77108]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 21 16:21:02.855027 osdx dnscrypt-proxy[77108]: [RD] OK (DoH) - rtt: 51ms
Mar 21 16:21:02.855040 osdx dnscrypt-proxy[77108]: Server with the lowest initial latency: RD (rtt: 51ms)
Mar 21 16:21:02.855047 osdx dnscrypt-proxy[77108]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:21:03.100321 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 21 16:21:15.462173 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:21:15.464095 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:21:15.464158 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:21:15.481218 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:21:16.130966 osdx osdx-coredump[78795]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 16:21:16.147055 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 16:21:16.994150 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:17.226243 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:17.326248 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:17.489122 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:17.600877 osdx ubnt-cfgd[78817]: inactive
Mar 21 16:21:17.740726 osdx INFO[78829]: FRR daemons did not change
Mar 21 16:21:17.911458 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:17.929540 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:17.963305 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:18.219686 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 21 16:21:18.516538 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:18.627585 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:21:18.790626 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:21:18.939840 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:21:19.065860 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:21:19.246366 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:21:19.397415 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 21 16:21:19.523700 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:21:19.712117 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:19.827710 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:19.996243 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:20.142412 osdx ubnt-cfgd[78994]: inactive
Mar 21 16:21:20.277661 osdx INFO[79006]: FRR daemons did not change
Mar 21 16:21:20.304350 osdx ca-certificates[79022]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:21.350054 osdx ca-certificates[80027]: 1 added, 0 removed; done.
Mar 21 16:21:21.357658 osdx ca-certificates[80029]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:21.363917 osdx ca-certificates[80033]: done.
Mar 21 16:21:21.516781 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:21.521627 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:21.529008 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:21.574290 osdx dnscrypt-proxy[80038]: dnscrypt-proxy 2.0.45
Mar 21 16:21:21.574391 osdx dnscrypt-proxy[80038]: Network connectivity detected
Mar 21 16:21:21.574724 osdx dnscrypt-proxy[80038]: Dropping privileges
Mar 21 16:21:21.580675 osdx dnscrypt-proxy[80038]: Network connectivity detected
Mar 21 16:21:21.580728 osdx dnscrypt-proxy[80038]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:21:21.580736 osdx dnscrypt-proxy[80038]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:21:21.580774 osdx dnscrypt-proxy[80038]: Firefox workaround initialized
Mar 21 16:21:21.580782 osdx dnscrypt-proxy[80038]: Loading the set of cloaking rules from [/tmp/tmpgr8ju5b0]
Mar 21 16:21:21.584413 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:21.763624 osdx dnscrypt-proxy[80038]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 21 16:21:21.763651 osdx dnscrypt-proxy[80038]: [RD] OK (DoH) - rtt: 86ms
Mar 21 16:21:21.763664 osdx dnscrypt-proxy[80038]: Server with the lowest initial latency: RD (rtt: 86ms)
Mar 21 16:21:21.763673 osdx dnscrypt-proxy[80038]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:21:21.850154 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 21 16:21:22.286210 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:21:22.288096 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:21:22.288227 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:21:22.308064 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:21:23.119915 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:23.333375 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:21:23.544189 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:21:23.761849 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:23.883675 osdx ubnt-cfgd[80091]: inactive
Mar 21 16:21:24.042900 osdx dnscrypt-proxy[80038]: Stopped.
Mar 21 16:21:24.043020 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:21:24.045509 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:21:24.045689 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:24.199904 osdx ca-certificates[80181]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:21:24.872014 osdx ca-certificates[80751]: done.
Mar 21 16:21:24.880629 osdx ca-certificates[80759]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:26.266206 osdx ca-certificates[81610]: 140 added, 0 removed; done.
Mar 21 16:21:26.275688 osdx ca-certificates[81615]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:26.284812 osdx ca-certificates[81619]: done.
Mar 21 16:21:26.335663 osdx INFO[81622]: FRR daemons did not change
Mar 21 16:21:26.336266 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:26.343355 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:26.404274 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:29.144060 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:29.305917 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:21:29.413388 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:21:29.622476 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:21:29.792603 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:21:29.929662 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:21:30.063176 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 21 16:21:30.162660 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:21:30.350867 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:30.493614 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:30.785715 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:30.955799 osdx ubnt-cfgd[81660]: inactive
Mar 21 16:21:31.141357 osdx INFO[81674]: FRR daemons did not change
Mar 21 16:21:31.201126 osdx ca-certificates[81690]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:32.675609 osdx ca-certificates[82695]: 1 added, 0 removed; done.
Mar 21 16:21:32.682648 osdx ca-certificates[82700]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:32.691421 osdx ca-certificates[82702]: done.
Mar 21 16:21:33.094569 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:33.097625 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:33.123048 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:33.142734 osdx dnscrypt-proxy[82812]: dnscrypt-proxy 2.0.45
Mar 21 16:21:33.142827 osdx dnscrypt-proxy[82812]: Network connectivity detected
Mar 21 16:21:33.143147 osdx dnscrypt-proxy[82812]: Dropping privileges
Mar 21 16:21:33.161682 osdx dnscrypt-proxy[82812]: Network connectivity detected
Mar 21 16:21:33.161740 osdx dnscrypt-proxy[82812]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:21:33.162012 osdx dnscrypt-proxy[82812]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:21:33.162133 osdx dnscrypt-proxy[82812]: Firefox workaround initialized
Mar 21 16:21:33.162141 osdx dnscrypt-proxy[82812]: Loading the set of cloaking rules from [/tmp/tmp8ft2zyh9]
Mar 21 16:21:33.187051 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:33.303146 osdx dnscrypt-proxy[82812]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 21 16:21:33.303176 osdx dnscrypt-proxy[82812]: [RD] OK (DoH) - rtt: 55ms
Mar 21 16:21:33.303194 osdx dnscrypt-proxy[82812]: Server with the lowest initial latency: RD (rtt: 55ms)
Mar 21 16:21:33.303210 osdx dnscrypt-proxy[82812]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:21:33.493107 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 21 16:21:33.905938 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:21:33.908259 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:21:33.908394 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:21:33.932860 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:21:34.496550 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:34.647292 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:21:34.808732 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:21:35.061396 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:35.200196 osdx ubnt-cfgd[82886]: inactive
Mar 21 16:21:35.346102 osdx dnscrypt-proxy[82812]: Stopped.
Mar 21 16:21:35.346251 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:21:35.350711 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:21:35.350897 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:35.557978 osdx ca-certificates[82976]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:21:36.075508 osdx ca-certificates[83545]: done.
Mar 21 16:21:36.081400 osdx ca-certificates[83555]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:37.006418 osdx ca-certificates[84405]: 140 added, 0 removed; done.
Mar 21 16:21:37.010905 osdx ca-certificates[84412]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:37.016157 osdx ca-certificates[84414]: done.
Mar 21 16:21:37.055664 osdx INFO[84417]: FRR daemons did not change
Mar 21 16:21:37.056544 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:37.060572 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:37.121507 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:39.349849 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:39.497156 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:21:39.633743 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:21:39.775780 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:21:39.881235 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:21:40.015040 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:21:40.135182 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 21 16:21:40.270064 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:21:40.449336 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:40.548281 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:40.765218 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:40.896054 osdx ubnt-cfgd[84455]: inactive
Mar 21 16:21:41.075666 osdx INFO[84469]: FRR daemons did not change
Mar 21 16:21:41.099559 osdx ca-certificates[84485]: Updating certificates in /etc/ssl/certs...
Mar 21 16:21:42.169918 osdx ca-certificates[85489]: 1 added, 0 removed; done.
Mar 21 16:21:42.177852 osdx ca-certificates[85495]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:21:42.184819 osdx ca-certificates[85497]: done.
Mar 21 16:21:42.492875 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:21:42.495497 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:42.520445 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:42.541448 osdx dnscrypt-proxy[85607]: dnscrypt-proxy 2.0.45
Mar 21 16:21:42.541869 osdx dnscrypt-proxy[85607]: Network connectivity detected
Mar 21 16:21:42.542244 osdx dnscrypt-proxy[85607]: Dropping privileges
Mar 21 16:21:42.558278 osdx dnscrypt-proxy[85607]: Network connectivity detected
Mar 21 16:21:42.558645 osdx dnscrypt-proxy[85607]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:21:42.558740 osdx dnscrypt-proxy[85607]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:21:42.558857 osdx dnscrypt-proxy[85607]: Firefox workaround initialized
Mar 21 16:21:42.558937 osdx dnscrypt-proxy[85607]: Loading the set of cloaking rules from [/tmp/tmps3_hmhct]
Mar 21 16:21:42.599673 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:42.671055 osdx dnscrypt-proxy[85607]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:21:42.671081 osdx dnscrypt-proxy[85607]: [RD] OK (DoH) - rtt: 59ms
Mar 21 16:21:42.671093 osdx dnscrypt-proxy[85607]: Server with the lowest initial latency: RD (rtt: 59ms)
Mar 21 16:21:42.671101 osdx dnscrypt-proxy[85607]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:21:42.816609 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 21 16:21:54.719743 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:21:54.725207 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:21:54.725302 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:21:54.777565 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:21:55.439471 osdx osdx-coredump[87314]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 16:21:55.452819 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 16:21:56.314052 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:56.473079 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:56.642214 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:56.797276 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:56.923667 osdx ubnt-cfgd[87336]: inactive
Mar 21 16:21:57.055440 osdx INFO[87348]: FRR daemons did not change
Mar 21 16:21:57.217775 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:21:57.237620 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:21:57.285216 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:21:57.499837 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 21 16:21:57.788286 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:21:57.930919 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:21:58.085096 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:21:58.244084 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:21:58.363660 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:21:58.516755 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:21:58.627384 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:21:58.755855 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:21:58.908950 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:21:59.023303 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:21:59.177966 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:21:59.309802 osdx ubnt-cfgd[87513]: inactive
Mar 21 16:21:59.430475 osdx INFO[87525]: FRR daemons did not change
Mar 21 16:21:59.457598 osdx ca-certificates[87541]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:00.352726 osdx ca-certificates[88544]: 1 added, 0 removed; done.
Mar 21 16:22:00.357493 osdx ca-certificates[88551]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:00.362464 osdx ca-certificates[88553]: done.
Mar 21 16:22:00.452876 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:00.456310 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:00.464014 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:00.497567 osdx dnscrypt-proxy[88557]: dnscrypt-proxy 2.0.45
Mar 21 16:22:00.497804 osdx dnscrypt-proxy[88557]: Network connectivity detected
Mar 21 16:22:00.498289 osdx dnscrypt-proxy[88557]: Dropping privileges
Mar 21 16:22:00.504538 osdx dnscrypt-proxy[88557]: Network connectivity detected
Mar 21 16:22:00.504592 osdx dnscrypt-proxy[88557]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:22:00.504600 osdx dnscrypt-proxy[88557]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:22:00.504638 osdx dnscrypt-proxy[88557]: Firefox workaround initialized
Mar 21 16:22:00.504704 osdx dnscrypt-proxy[88557]: Loading the set of cloaking rules from [/tmp/tmpokcpmhll]
Mar 21 16:22:00.506748 osdx dnscrypt-proxy[88557]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 21 16:22:00.517684 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:00.632395 osdx dnscrypt-proxy[88557]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:22:00.632701 osdx dnscrypt-proxy[88557]: [RD] OK (DoH) - rtt: 65ms
Mar 21 16:22:00.633393 osdx dnscrypt-proxy[88557]: Server with the lowest initial latency: RD (rtt: 65ms)
Mar 21 16:22:00.633905 osdx dnscrypt-proxy[88557]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 21 16:22:13.539209 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:22:13.542741 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:22:13.543087 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:22:13.564914 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:22:14.293183 osdx osdx-coredump[90240]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 16:22:14.313114 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 16:22:15.210441 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:15.402395 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:15.507992 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:15.681469 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:15.840093 osdx ubnt-cfgd[90262]: inactive
Mar 21 16:22:16.003195 osdx INFO[90274]: FRR daemons did not change
Mar 21 16:22:16.200989 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:16.221103 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:16.253394 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:16.549568 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 21 16:22:16.881460 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:17.068836 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:22:17.211260 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:22:17.410110 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:22:17.507429 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:22:17.657537 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:22:17.770533 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:22:17.900518 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:22:18.123085 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:18.278519 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:18.500977 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:18.688253 osdx ubnt-cfgd[90439]: inactive
Mar 21 16:22:18.885003 osdx INFO[90451]: FRR daemons did not change
Mar 21 16:22:18.931652 osdx ca-certificates[90466]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:19.969601 osdx ca-certificates[91471]: 1 added, 0 removed; done.
Mar 21 16:22:19.988036 osdx ca-certificates[91473]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:19.993183 osdx ca-certificates[91479]: done.
Mar 21 16:22:20.087576 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:20.094100 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:20.100096 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:20.133985 osdx dnscrypt-proxy[91483]: dnscrypt-proxy 2.0.45
Mar 21 16:22:20.134587 osdx dnscrypt-proxy[91483]: Network connectivity detected
Mar 21 16:22:20.134951 osdx dnscrypt-proxy[91483]: Dropping privileges
Mar 21 16:22:20.138975 osdx dnscrypt-proxy[91483]: Network connectivity detected
Mar 21 16:22:20.139032 osdx dnscrypt-proxy[91483]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:22:20.139042 osdx dnscrypt-proxy[91483]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:22:20.139084 osdx dnscrypt-proxy[91483]: Firefox workaround initialized
Mar 21 16:22:20.139093 osdx dnscrypt-proxy[91483]: Loading the set of cloaking rules from [/tmp/tmpuzncujzr]
Mar 21 16:22:20.140283 osdx dnscrypt-proxy[91483]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 21 16:22:20.143843 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:20.278751 osdx dnscrypt-proxy[91483]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:22:20.284115 osdx dnscrypt-proxy[91483]: [RD] OK (DoH) - rtt: 97ms
Mar 21 16:22:20.284145 osdx dnscrypt-proxy[91483]: Server with the lowest initial latency: RD (rtt: 97ms)
Mar 21 16:22:20.284154 osdx dnscrypt-proxy[91483]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 21 16:22:20.575404 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:22:20.578685 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:22:20.578778 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:22:20.594875 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:22:21.081566 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:21.276762 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:22:21.551399 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:22:21.720658 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:21.929318 osdx ubnt-cfgd[91533]: inactive
Mar 21 16:22:22.137727 osdx dnscrypt-proxy[91483]: Stopped.
Mar 21 16:22:22.138916 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:22:22.140776 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:22:22.141005 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:22.347224 osdx ca-certificates[91623]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:22:23.067422 osdx ca-certificates[92193]: done.
Mar 21 16:22:23.072953 osdx ca-certificates[92200]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:24.125298 osdx ca-certificates[93054]: 140 added, 0 removed; done.
Mar 21 16:22:24.131164 osdx ca-certificates[93059]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:24.136984 osdx ca-certificates[93061]: done.
Mar 21 16:22:24.173668 osdx INFO[93064]: FRR daemons did not change
Mar 21 16:22:24.174769 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:24.181269 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:24.263131 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:26.572697 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:26.696716 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:22:26.849116 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:22:27.010874 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:22:27.130173 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:22:27.298105 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:22:27.468404 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 21 16:22:27.629253 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:22:27.860723 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:27.975015 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:28.191984 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:28.320875 osdx ubnt-cfgd[93102]: inactive
Mar 21 16:22:28.466292 osdx INFO[93116]: FRR daemons did not change
Mar 21 16:22:28.489225 osdx ca-certificates[93132]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:29.428461 osdx ca-certificates[94135]: 1 added, 0 removed; done.
Mar 21 16:22:29.434807 osdx ca-certificates[94142]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:29.440961 osdx ca-certificates[94144]: done.
Mar 21 16:22:29.743480 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:29.747253 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:29.783807 osdx dnscrypt-proxy[94254]: dnscrypt-proxy 2.0.45
Mar 21 16:22:29.783928 osdx dnscrypt-proxy[94254]: Network connectivity detected
Mar 21 16:22:29.784297 osdx dnscrypt-proxy[94254]: Dropping privileges
Mar 21 16:22:29.786126 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:29.794933 osdx dnscrypt-proxy[94254]: Network connectivity detected
Mar 21 16:22:29.794981 osdx dnscrypt-proxy[94254]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:22:29.794989 osdx dnscrypt-proxy[94254]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:22:29.795027 osdx dnscrypt-proxy[94254]: Firefox workaround initialized
Mar 21 16:22:29.795034 osdx dnscrypt-proxy[94254]: Loading the set of cloaking rules from [/tmp/tmp5q0dffxy]
Mar 21 16:22:29.808461 osdx dnscrypt-proxy[94254]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 21 16:22:29.827030 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:29.930632 osdx dnscrypt-proxy[94254]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:22:29.930658 osdx dnscrypt-proxy[94254]: [RD] OK (DoH) - rtt: 63ms
Mar 21 16:22:29.930792 osdx dnscrypt-proxy[94254]: Server with the lowest initial latency: RD (rtt: 63ms)
Mar 21 16:22:29.930802 osdx dnscrypt-proxy[94254]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 21 16:22:30.291303 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:22:30.295091 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:22:30.295166 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:22:30.313146 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:22:30.854163 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:30.985096 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:22:31.168395 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:22:31.369195 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:31.561937 osdx ubnt-cfgd[94323]: inactive
Mar 21 16:22:31.721981 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:22:31.722851 osdx dnscrypt-proxy[94254]: Stopped.
Mar 21 16:22:31.724146 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:22:31.724328 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:31.856666 osdx ca-certificates[94413]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:22:32.368516 osdx ca-certificates[94982]: done.
Mar 21 16:22:32.375187 osdx ca-certificates[94992]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:33.477228 osdx ca-certificates[95845]: 140 added, 0 removed; done.
Mar 21 16:22:33.488442 osdx ca-certificates[95849]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:33.494683 osdx ca-certificates[95851]: done.
Mar 21 16:22:33.547944 osdx INFO[95854]: FRR daemons did not change
Mar 21 16:22:33.550450 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:33.554299 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:33.622741 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:36.041969 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:36.214727 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:22:36.402165 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:22:36.635964 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:22:36.749748 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:22:37.012482 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:22:37.241787 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:22:37.433290 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 21 16:22:37.641793 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:22:37.908949 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:38.068232 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:38.299262 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:38.461150 osdx ubnt-cfgd[95895]: inactive
Mar 21 16:22:38.632721 osdx INFO[95909]: FRR daemons did not change
Mar 21 16:22:38.660706 osdx ca-certificates[95925]: Updating certificates in /etc/ssl/certs...
Mar 21 16:22:39.981216 osdx ca-certificates[96928]: 1 added, 0 removed; done.
Mar 21 16:22:40.003333 osdx ca-certificates[96933]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:22:40.010318 osdx ca-certificates[96937]: done.
Mar 21 16:22:40.396159 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:22:40.402658 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:40.437352 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:40.438705 osdx dnscrypt-proxy[97049]: dnscrypt-proxy 2.0.45
Mar 21 16:22:40.438797 osdx dnscrypt-proxy[97049]: Network connectivity detected
Mar 21 16:22:40.439112 osdx dnscrypt-proxy[97049]: Dropping privileges
Mar 21 16:22:40.446653 osdx dnscrypt-proxy[97049]: Network connectivity detected
Mar 21 16:22:40.446752 osdx dnscrypt-proxy[97049]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:22:40.446760 osdx dnscrypt-proxy[97049]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:22:40.446798 osdx dnscrypt-proxy[97049]: Firefox workaround initialized
Mar 21 16:22:40.446806 osdx dnscrypt-proxy[97049]: Loading the set of cloaking rules from [/tmp/tmpgi0pt86t]
Mar 21 16:22:40.448715 osdx dnscrypt-proxy[97049]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 21 16:22:40.553121 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:40.594678 osdx dnscrypt-proxy[97049]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:22:40.594707 osdx dnscrypt-proxy[97049]: [RD] OK (DoH) - rtt: 75ms
Mar 21 16:22:40.594722 osdx dnscrypt-proxy[97049]: Server with the lowest initial latency: RD (rtt: 75ms)
Mar 21 16:22:40.594730 osdx dnscrypt-proxy[97049]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 21 16:22:54.000528 osdx systemd-timedated[98734]: Changed local time to Fri 2025-03-21 16:22:54 UTC
Mar 21 16:22:54.001511 osdx systemd-journald[1986]: Time jumped backwards, rotating.
Mar 21 16:22:54.003562 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'set date 2025-03-21 16:22:54'.
Mar 21 16:22:54.599421 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.7M, max 15.3M, 12.5M free.
Mar 21 16:22:54.601304 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:22:54.601372 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:22:54.616526 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:22:55.144499 osdx osdx-coredump[98752]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Mar 21 16:22:55.158797 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 21 16:22:55.997581 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:56.149873 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:56.251031 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:56.379933 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:56.494546 osdx ubnt-cfgd[98774]: inactive
Mar 21 16:22:56.595212 osdx INFO[98786]: FRR daemons did not change
Mar 21 16:22:56.759575 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:22:56.777501 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:22:56.819695 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:22:57.040080 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 21 16:22:57.355763 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:22:57.490502 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:22:57.637909 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:22:57.797489 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:22:57.896225 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:22:58.036737 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:22:58.177226 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:22:58.305902 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 21 16:22:58.435457 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:22:58.607659 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:22:58.731502 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:22:58.925365 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:22:59.080114 osdx ubnt-cfgd[98954]: inactive
Mar 21 16:22:59.230036 osdx INFO[98966]: FRR daemons did not change
Mar 21 16:22:59.264825 osdx ca-certificates[98982]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:00.387340 osdx ca-certificates[99987]: 1 added, 0 removed; done.
Mar 21 16:23:00.392702 osdx ca-certificates[99992]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:00.397979 osdx ca-certificates[99994]: done.
Mar 21 16:23:00.493814 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:00.497781 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:00.505119 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:00.541632 osdx dnscrypt-proxy[99998]: dnscrypt-proxy 2.0.45
Mar 21 16:23:00.541784 osdx dnscrypt-proxy[99998]: Network connectivity detected
Mar 21 16:23:00.542238 osdx dnscrypt-proxy[99998]: Dropping privileges
Mar 21 16:23:00.545600 osdx dnscrypt-proxy[99998]: Network connectivity detected
Mar 21 16:23:00.545658 osdx dnscrypt-proxy[99998]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:00.545669 osdx dnscrypt-proxy[99998]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:00.545702 osdx dnscrypt-proxy[99998]: Firefox workaround initialized
Mar 21 16:23:00.545708 osdx dnscrypt-proxy[99998]: Loading the set of cloaking rules from [/tmp/tmpj5q2wv4c]
Mar 21 16:23:00.584210 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:00.691072 osdx dnscrypt-proxy[99998]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 21 16:23:00.691097 osdx dnscrypt-proxy[99998]: [RD] OK (DoH) - rtt: 89ms
Mar 21 16:23:00.691118 osdx dnscrypt-proxy[99998]: Server with the lowest initial latency: RD (rtt: 89ms)
Mar 21 16:23:00.691501 osdx dnscrypt-proxy[99998]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:00.811479 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 21 16:23:01.172114 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.2M free.
Mar 21 16:23:01.174430 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:23:01.174500 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:23:01.193977 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:23:01.884610 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:02.061637 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:23:02.324852 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:23:02.455417 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:02.596737 osdx ubnt-cfgd[100055]: inactive
Mar 21 16:23:02.718588 osdx dnscrypt-proxy[99998]: Stopped.
Mar 21 16:23:02.718731 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:23:02.720009 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:23:02.720190 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:02.836275 osdx ca-certificates[100146]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:23:03.284265 osdx ca-certificates[100715]: done.
Mar 21 16:23:03.289944 osdx ca-certificates[100724]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:04.077145 osdx ca-certificates[101576]: 140 added, 0 removed; done.
Mar 21 16:23:04.082914 osdx ca-certificates[101582]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:04.088816 osdx ca-certificates[101584]: done.
Mar 21 16:23:04.114979 osdx INFO[101587]: FRR daemons did not change
Mar 21 16:23:04.115811 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:04.120352 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:04.168531 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:06.691471 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:06.908538 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:23:07.029696 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:23:07.283158 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:23:07.402891 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:23:07.535166 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:23:07.680277 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:23:07.854206 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 21 16:23:07.984457 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:23:08.174476 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:23:08.278932 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:23:08.483223 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:08.603590 osdx ubnt-cfgd[101628]: inactive
Mar 21 16:23:08.732046 osdx INFO[101642]: FRR daemons did not change
Mar 21 16:23:08.752580 osdx ca-certificates[101658]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:09.734564 osdx ca-certificates[102661]: 1 added, 0 removed; done.
Mar 21 16:23:09.739254 osdx ca-certificates[102668]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:09.745129 osdx ca-certificates[102670]: done.
Mar 21 16:23:10.006020 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:10.008284 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:10.051376 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:10.068294 osdx dnscrypt-proxy[102780]: dnscrypt-proxy 2.0.45
Mar 21 16:23:10.068393 osdx dnscrypt-proxy[102780]: Network connectivity detected
Mar 21 16:23:10.068724 osdx dnscrypt-proxy[102780]: Dropping privileges
Mar 21 16:23:10.074246 osdx dnscrypt-proxy[102780]: Network connectivity detected
Mar 21 16:23:10.074298 osdx dnscrypt-proxy[102780]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:10.074306 osdx dnscrypt-proxy[102780]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:10.074352 osdx dnscrypt-proxy[102780]: Firefox workaround initialized
Mar 21 16:23:10.074360 osdx dnscrypt-proxy[102780]: Loading the set of cloaking rules from [/tmp/tmpkig77rs2]
Mar 21 16:23:10.089668 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:10.215219 osdx dnscrypt-proxy[102780]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 21 16:23:10.215416 osdx dnscrypt-proxy[102780]: [RD] OK (DoH) - rtt: 77ms
Mar 21 16:23:10.215564 osdx dnscrypt-proxy[102780]: Server with the lowest initial latency: RD (rtt: 77ms)
Mar 21 16:23:10.215678 osdx dnscrypt-proxy[102780]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:10.302806 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 21 16:23:10.683344 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.1M, max 15.3M, 13.2M free.
Mar 21 16:23:10.685309 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:23:10.685395 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:23:10.707012 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:23:11.238068 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:11.365333 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:23:11.563007 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:23:11.694927 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:11.804366 osdx ubnt-cfgd[102853]: inactive
Mar 21 16:23:11.927248 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:23:11.927749 osdx dnscrypt-proxy[102780]: Stopped.
Mar 21 16:23:11.929365 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:23:11.929675 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:12.120696 osdx ca-certificates[102943]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:23:12.710677 osdx ca-certificates[103512]: done.
Mar 21 16:23:12.717695 osdx ca-certificates[103520]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:13.501127 osdx ca-certificates[104372]: 140 added, 0 removed; done.
Mar 21 16:23:13.508296 osdx ca-certificates[104377]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:13.514663 osdx ca-certificates[104381]: done.
Mar 21 16:23:13.543669 osdx INFO[104384]: FRR daemons did not change
Mar 21 16:23:13.550691 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:13.556776 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:13.622951 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:15.673692 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:15.819262 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:23:15.952539 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:23:16.087419 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:23:16.194221 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:23:16.300887 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:23:16.402462 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 21 16:23:16.536970 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 21 16:23:16.628250 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:23:16.853361 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:23:16.999741 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:23:17.190859 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:17.327400 osdx ubnt-cfgd[104425]: inactive
Mar 21 16:23:17.488816 osdx INFO[104439]: FRR daemons did not change
Mar 21 16:23:17.511197 osdx ca-certificates[104455]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:18.690788 osdx ca-certificates[105458]: 1 added, 0 removed; done.
Mar 21 16:23:18.697054 osdx ca-certificates[105465]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:18.704675 osdx ca-certificates[105467]: done.
Mar 21 16:23:19.006017 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:19.009203 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:19.027904 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:19.058710 osdx dnscrypt-proxy[105577]: dnscrypt-proxy 2.0.45
Mar 21 16:23:19.058808 osdx dnscrypt-proxy[105577]: Network connectivity detected
Mar 21 16:23:19.059113 osdx dnscrypt-proxy[105577]: Dropping privileges
Mar 21 16:23:19.066558 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:19.068359 osdx dnscrypt-proxy[105577]: Network connectivity detected
Mar 21 16:23:19.068437 osdx dnscrypt-proxy[105577]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:19.068445 osdx dnscrypt-proxy[105577]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:19.068560 osdx dnscrypt-proxy[105577]: Firefox workaround initialized
Mar 21 16:23:19.068570 osdx dnscrypt-proxy[105577]: Loading the set of cloaking rules from [/tmp/tmpa5jqa2wx]
Mar 21 16:23:19.203834 osdx dnscrypt-proxy[105577]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:23:19.203872 osdx dnscrypt-proxy[105577]: [RD] OK (DoH) - rtt: 82ms
Mar 21 16:23:19.203886 osdx dnscrypt-proxy[105577]: Server with the lowest initial latency: RD (rtt: 82ms)
Mar 21 16:23:19.203895 osdx dnscrypt-proxy[105577]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:19.343531 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 21 16:23:19.822797 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:23:19.825334 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:23:19.825436 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:23:19.843216 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:23:20.457422 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:20.580192 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:23:20.798312 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:23:20.955253 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:21.075047 osdx ubnt-cfgd[105651]: inactive
Mar 21 16:23:21.180016 osdx dnscrypt-proxy[105577]: Stopped.
Mar 21 16:23:21.180749 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:23:21.182443 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:23:21.182916 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:21.341592 osdx ca-certificates[105741]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:23:21.817594 osdx ca-certificates[106310]: done.
Mar 21 16:23:21.824374 osdx ca-certificates[106319]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:22.632273 osdx ca-certificates[107170]: 140 added, 0 removed; done.
Mar 21 16:23:22.637146 osdx ca-certificates[107177]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:22.643728 osdx ca-certificates[107179]: done.
Mar 21 16:23:22.665476 osdx INFO[107182]: FRR daemons did not change
Mar 21 16:23:22.666158 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:22.669671 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:22.707522 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:24.032942 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Mar 21 16:23:24.765689 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:24.915355 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:23:25.064222 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:23:25.204899 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:23:25.316328 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:23:25.451406 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:23:25.583291 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 21 16:23:25.734930 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 21 16:23:25.878907 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:23:26.053652 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:23:26.164282 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:23:26.342538 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:26.500976 osdx ubnt-cfgd[107225]: inactive
Mar 21 16:23:26.674672 osdx INFO[107239]: FRR daemons did not change
Mar 21 16:23:26.696509 osdx ca-certificates[107255]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:27.882942 osdx ca-certificates[108259]: 1 added, 0 removed; done.
Mar 21 16:23:27.888721 osdx ca-certificates[108265]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:27.895916 osdx ca-certificates[108267]: done.
Mar 21 16:23:28.197987 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:28.200487 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:28.221608 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:28.261106 osdx dnscrypt-proxy[108377]: dnscrypt-proxy 2.0.45
Mar 21 16:23:28.261198 osdx dnscrypt-proxy[108377]: Network connectivity detected
Mar 21 16:23:28.261533 osdx dnscrypt-proxy[108377]: Dropping privileges
Mar 21 16:23:28.265439 osdx dnscrypt-proxy[108377]: Network connectivity detected
Mar 21 16:23:28.265524 osdx dnscrypt-proxy[108377]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:28.265533 osdx dnscrypt-proxy[108377]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:28.265583 osdx dnscrypt-proxy[108377]: Firefox workaround initialized
Mar 21 16:23:28.265591 osdx dnscrypt-proxy[108377]: Loading the set of cloaking rules from [/tmp/tmps1l2wvgp]
Mar 21 16:23:28.295590 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:28.413611 osdx dnscrypt-proxy[108377]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 21 16:23:28.413673 osdx dnscrypt-proxy[108377]: [RD] OK (DoH) - rtt: 81ms
Mar 21 16:23:28.413686 osdx dnscrypt-proxy[108377]: Server with the lowest initial latency: RD (rtt: 81ms)
Mar 21 16:23:28.413694 osdx dnscrypt-proxy[108377]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:28.531349 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 21 16:23:28.897953 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:23:28.901321 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:23:28.901425 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:23:28.918388 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:23:29.429413 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:29.553455 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:23:29.688089 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:23:29.844065 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:30.003031 osdx ubnt-cfgd[108450]: inactive
Mar 21 16:23:30.131886 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:23:30.132893 osdx dnscrypt-proxy[108377]: Stopped.
Mar 21 16:23:30.134633 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:23:30.134824 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:30.321664 osdx ca-certificates[108539]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:23:30.823205 osdx ca-certificates[109110]: done.
Mar 21 16:23:30.829262 osdx ca-certificates[109119]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:31.706082 osdx ca-certificates[109969]: 140 added, 0 removed; done.
Mar 21 16:23:31.716080 osdx ca-certificates[109976]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:31.728830 osdx ca-certificates[109978]: done.
Mar 21 16:23:31.755284 osdx INFO[109981]: FRR daemons did not change
Mar 21 16:23:31.755828 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:31.760870 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:31.797835 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:33.964054 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:34.098806 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:23:34.217429 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:23:34.359001 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:23:34.481164 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:23:34.676458 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:23:34.819687 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 21 16:23:34.976430 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 21 16:23:35.133271 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:23:35.282358 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:23:35.388197 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:23:35.580082 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:35.706404 osdx ubnt-cfgd[110022]: inactive
Mar 21 16:23:35.878207 osdx INFO[110036]: FRR daemons did not change
Mar 21 16:23:35.908662 osdx ca-certificates[110052]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:36.880263 osdx ca-certificates[111056]: 1 added, 0 removed; done.
Mar 21 16:23:36.887863 osdx ca-certificates[111062]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:36.895348 osdx ca-certificates[111064]: done.
Mar 21 16:23:37.157988 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:37.160416 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:37.184391 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:37.207807 osdx dnscrypt-proxy[111174]: dnscrypt-proxy 2.0.45
Mar 21 16:23:37.208258 osdx dnscrypt-proxy[111174]: Network connectivity detected
Mar 21 16:23:37.208599 osdx dnscrypt-proxy[111174]: Dropping privileges
Mar 21 16:23:37.211755 osdx dnscrypt-proxy[111174]: Network connectivity detected
Mar 21 16:23:37.211799 osdx dnscrypt-proxy[111174]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:37.211805 osdx dnscrypt-proxy[111174]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:37.211839 osdx dnscrypt-proxy[111174]: Firefox workaround initialized
Mar 21 16:23:37.211846 osdx dnscrypt-proxy[111174]: Loading the set of cloaking rules from [/tmp/tmp2oot04ek]
Mar 21 16:23:37.233496 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:37.390478 osdx dnscrypt-proxy[111174]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 21 16:23:37.390503 osdx dnscrypt-proxy[111174]: [RD] OK (DoH) - rtt: 124ms
Mar 21 16:23:37.390517 osdx dnscrypt-proxy[111174]: Server with the lowest initial latency: RD (rtt: 124ms)
Mar 21 16:23:37.390526 osdx dnscrypt-proxy[111174]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:37.452587 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 21 16:23:37.781253 osdx systemd-journald[1986]: Runtime Journal (/run/log/journal/5b174a9dbeeb42728284be3b4e954aec) is 2.0M, max 15.3M, 13.3M free.
Mar 21 16:23:37.781845 osdx systemd-journald[1986]: Received client request to rotate journal, rotating.
Mar 21 16:23:37.781891 osdx systemd-journald[1986]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5b174a9dbeeb42728284be3b4e954aec.
Mar 21 16:23:37.798558 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'system journal clear'.
Mar 21 16:23:38.242150 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:38.350931 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'delete '.
Mar 21 16:23:38.506826 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 21 16:23:38.660990 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:38.812523 osdx ubnt-cfgd[111247]: inactive
Mar 21 16:23:38.959670 osdx dnscrypt-proxy[111174]: Stopped.
Mar 21 16:23:38.960033 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 21 16:23:38.961678 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 21 16:23:38.961978 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:39.099503 osdx ca-certificates[111337]: Clearing symlinks in /etc/ssl/certs...
Mar 21 16:23:39.658750 osdx ca-certificates[111907]: done.
Mar 21 16:23:39.669391 osdx ca-certificates[111914]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:40.702842 osdx ca-certificates[112766]: 140 added, 0 removed; done.
Mar 21 16:23:40.709726 osdx ca-certificates[112771]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:40.718256 osdx ca-certificates[112775]: done.
Mar 21 16:23:40.741618 osdx INFO[112778]: FRR daemons did not change
Mar 21 16:23:40.742820 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:40.748563 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:40.788717 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:43.002668 osdx OSDxCLI[2248]: User 'admin' entered the configuration menu.
Mar 21 16:23:43.127105 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 21 16:23:43.301426 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 21 16:23:43.481172 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 21 16:23:43.645018 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 21 16:23:43.815217 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash dcd7c79d517ef035e12eb8156d635988f90b76b5f45de016aad64fcb8fc998ba'.
Mar 21 16:23:43.965717 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 21 16:23:44.124045 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 21 16:23:44.253148 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 21 16:23:44.425366 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 21 16:23:44.561907 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 21 16:23:44.718861 osdx OSDxCLI[2248]: User 'admin' added a new cfg line: 'show working'.
Mar 21 16:23:44.849965 osdx ubnt-cfgd[112819]: inactive
Mar 21 16:23:44.997519 osdx INFO[112833]: FRR daemons did not change
Mar 21 16:23:45.021229 osdx ca-certificates[112848]: Updating certificates in /etc/ssl/certs...
Mar 21 16:23:46.179005 osdx ca-certificates[113852]: 1 added, 0 removed; done.
Mar 21 16:23:46.185759 osdx ca-certificates[113856]: Running hooks in /etc/ca-certificates/update.d...
Mar 21 16:23:46.191567 osdx ca-certificates[113861]: done.
Mar 21 16:23:46.473989 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 21 16:23:46.476210 osdx cfgd[1672]: [2248]Completed change to active configuration
Mar 21 16:23:46.514062 osdx OSDxCLI[2248]: User 'admin' committed the configuration.
Mar 21 16:23:46.516538 osdx dnscrypt-proxy[113971]: dnscrypt-proxy 2.0.45
Mar 21 16:23:46.517152 osdx dnscrypt-proxy[113971]: Network connectivity detected
Mar 21 16:23:46.517606 osdx dnscrypt-proxy[113971]: Dropping privileges
Mar 21 16:23:46.521154 osdx dnscrypt-proxy[113971]: Network connectivity detected
Mar 21 16:23:46.521566 osdx dnscrypt-proxy[113971]: Now listening to 127.0.0.1:53 [UDP]
Mar 21 16:23:46.521656 osdx dnscrypt-proxy[113971]: Now listening to 127.0.0.1:53 [TCP]
Mar 21 16:23:46.521764 osdx dnscrypt-proxy[113971]: Firefox workaround initialized
Mar 21 16:23:46.521840 osdx dnscrypt-proxy[113971]: Loading the set of cloaking rules from [/tmp/tmp4f9eq8tq]
Mar 21 16:23:46.577650 osdx OSDxCLI[2248]: User 'admin' left the configuration menu.
Mar 21 16:23:46.650763 osdx dnscrypt-proxy[113971]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 21 16:23:46.650905 osdx dnscrypt-proxy[113971]: [RD] OK (DoH) - rtt: 54ms
Mar 21 16:23:46.650920 osdx dnscrypt-proxy[113971]: Server with the lowest initial latency: RD (rtt: 54ms)
Mar 21 16:23:46.650928 osdx dnscrypt-proxy[113971]: dnscrypt-proxy is ready - live servers: 1
Mar 21 16:23:46.807715 osdx OSDxCLI[2248]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---