Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 02 09:57:50.000171 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:57:50 UTC
Jun 02 09:57:50.001604 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:57:50'.
Jun 02 09:57:50.004252 osdx systemd-journald[148515]: Time jumped backwards, rotating.
Jun 02 09:57:50.332715 osdx sudo[348349]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:57:50.336028 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:57:50.336437 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:57:50.336468 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:57:50.341014 osdx sudo[348348]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:57:50.346716 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:57:50.564640 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 02 09:57:50.792339 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:57:50.884052 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:57:50.957736 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:57:51.081497 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:57:51.144578 osdx ubnt-cfgd[348375]: inactive
Jun 02 09:57:51.166888 osdx INFO[348383]: FRR daemons did not change
Jun 02 09:57:51.196228 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:57:51.271887 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:57:51.282654 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:57:51.315400 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:57:51.479663 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 02 09:57:51.658712 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:57:51.722974 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:57:51.825994 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:57:51.892128 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:57:51.999015 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:57:52.105526 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:57:52.162052 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 02 09:57:52.263656 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:57:52.417604 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:57:52.474435 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:57:52.587266 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:57:52.657026 osdx ubnt-cfgd[348548]: inactive
Jun 02 09:57:52.678866 osdx INFO[348556]: FRR daemons did not change
Jun 02 09:57:52.683809 osdx sudo[348559]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:57:52.693332 osdx ca-certificates[348572]: Updating certificates in /etc/ssl/certs...
Jun 02 09:57:53.201886 osdx ubnt-cfgd[349570]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:57:53.209852 osdx ca-certificates[349576]: 1 added, 0 removed; done.
Jun 02 09:57:53.212952 osdx ca-certificates[349582]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:57:53.215712 osdx ca-certificates[349584]: done.
Jun 02 09:57:53.280872 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:57:53.282531 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:57:53.284691 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:57:53.312839 osdx dnscrypt-proxy[349588]: dnscrypt-proxy 2.0.45
Jun 02 09:57:53.313231 osdx dnscrypt-proxy[349588]: Network connectivity detected
Jun 02 09:57:53.313535 osdx dnscrypt-proxy[349588]: Dropping privileges
Jun 02 09:57:53.316133 osdx dnscrypt-proxy[349588]: Network connectivity detected
Jun 02 09:57:53.316174 osdx dnscrypt-proxy[349588]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:57:53.316179 osdx dnscrypt-proxy[349588]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:57:53.316216 osdx dnscrypt-proxy[349588]: Firefox workaround initialized
Jun 02 09:57:53.316222 osdx dnscrypt-proxy[349588]: Loading the set of cloaking rules from [/tmp/tmpw3uyw5fu]
Jun 02 09:57:53.320535 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:57:53.455667 osdx dnscrypt-proxy[349588]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 02 09:57:53.455684 osdx dnscrypt-proxy[349588]: [RD] OK (DoH) - rtt: 115ms
Jun 02 09:57:53.455691 osdx dnscrypt-proxy[349588]: Server with the lowest initial latency: RD (rtt: 115ms)
Jun 02 09:57:53.455695 osdx dnscrypt-proxy[349588]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:57:53.503937 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 02 09:58:00.000198 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:58:00 UTC
Jun 02 09:58:00.001694 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:58:00'.
Jun 02 09:58:00.004107 osdx systemd-journald[148515]: Time jumped backwards, rotating.
Jun 02 09:58:00.317902 osdx sudo[351245]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:00.322050 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:00.324112 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:00.324177 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:00.326776 osdx sudo[351244]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:00.332673 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:00.590483 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 02 09:58:00.826031 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:00.927594 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:01.014791 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:01.110405 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:01.187287 osdx ubnt-cfgd[351271]: inactive
Jun 02 09:58:01.208142 osdx INFO[351279]: FRR daemons did not change
Jun 02 09:58:01.240166 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:01.314316 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:01.328542 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:01.368390 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:01.522731 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 02 09:58:01.682895 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:01.746520 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:01.849278 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:01.917533 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:02.054423 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:02.125861 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:02.222109 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 02 09:58:02.279694 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:02.411948 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:02.465780 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:02.592701 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:02.659593 osdx ubnt-cfgd[351444]: inactive
Jun 02 09:58:02.679815 osdx INFO[351452]: FRR daemons did not change
Jun 02 09:58:02.683626 osdx sudo[351455]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:02.693425 osdx ca-certificates[351468]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:03.154456 osdx ubnt-cfgd[352466]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:03.161706 osdx ca-certificates[352471]: 1 added, 0 removed; done.
Jun 02 09:58:03.164551 osdx ca-certificates[352478]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:03.167433 osdx ca-certificates[352480]: done.
Jun 02 09:58:03.232456 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:03.233684 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:03.236591 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:03.257651 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:03.261881 osdx dnscrypt-proxy[352484]: dnscrypt-proxy 2.0.45
Jun 02 09:58:03.261935 osdx dnscrypt-proxy[352484]: Network connectivity detected
Jun 02 09:58:03.262112 osdx dnscrypt-proxy[352484]: Dropping privileges
Jun 02 09:58:03.264594 osdx dnscrypt-proxy[352484]: Network connectivity detected
Jun 02 09:58:03.264625 osdx dnscrypt-proxy[352484]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:03.264630 osdx dnscrypt-proxy[352484]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:03.264656 osdx dnscrypt-proxy[352484]: Firefox workaround initialized
Jun 02 09:58:03.264661 osdx dnscrypt-proxy[352484]: Loading the set of cloaking rules from [/tmp/tmp26ny3cmm]
Jun 02 09:58:03.397735 osdx dnscrypt-proxy[352484]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 02 09:58:03.397838 osdx dnscrypt-proxy[352484]: [RD] OK (DoH) - rtt: 110ms
Jun 02 09:58:03.397873 osdx dnscrypt-proxy[352484]: Server with the lowest initial latency: RD (rtt: 110ms)
Jun 02 09:58:03.397903 osdx dnscrypt-proxy[352484]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:58:03.410309 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 02 09:58:03.614544 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:03.616116 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:03.616180 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:03.618610 osdx sudo[352517]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:03.625090 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:03.879417 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:03.936253 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:58:04.052822 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:58:04.111152 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:04.208928 osdx ubnt-cfgd[352535]: inactive
Jun 02 09:58:04.230858 osdx dnscrypt-proxy[352484]: Stopped.
Jun 02 09:58:04.230876 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:58:04.231912 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:58:04.232043 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:04.300429 osdx sudo[352605]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:04.308859 osdx ca-certificates[352621]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:58:04.597615 osdx ca-certificates[353191]: done.
Jun 02 09:58:04.601803 osdx ca-certificates[353203]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:05.039520 osdx ubnt-cfgd[354045]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:05.048593 osdx ca-certificates[354052]: 140 added, 0 removed; done.
Jun 02 09:58:05.051678 osdx ca-certificates[354057]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:05.054492 osdx ca-certificates[354059]: done.
Jun 02 09:58:05.069032 osdx INFO[354062]: FRR daemons did not change
Jun 02 09:58:05.069340 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:05.129893 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:05.151630 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:06.538996 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:06.605680 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:06.730062 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:06.810419 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:06.915011 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:07.026741 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:07.095583 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 02 09:58:07.207188 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:07.342062 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:07.399001 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:07.521516 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:07.592730 osdx ubnt-cfgd[354098]: inactive
Jun 02 09:58:07.616479 osdx INFO[354108]: FRR daemons did not change
Jun 02 09:58:07.620789 osdx sudo[354111]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:07.630567 osdx ca-certificates[354124]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:08.148387 osdx ubnt-cfgd[355122]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:08.156444 osdx ca-certificates[355127]: 1 added, 0 removed; done.
Jun 02 09:58:08.159282 osdx ca-certificates[355134]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:08.162041 osdx ca-certificates[355136]: done.
Jun 02 09:58:08.192115 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:08.344571 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:08.345987 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:08.359857 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:08.367199 osdx dnscrypt-proxy[355248]: dnscrypt-proxy 2.0.45
Jun 02 09:58:08.367278 osdx dnscrypt-proxy[355248]: Network connectivity detected
Jun 02 09:58:08.367502 osdx dnscrypt-proxy[355248]: Dropping privileges
Jun 02 09:58:08.370006 osdx dnscrypt-proxy[355248]: Network connectivity detected
Jun 02 09:58:08.370038 osdx dnscrypt-proxy[355248]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:08.370044 osdx dnscrypt-proxy[355248]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:08.370062 osdx dnscrypt-proxy[355248]: Firefox workaround initialized
Jun 02 09:58:08.370066 osdx dnscrypt-proxy[355248]: Loading the set of cloaking rules from [/tmp/tmpz87ti_s7]
Jun 02 09:58:08.392489 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:08.516695 osdx dnscrypt-proxy[355248]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 02 09:58:08.516719 osdx dnscrypt-proxy[355248]: [RD] OK (DoH) - rtt: 123ms
Jun 02 09:58:08.516730 osdx dnscrypt-proxy[355248]: Server with the lowest initial latency: RD (rtt: 123ms)
Jun 02 09:58:08.516738 osdx dnscrypt-proxy[355248]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:58:08.540911 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 02 09:58:08.774858 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free.
Jun 02 09:58:08.776112 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:08.776153 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:08.779049 osdx sudo[355299]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:08.784611 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:09.044199 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:09.103008 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:58:09.223543 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:58:09.284828 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:09.382740 osdx ubnt-cfgd[355317]: inactive
Jun 02 09:58:09.402877 osdx dnscrypt-proxy[355248]: Stopped.
Jun 02 09:58:09.402906 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:58:09.404260 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:58:09.404357 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:09.475371 osdx sudo[355387]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:09.485752 osdx ca-certificates[355403]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:58:09.757709 osdx ca-certificates[355972]: done.
Jun 02 09:58:09.760614 osdx ca-certificates[355981]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:10.192112 osdx ubnt-cfgd[356827]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:10.202965 osdx ca-certificates[356833]: 140 added, 0 removed; done.
Jun 02 09:58:10.205957 osdx ca-certificates[356839]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:10.208799 osdx ca-certificates[356841]: done.
Jun 02 09:58:10.225223 osdx INFO[356844]: FRR daemons did not change
Jun 02 09:58:10.225523 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:10.227660 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:10.249782 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:11.588500 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:11.662442 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:11.766965 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:11.851266 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:11.957856 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:12.062766 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:12.135779 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 02 09:58:12.254042 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:12.342038 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:12.420157 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:12.489045 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:12.588521 osdx ubnt-cfgd[356880]: inactive
Jun 02 09:58:12.615179 osdx INFO[356890]: FRR daemons did not change
Jun 02 09:58:12.620143 osdx sudo[356893]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:12.629608 osdx ca-certificates[356906]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:13.144410 osdx ubnt-cfgd[357904]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:13.152380 osdx ca-certificates[357910]: 1 added, 0 removed; done.
Jun 02 09:58:13.156219 osdx ca-certificates[357916]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:13.160135 osdx ca-certificates[357918]: done.
Jun 02 09:58:13.192150 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:13.340442 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:13.341550 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:13.352938 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:13.373149 osdx dnscrypt-proxy[358030]: dnscrypt-proxy 2.0.45
Jun 02 09:58:13.373211 osdx dnscrypt-proxy[358030]: Network connectivity detected
Jun 02 09:58:13.373403 osdx dnscrypt-proxy[358030]: Dropping privileges
Jun 02 09:58:13.375717 osdx dnscrypt-proxy[358030]: Network connectivity detected
Jun 02 09:58:13.375748 osdx dnscrypt-proxy[358030]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:13.375752 osdx dnscrypt-proxy[358030]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:13.375772 osdx dnscrypt-proxy[358030]: Firefox workaround initialized
Jun 02 09:58:13.375776 osdx dnscrypt-proxy[358030]: Loading the set of cloaking rules from [/tmp/tmpl3_pivng]
Jun 02 09:58:13.376744 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:13.533531 osdx dnscrypt-proxy[358030]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 02 09:58:13.533552 osdx dnscrypt-proxy[358030]: [RD] OK (DoH) - rtt: 130ms
Jun 02 09:58:13.533564 osdx dnscrypt-proxy[358030]: Server with the lowest initial latency: RD (rtt: 130ms)
Jun 02 09:58:13.533570 osdx dnscrypt-proxy[358030]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:58:13.546970 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 02 09:58:20.000216 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:58:20 UTC
Jun 02 09:58:20.002234 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:58:20'.
Jun 02 09:58:20.002622 osdx systemd-journald[148515]: Time jumped backwards, rotating.
Jun 02 09:58:20.322007 osdx sudo[359704]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:20.325101 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:20.326636 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:20.326686 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:20.330250 osdx sudo[359703]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:20.336898 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:20.575329 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 02 09:58:20.820067 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:20.915506 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:20.990915 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:21.119473 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:21.183014 osdx ubnt-cfgd[359730]: inactive
Jun 02 09:58:21.206185 osdx INFO[359738]: FRR daemons did not change
Jun 02 09:58:21.234644 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:21.315361 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:21.331256 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:21.348425 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:21.511921 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 02 09:58:21.645761 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:21.733141 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:21.837250 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:21.904349 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:22.052393 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:22.113372 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:22.224188 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:58:22.279152 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:22.406590 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:22.459181 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:22.567787 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:22.631318 osdx ubnt-cfgd[359903]: inactive
Jun 02 09:58:22.651536 osdx INFO[359911]: FRR daemons did not change
Jun 02 09:58:22.655273 osdx sudo[359914]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:22.664136 osdx ca-certificates[359927]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:23.155594 osdx ubnt-cfgd[360925]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:23.163397 osdx ca-certificates[360931]: 1 added, 0 removed; done.
Jun 02 09:58:23.166372 osdx ca-certificates[360937]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:23.169070 osdx ca-certificates[360939]: done.
Jun 02 09:58:23.223039 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:23.224588 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:23.227190 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:23.246025 osdx dnscrypt-proxy[360943]: dnscrypt-proxy 2.0.45
Jun 02 09:58:23.246096 osdx dnscrypt-proxy[360943]: Network connectivity detected
Jun 02 09:58:23.246302 osdx dnscrypt-proxy[360943]: Dropping privileges
Jun 02 09:58:23.248776 osdx dnscrypt-proxy[360943]: Network connectivity detected
Jun 02 09:58:23.248808 osdx dnscrypt-proxy[360943]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:23.248812 osdx dnscrypt-proxy[360943]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:23.248841 osdx dnscrypt-proxy[360943]: Firefox workaround initialized
Jun 02 09:58:23.248846 osdx dnscrypt-proxy[360943]: Loading the set of cloaking rules from [/tmp/tmpojfnhnyz]
Jun 02 09:58:23.248897 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:23.249567 osdx dnscrypt-proxy[360943]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 02 09:58:31.334347 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free.
Jun 02 09:58:31.335275 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:31.335319 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:31.339006 osdx sudo[362593]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:31.345312 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:31.633373 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 02 09:58:31.905662 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:31.994115 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:32.087293 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:32.194782 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:32.285486 osdx ubnt-cfgd[362620]: inactive
Jun 02 09:58:32.311171 osdx INFO[362628]: FRR daemons did not change
Jun 02 09:58:32.343283 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:32.418982 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:32.432555 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:32.456621 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:32.617754 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 02 09:58:32.833881 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:32.916987 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:33.014140 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:33.092270 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:33.198441 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:33.317890 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:33.375462 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:58:33.471657 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:33.550509 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:33.630083 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:33.705016 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:33.804196 osdx ubnt-cfgd[362793]: inactive
Jun 02 09:58:33.827704 osdx INFO[362801]: FRR daemons did not change
Jun 02 09:58:33.831468 osdx sudo[362804]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:33.840621 osdx ca-certificates[362817]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:34.316192 osdx ubnt-cfgd[363815]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:34.324236 osdx ca-certificates[363821]: 1 added, 0 removed; done.
Jun 02 09:58:34.327245 osdx ca-certificates[363827]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:34.329993 osdx ca-certificates[363829]: done.
Jun 02 09:58:34.387553 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:34.388634 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:34.390691 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:34.408253 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:34.421720 osdx dnscrypt-proxy[363833]: dnscrypt-proxy 2.0.45
Jun 02 09:58:34.421795 osdx dnscrypt-proxy[363833]: Network connectivity detected
Jun 02 09:58:34.422051 osdx dnscrypt-proxy[363833]: Dropping privileges
Jun 02 09:58:34.424428 osdx dnscrypt-proxy[363833]: Network connectivity detected
Jun 02 09:58:34.424457 osdx dnscrypt-proxy[363833]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:34.424461 osdx dnscrypt-proxy[363833]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:34.424487 osdx dnscrypt-proxy[363833]: Firefox workaround initialized
Jun 02 09:58:34.424492 osdx dnscrypt-proxy[363833]: Loading the set of cloaking rules from [/tmp/tmp5oh5co4i]
Jun 02 09:58:34.425302 osdx dnscrypt-proxy[363833]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 02 09:58:34.642144 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:34.643274 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:34.643316 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:34.646070 osdx sudo[363860]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:34.651733 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:34.933481 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:35.000132 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:58:35.111179 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:58:35.186910 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:35.252538 osdx ubnt-cfgd[363878]: inactive
Jun 02 09:58:35.271836 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:58:35.271844 osdx dnscrypt-proxy[363833]: Stopped.
Jun 02 09:58:35.272680 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:58:35.272784 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:35.332869 osdx sudo[363948]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:35.341594 osdx ca-certificates[363964]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:58:35.618208 osdx ca-certificates[364533]: done.
Jun 02 09:58:35.622053 osdx ca-certificates[364542]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:36.080331 osdx ubnt-cfgd[365388]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:36.088441 osdx ca-certificates[365393]: 140 added, 0 removed; done.
Jun 02 09:58:36.092249 osdx ca-certificates[365400]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:36.095288 osdx ca-certificates[365402]: done.
Jun 02 09:58:36.110719 osdx INFO[365405]: FRR daemons did not change
Jun 02 09:58:36.110987 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:36.164161 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:36.180409 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:37.406124 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:37.465551 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:37.567094 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:37.655821 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:37.713051 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:37.826432 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:37.907531 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 02 09:58:38.002741 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:38.102573 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:38.179608 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:38.289344 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:38.362420 osdx ubnt-cfgd[365441]: inactive
Jun 02 09:58:38.386121 osdx INFO[365451]: FRR daemons did not change
Jun 02 09:58:38.389637 osdx sudo[365454]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:38.398054 osdx ca-certificates[365467]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:38.897616 osdx ubnt-cfgd[366465]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:38.905129 osdx ca-certificates[366470]: 1 added, 0 removed; done.
Jun 02 09:58:38.908814 osdx ca-certificates[366477]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:38.912297 osdx ca-certificates[366479]: done.
Jun 02 09:58:38.943277 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:39.103686 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:39.104997 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:39.121971 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:39.141232 osdx dnscrypt-proxy[366591]: dnscrypt-proxy 2.0.45
Jun 02 09:58:39.141329 osdx dnscrypt-proxy[366591]: Network connectivity detected
Jun 02 09:58:39.141624 osdx dnscrypt-proxy[366591]: Dropping privileges
Jun 02 09:58:39.144959 osdx dnscrypt-proxy[366591]: Network connectivity detected
Jun 02 09:58:39.145211 osdx dnscrypt-proxy[366591]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:39.145263 osdx dnscrypt-proxy[366591]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:39.145338 osdx dnscrypt-proxy[366591]: Firefox workaround initialized
Jun 02 09:58:39.145380 osdx dnscrypt-proxy[366591]: Loading the set of cloaking rules from [/tmp/tmp82j4zfa3]
Jun 02 09:58:39.146675 osdx dnscrypt-proxy[366591]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 02 09:58:39.150247 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 02 09:58:39.393403 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:39.395279 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:39.395337 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:39.398514 osdx sudo[366637]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:39.404022 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:39.657645 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:39.723020 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:58:39.844206 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:58:39.905605 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:40.009422 osdx ubnt-cfgd[366655]: inactive
Jun 02 09:58:40.032028 osdx dnscrypt-proxy[366591]: Stopped.
Jun 02 09:58:40.032077 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:58:40.032965 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:58:40.033082 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:40.115087 osdx sudo[366725]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:40.124741 osdx ca-certificates[366741]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:58:40.403844 osdx ca-certificates[367310]: done.
Jun 02 09:58:40.407194 osdx ca-certificates[367319]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:40.881512 osdx ubnt-cfgd[368165]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:40.890541 osdx ca-certificates[368170]: 140 added, 0 removed; done.
Jun 02 09:58:40.893430 osdx ca-certificates[368177]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:40.897037 osdx ca-certificates[368179]: done.
Jun 02 09:58:40.912286 osdx INFO[368182]: FRR daemons did not change
Jun 02 09:58:40.912529 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:40.950901 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:40.978347 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:42.253799 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:42.355487 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:42.483246 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:42.573744 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:42.681699 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:42.797581 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:42.867021 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:58:42.936342 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 02 09:58:43.035081 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:43.144731 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:43.206104 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:43.323278 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:43.395654 osdx ubnt-cfgd[368221]: inactive
Jun 02 09:58:43.422367 osdx INFO[368231]: FRR daemons did not change
Jun 02 09:58:43.426254 osdx sudo[368234]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:43.436365 osdx ca-certificates[368246]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:43.953042 osdx ubnt-cfgd[369245]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:43.960828 osdx ca-certificates[369250]: 1 added, 0 removed; done.
Jun 02 09:58:43.963728 osdx ca-certificates[369257]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:43.967488 osdx ca-certificates[369259]: done.
Jun 02 09:58:43.995281 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:44.139761 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:44.141209 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:44.154126 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:44.167002 osdx dnscrypt-proxy[369371]: dnscrypt-proxy 2.0.45
Jun 02 09:58:44.167075 osdx dnscrypt-proxy[369371]: Network connectivity detected
Jun 02 09:58:44.167323 osdx dnscrypt-proxy[369371]: Dropping privileges
Jun 02 09:58:44.170065 osdx dnscrypt-proxy[369371]: Network connectivity detected
Jun 02 09:58:44.170099 osdx dnscrypt-proxy[369371]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:44.170105 osdx dnscrypt-proxy[369371]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:44.170133 osdx dnscrypt-proxy[369371]: Firefox workaround initialized
Jun 02 09:58:44.170138 osdx dnscrypt-proxy[369371]: Loading the set of cloaking rules from [/tmp/tmpb8j2vjyi]
Jun 02 09:58:44.171098 osdx dnscrypt-proxy[369371]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 02 09:58:44.180752 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 02 09:58:51.000200 osdx systemd-timedated[293181]: Changed local time to Tue 2026-06-02 09:58:51 UTC
Jun 02 09:58:51.001905 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'set date 2026-06-02 09:58:51'.
Jun 02 09:58:51.003319 osdx systemd-journald[148515]: Time jumped backwards, rotating.
Jun 02 09:58:51.316986 osdx sudo[371043]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:51.320072 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:58:51.323323 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:58:51.323392 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:58:51.325462 osdx sudo[371042]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:51.333362 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:58:51.592674 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 02 09:58:51.862273 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:51.962753 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:52.051624 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:52.132747 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:52.220129 osdx ubnt-cfgd[371069]: inactive
Jun 02 09:58:52.243051 osdx INFO[371077]: FRR daemons did not change
Jun 02 09:58:52.275326 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:58:52.355914 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:52.369908 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:52.385856 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:52.552844 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 02 09:58:52.685250 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:58:52.792127 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:58:52.905202 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:58:52.976206 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:58:53.090349 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:58:53.194620 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:58:53.270175 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:58:53.369004 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 02 09:58:53.457020 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:58:53.538577 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:58:53.606787 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:58:53.719755 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:58:53.782899 osdx ubnt-cfgd[371245]: inactive
Jun 02 09:58:53.805061 osdx INFO[371253]: FRR daemons did not change
Jun 02 09:58:53.809046 osdx sudo[371256]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:58:53.819358 osdx ca-certificates[371268]: Updating certificates in /etc/ssl/certs...
Jun 02 09:58:54.342789 osdx ubnt-cfgd[372267]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:58:54.350395 osdx ca-certificates[372273]: 1 added, 0 removed; done.
Jun 02 09:58:54.354272 osdx ca-certificates[372279]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:58:54.357086 osdx ca-certificates[372281]: done.
Jun 02 09:58:54.423661 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:58:54.424955 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:58:54.427168 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:58:54.444034 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:58:54.454065 osdx dnscrypt-proxy[372285]: dnscrypt-proxy 2.0.45
Jun 02 09:58:54.454122 osdx dnscrypt-proxy[372285]: Network connectivity detected
Jun 02 09:58:54.454302 osdx dnscrypt-proxy[372285]: Dropping privileges
Jun 02 09:58:54.456503 osdx dnscrypt-proxy[372285]: Network connectivity detected
Jun 02 09:58:54.456699 osdx dnscrypt-proxy[372285]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:58:54.456741 osdx dnscrypt-proxy[372285]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:58:54.456802 osdx dnscrypt-proxy[372285]: Firefox workaround initialized
Jun 02 09:58:54.456836 osdx dnscrypt-proxy[372285]: Loading the set of cloaking rules from [/tmp/tmpzl2kdwit]
Jun 02 09:58:54.598059 osdx dnscrypt-proxy[372285]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 02 09:58:54.598074 osdx dnscrypt-proxy[372285]: [RD] OK (DoH) - rtt: 119ms
Jun 02 09:58:54.598081 osdx dnscrypt-proxy[372285]: Server with the lowest initial latency: RD (rtt: 119ms)
Jun 02 09:58:54.598086 osdx dnscrypt-proxy[372285]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:58:59.601651 osdx OSDxCLI[171599]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 02 09:59:01.691778 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 02 09:59:01.894212 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:59:01.895322 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:59:01.895371 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:59:01.898152 osdx sudo[372320]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:01.904692 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:59:02.190670 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:02.278464 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:59:02.351017 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:59:02.451399 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:02.510943 osdx ubnt-cfgd[372338]: inactive
Jun 02 09:59:02.547750 osdx dnscrypt-proxy[372285]: Stopped.
Jun 02 09:59:02.547804 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:59:02.548871 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:59:02.548999 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:02.617526 osdx sudo[372408]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:02.626456 osdx ca-certificates[372424]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:59:02.916798 osdx ca-certificates[372993]: done.
Jun 02 09:59:02.920786 osdx ca-certificates[373002]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:03.356047 osdx ubnt-cfgd[373848]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:03.365220 osdx ca-certificates[373854]: 140 added, 0 removed; done.
Jun 02 09:59:03.368941 osdx ca-certificates[373860]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:03.372349 osdx ca-certificates[373862]: done.
Jun 02 09:59:03.389726 osdx INFO[373865]: FRR daemons did not change
Jun 02 09:59:03.390147 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:03.392148 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:03.421620 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:04.694365 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:04.802842 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:59:04.919543 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:59:05.044226 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:59:05.130784 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:59:05.202526 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:59:05.309926 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:59:05.370380 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 02 09:59:05.455517 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:59:05.556175 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:59:05.625723 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:59:05.740157 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:05.803151 osdx ubnt-cfgd[373904]: inactive
Jun 02 09:59:05.826663 osdx INFO[373914]: FRR daemons did not change
Jun 02 09:59:05.832838 osdx sudo[373917]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:05.841973 osdx ca-certificates[373929]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:06.354775 osdx ubnt-cfgd[374928]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:06.362422 osdx ca-certificates[374933]: 1 added, 0 removed; done.
Jun 02 09:59:06.365276 osdx ca-certificates[374940]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:06.368199 osdx ca-certificates[374942]: done.
Jun 02 09:59:06.395350 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:59:06.559698 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:06.561012 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:06.573504 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:06.591180 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:06.591681 osdx dnscrypt-proxy[375054]: dnscrypt-proxy 2.0.45
Jun 02 09:59:06.591739 osdx dnscrypt-proxy[375054]: Network connectivity detected
Jun 02 09:59:06.591955 osdx dnscrypt-proxy[375054]: Dropping privileges
Jun 02 09:59:06.594248 osdx dnscrypt-proxy[375054]: Network connectivity detected
Jun 02 09:59:06.594276 osdx dnscrypt-proxy[375054]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:59:06.594281 osdx dnscrypt-proxy[375054]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:59:06.594301 osdx dnscrypt-proxy[375054]: Firefox workaround initialized
Jun 02 09:59:06.594305 osdx dnscrypt-proxy[375054]: Loading the set of cloaking rules from [/tmp/tmpfo21rnsz]
Jun 02 09:59:06.745910 osdx dnscrypt-proxy[375054]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 02 09:59:06.745932 osdx dnscrypt-proxy[375054]: [RD] OK (DoH) - rtt: 125ms
Jun 02 09:59:06.745942 osdx dnscrypt-proxy[375054]: Server with the lowest initial latency: RD (rtt: 125ms)
Jun 02 09:59:06.745948 osdx dnscrypt-proxy[375054]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:59:06.785194 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 02 09:59:06.996693 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free.
Jun 02 09:59:06.999332 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:59:06.999400 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:59:07.001923 osdx sudo[375105]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:07.007920 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:59:07.347420 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:07.413094 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:59:07.551673 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:59:07.646216 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:07.736816 osdx ubnt-cfgd[375123]: inactive
Jun 02 09:59:07.758544 osdx dnscrypt-proxy[375054]: Stopped.
Jun 02 09:59:07.758636 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:59:07.759820 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:59:07.759942 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:07.827586 osdx sudo[375193]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:07.836896 osdx ca-certificates[375209]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:59:08.110294 osdx ca-certificates[375779]: done.
Jun 02 09:59:08.114047 osdx ca-certificates[375789]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:08.547286 osdx ubnt-cfgd[376633]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:08.554908 osdx ca-certificates[376638]: 140 added, 0 removed; done.
Jun 02 09:59:08.557835 osdx ca-certificates[376645]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:08.560547 osdx ca-certificates[376647]: done.
Jun 02 09:59:08.580682 osdx INFO[376650]: FRR daemons did not change
Jun 02 09:59:08.581097 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:08.582977 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:08.599363 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:09.911926 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:09.983768 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:59:10.083502 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:59:10.156203 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:59:10.305874 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:59:10.397010 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:59:10.493348 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 02 09:59:10.554175 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 02 09:59:10.660518 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:59:10.776952 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:59:10.866460 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:59:10.962516 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:11.055394 osdx ubnt-cfgd[376689]: inactive
Jun 02 09:59:11.077747 osdx INFO[376699]: FRR daemons did not change
Jun 02 09:59:11.081665 osdx sudo[376702]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:11.090626 osdx ca-certificates[376715]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:11.598673 osdx ubnt-cfgd[377713]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:11.608210 osdx ca-certificates[377718]: 1 added, 0 removed; done.
Jun 02 09:59:11.611627 osdx ca-certificates[377725]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:11.615351 osdx ca-certificates[377727]: done.
Jun 02 09:59:11.655361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:59:11.799802 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:11.801294 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:11.818573 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:11.834551 osdx dnscrypt-proxy[377839]: dnscrypt-proxy 2.0.45
Jun 02 09:59:11.834623 osdx dnscrypt-proxy[377839]: Network connectivity detected
Jun 02 09:59:11.834854 osdx dnscrypt-proxy[377839]: Dropping privileges
Jun 02 09:59:11.837156 osdx dnscrypt-proxy[377839]: Network connectivity detected
Jun 02 09:59:11.837190 osdx dnscrypt-proxy[377839]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:59:11.837194 osdx dnscrypt-proxy[377839]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:59:11.837213 osdx dnscrypt-proxy[377839]: Firefox workaround initialized
Jun 02 09:59:11.837217 osdx dnscrypt-proxy[377839]: Loading the set of cloaking rules from [/tmp/tmpyg7nnita]
Jun 02 09:59:11.840775 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:11.999511 osdx dnscrypt-proxy[377839]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 02 09:59:11.999525 osdx dnscrypt-proxy[377839]: [RD] OK (DoH) - rtt: 137ms
Jun 02 09:59:11.999533 osdx dnscrypt-proxy[377839]: Server with the lowest initial latency: RD (rtt: 137ms)
Jun 02 09:59:11.999538 osdx dnscrypt-proxy[377839]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:59:17.012899 osdx OSDxCLI[171599]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 02 09:59:19.101192 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 02 09:59:19.329281 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:59:19.331323 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:59:19.331393 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:59:19.334296 osdx sudo[377897]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:19.341827 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:59:19.596220 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:19.695219 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:59:19.767336 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:59:19.864464 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:19.927585 osdx ubnt-cfgd[377915]: inactive
Jun 02 09:59:19.951942 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:59:19.951989 osdx dnscrypt-proxy[377839]: Stopped.
Jun 02 09:59:19.953616 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:59:19.953738 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:20.023729 osdx sudo[377985]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:20.032633 osdx ca-certificates[378001]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:59:20.299998 osdx ca-certificates[378571]: done.
Jun 02 09:59:20.302922 osdx ca-certificates[378580]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:20.785338 osdx ubnt-cfgd[379425]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:20.796225 osdx ca-certificates[379431]: 140 added, 0 removed; done.
Jun 02 09:59:20.799428 osdx ca-certificates[379437]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:20.803410 osdx ca-certificates[379439]: done.
Jun 02 09:59:20.824097 osdx INFO[379442]: FRR daemons did not change
Jun 02 09:59:20.824706 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:20.827101 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:20.844652 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:21.030454 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Jun 02 09:59:22.057846 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:22.118097 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:59:22.207248 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:59:22.271093 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:59:22.373685 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:59:22.476937 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:59:22.534653 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 02 09:59:22.633774 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 02 09:59:22.697022 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:59:22.813437 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:59:22.867064 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:59:22.991379 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:23.067106 osdx ubnt-cfgd[379483]: inactive
Jun 02 09:59:23.091599 osdx INFO[379493]: FRR daemons did not change
Jun 02 09:59:23.095335 osdx sudo[379496]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:23.103905 osdx ca-certificates[379509]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:23.611547 osdx ubnt-cfgd[380507]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:23.618878 osdx ca-certificates[380513]: 1 added, 0 removed; done.
Jun 02 09:59:23.622999 osdx ca-certificates[380519]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:23.626118 osdx ca-certificates[380521]: done.
Jun 02 09:59:23.655351 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:59:23.799735 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:23.802025 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:23.813557 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:23.827816 osdx dnscrypt-proxy[380633]: dnscrypt-proxy 2.0.45
Jun 02 09:59:23.827891 osdx dnscrypt-proxy[380633]: Network connectivity detected
Jun 02 09:59:23.828124 osdx dnscrypt-proxy[380633]: Dropping privileges
Jun 02 09:59:23.831823 osdx dnscrypt-proxy[380633]: Network connectivity detected
Jun 02 09:59:23.831857 osdx dnscrypt-proxy[380633]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:59:23.831861 osdx dnscrypt-proxy[380633]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:59:23.831892 osdx dnscrypt-proxy[380633]: Firefox workaround initialized
Jun 02 09:59:23.831898 osdx dnscrypt-proxy[380633]: Loading the set of cloaking rules from [/tmp/tmpblizo4mw]
Jun 02 09:59:23.832753 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:23.966466 osdx dnscrypt-proxy[380633]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 02 09:59:23.966481 osdx dnscrypt-proxy[380633]: [RD] OK (DoH) - rtt: 102ms
Jun 02 09:59:23.966489 osdx dnscrypt-proxy[380633]: Server with the lowest initial latency: RD (rtt: 102ms)
Jun 02 09:59:23.966494 osdx dnscrypt-proxy[380633]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:59:24.001053 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 02 09:59:24.210731 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:59:24.211327 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:59:24.211369 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:59:24.215054 osdx sudo[380684]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:24.220668 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:59:24.484098 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:24.555563 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:59:24.676239 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:59:24.739029 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:24.850442 osdx ubnt-cfgd[380702]: inactive
Jun 02 09:59:24.871606 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:59:24.871649 osdx dnscrypt-proxy[380633]: Stopped.
Jun 02 09:59:24.873113 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:59:24.873213 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:24.939148 osdx sudo[380772]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:24.948332 osdx ca-certificates[380788]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:59:25.207804 osdx ca-certificates[381357]: done.
Jun 02 09:59:25.211436 osdx ca-certificates[381366]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:25.622660 osdx ubnt-cfgd[382212]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:25.631892 osdx ca-certificates[382218]: 140 added, 0 removed; done.
Jun 02 09:59:25.634676 osdx ca-certificates[382224]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:25.637442 osdx ca-certificates[382226]: done.
Jun 02 09:59:25.652185 osdx INFO[382229]: FRR daemons did not change
Jun 02 09:59:25.652639 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:25.654515 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:25.670644 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:26.910830 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:26.987900 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:59:27.095836 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:59:27.173928 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:59:27.242859 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:59:27.360408 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:59:27.416408 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 02 09:59:27.517589 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 02 09:59:27.574962 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:59:27.707861 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:59:27.760814 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:59:27.873018 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:27.932899 osdx ubnt-cfgd[382268]: inactive
Jun 02 09:59:27.956071 osdx INFO[382278]: FRR daemons did not change
Jun 02 09:59:27.960624 osdx sudo[382281]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:27.972444 osdx ca-certificates[382294]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:28.471782 osdx ubnt-cfgd[383292]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:28.479202 osdx ca-certificates[383297]: 1 added, 0 removed; done.
Jun 02 09:59:28.482630 osdx ca-certificates[383304]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:28.485406 osdx ca-certificates[383306]: done.
Jun 02 09:59:28.515333 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:59:28.647827 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:28.649345 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:28.660726 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:28.675206 osdx dnscrypt-proxy[383418]: dnscrypt-proxy 2.0.45
Jun 02 09:59:28.675284 osdx dnscrypt-proxy[383418]: Network connectivity detected
Jun 02 09:59:28.675668 osdx dnscrypt-proxy[383418]: Dropping privileges
Jun 02 09:59:28.678232 osdx dnscrypt-proxy[383418]: Network connectivity detected
Jun 02 09:59:28.678463 osdx dnscrypt-proxy[383418]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:59:28.678503 osdx dnscrypt-proxy[383418]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:59:28.678571 osdx dnscrypt-proxy[383418]: Firefox workaround initialized
Jun 02 09:59:28.678609 osdx dnscrypt-proxy[383418]: Loading the set of cloaking rules from [/tmp/tmp02ichjs_]
Jun 02 09:59:28.679765 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:28.820711 osdx dnscrypt-proxy[383418]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 02 09:59:28.820724 osdx dnscrypt-proxy[383418]: [RD] OK (DoH) - rtt: 113ms
Jun 02 09:59:28.820732 osdx dnscrypt-proxy[383418]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 02 09:59:28.820736 osdx dnscrypt-proxy[383418]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:59:33.820551 osdx OSDxCLI[171599]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 02 09:59:35.895672 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 02 09:59:36.121376 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free.
Jun 02 09:59:36.123335 osdx systemd-journald[148515]: Received client request to rotate journal, rotating.
Jun 02 09:59:36.123395 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e.
Jun 02 09:59:36.126735 osdx sudo[383472]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:36.132443 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'system journal clear'.
Jun 02 09:59:36.426218 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:36.487567 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'delete '.
Jun 02 09:59:36.604015 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 02 09:59:36.672958 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:36.774506 osdx ubnt-cfgd[383490]: inactive
Jun 02 09:59:36.800492 osdx dnscrypt-proxy[383418]: Stopped.
Jun 02 09:59:36.800558 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 02 09:59:36.801621 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 02 09:59:36.801744 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:36.882228 osdx sudo[383560]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:36.892838 osdx ca-certificates[383576]: Clearing symlinks in /etc/ssl/certs...
Jun 02 09:59:37.183686 osdx ca-certificates[384146]: done.
Jun 02 09:59:37.186672 osdx ca-certificates[384155]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:37.648040 osdx ubnt-cfgd[385000]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:37.655833 osdx ca-certificates[385005]: 140 added, 0 removed; done.
Jun 02 09:59:37.659578 osdx ca-certificates[385012]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:37.662674 osdx ca-certificates[385014]: done.
Jun 02 09:59:37.680458 osdx INFO[385017]: FRR daemons did not change
Jun 02 09:59:37.680949 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:37.683194 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:37.700860 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:39.131524 osdx OSDxCLI[171599]: User 'admin' entered the configuration menu.
Jun 02 09:59:39.205034 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 02 09:59:39.295896 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 02 09:59:39.386166 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 02 09:59:39.456481 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 02 09:59:39.617519 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 81d8c57444e7a6865033e179e51a88281aac172403e7e688603f628babda0cbd'.
Jun 02 09:59:39.690545 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 02 09:59:39.818443 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 02 09:59:39.883992 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 02 09:59:40.030922 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 02 09:59:40.089201 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 02 09:59:40.203090 osdx OSDxCLI[171599]: User 'admin' added a new cfg line: 'show working'.
Jun 02 09:59:40.268097 osdx ubnt-cfgd[385056]: inactive
Jun 02 09:59:40.293974 osdx INFO[385066]: FRR daemons did not change
Jun 02 09:59:40.299093 osdx sudo[385069]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 02 09:59:40.310086 osdx ca-certificates[385082]: Updating certificates in /etc/ssl/certs...
Jun 02 09:59:40.848871 osdx ubnt-cfgd[386080]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 02 09:59:40.859285 osdx ca-certificates[386086]: 1 added, 0 removed; done.
Jun 02 09:59:40.871640 osdx ca-certificates[386092]: Running hooks in /etc/ca-certificates/update.d...
Jun 02 09:59:40.875849 osdx ca-certificates[386094]: done.
Jun 02 09:59:40.903333 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 02 09:59:41.063874 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 02 09:59:41.065480 osdx cfgd[1665]: [171599]Completed change to active configuration
Jun 02 09:59:41.079533 osdx OSDxCLI[171599]: User 'admin' committed the configuration.
Jun 02 09:59:41.094934 osdx dnscrypt-proxy[386206]: dnscrypt-proxy 2.0.45
Jun 02 09:59:41.094996 osdx dnscrypt-proxy[386206]: Network connectivity detected
Jun 02 09:59:41.095177 osdx dnscrypt-proxy[386206]: Dropping privileges
Jun 02 09:59:41.097583 osdx dnscrypt-proxy[386206]: Network connectivity detected
Jun 02 09:59:41.097622 osdx dnscrypt-proxy[386206]: Now listening to 127.0.0.1:53 [UDP]
Jun 02 09:59:41.097628 osdx dnscrypt-proxy[386206]: Now listening to 127.0.0.1:53 [TCP]
Jun 02 09:59:41.097652 osdx dnscrypt-proxy[386206]: Firefox workaround initialized
Jun 02 09:59:41.097658 osdx dnscrypt-proxy[386206]: Loading the set of cloaking rules from [/tmp/tmpdygrzhi0]
Jun 02 09:59:41.110268 osdx OSDxCLI[171599]: User 'admin' left the configuration menu.
Jun 02 09:59:41.247349 osdx dnscrypt-proxy[386206]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 02 09:59:41.247371 osdx dnscrypt-proxy[386206]: [RD] OK (DoH) - rtt: 124ms
Jun 02 09:59:41.247380 osdx dnscrypt-proxy[386206]: Server with the lowest initial latency: RD (rtt: 124ms)
Jun 02 09:59:41.247386 osdx dnscrypt-proxy[386206]: dnscrypt-proxy is ready - live servers: 1
Jun 02 09:59:41.374582 osdx OSDxCLI[171599]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---