Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Apr 10 20:08:27.358133 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:08:27.358736 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:08:27.358777 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:08:27.369904 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:08:27.713522 osdx osdx-coredump[307073]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:08:27.721678 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:08:28.263725 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:28.359151 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:08:28.445080 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:08:28.513380 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:28.610901 osdx ubnt-cfgd[307091]: inactive Apr 10 20:08:28.658734 osdx INFO[307099]: FRR daemons did not change Apr 10 20:08:28.682350 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:08:28.760878 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:28.772130 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:28.789880 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:28.924559 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:08:29.098523 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:29.203472 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:08:29.274050 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:08:29.389191 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:08:29.456638 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:08:29.562251 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:08:29.626494 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 10 20:08:29.772209 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:08:29.865745 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:08:29.953598 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:08:30.033477 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:30.125897 osdx ubnt-cfgd[307260]: inactive Apr 10 20:08:30.185994 osdx INFO[307268]: FRR daemons did not change Apr 10 20:08:30.215806 osdx ca-certificates[307284]: Updating certificates in /etc/ssl/certs... Apr 10 20:08:30.775191 osdx ca-certificates[308286]: 1 added, 0 removed; done. Apr 10 20:08:30.778155 osdx ca-certificates[308294]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:08:30.780909 osdx ca-certificates[308296]: done. Apr 10 20:08:30.850764 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:08:30.852922 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:30.859271 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:30.896022 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:31.048531 osdx OSDxCLI[284355]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Apr 10 20:08:31.069622 osdx dnscrypt-proxy[308300]: dnscrypt-proxy 2.0.45 Apr 10 20:08:31.069686 osdx dnscrypt-proxy[308300]: Network connectivity detected Apr 10 20:08:31.069879 osdx dnscrypt-proxy[308300]: Dropping privileges Apr 10 20:08:31.074754 osdx dnscrypt-proxy[308300]: Network connectivity detected Apr 10 20:08:31.074963 osdx dnscrypt-proxy[308300]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:08:31.074999 osdx dnscrypt-proxy[308300]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:08:31.075051 osdx dnscrypt-proxy[308300]: Firefox workaround initialized Apr 10 20:08:31.075080 osdx dnscrypt-proxy[308300]: Loading the set of cloaking rules from [/tmp/tmpbyir6aq4] Apr 10 20:08:31.241108 osdx dnscrypt-proxy[308300]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 10 20:08:31.241259 osdx dnscrypt-proxy[308300]: [RD] OK (DoH) - rtt: 118ms Apr 10 20:08:31.241307 osdx dnscrypt-proxy[308300]: Server with the lowest initial latency: RD (rtt: 118ms) Apr 10 20:08:31.241346 osdx dnscrypt-proxy[308300]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:08:33.144660 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Apr 10 20:08:40.382570 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:08:40.383191 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:08:40.383233 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:08:40.393149 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:08:40.741280 osdx osdx-coredump[309974]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:08:40.751324 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:08:41.316107 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:41.435451 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:08:41.502838 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:08:41.584389 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:41.701385 osdx ubnt-cfgd[309992]: inactive Apr 10 20:08:41.736306 osdx INFO[310000]: FRR daemons did not change Apr 10 20:08:41.754683 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:08:41.829984 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:41.841410 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:41.857897 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:42.012763 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:08:42.193392 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:42.258888 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:08:42.360112 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:08:42.431435 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:08:42.534080 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:08:42.651046 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:08:42.709590 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 10 20:08:42.808835 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:08:42.943810 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:08:43.023388 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:08:43.150162 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:43.225098 osdx ubnt-cfgd[310161]: inactive Apr 10 20:08:43.270968 osdx INFO[310169]: FRR daemons did not change Apr 10 20:08:43.283701 osdx ca-certificates[310185]: Updating certificates in /etc/ssl/certs... Apr 10 20:08:43.805423 osdx ca-certificates[311188]: 1 added, 0 removed; done. Apr 10 20:08:43.808580 osdx ca-certificates[311195]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:08:43.812290 osdx ca-certificates[311197]: done. Apr 10 20:08:43.879012 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:08:43.880428 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:43.883159 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:43.901772 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:43.904195 osdx dnscrypt-proxy[311201]: dnscrypt-proxy 2.0.45 Apr 10 20:08:43.904264 osdx dnscrypt-proxy[311201]: Network connectivity detected Apr 10 20:08:43.904473 osdx dnscrypt-proxy[311201]: Dropping privileges Apr 10 20:08:43.906764 osdx dnscrypt-proxy[311201]: Network connectivity detected Apr 10 20:08:43.906791 osdx dnscrypt-proxy[311201]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:08:43.906796 osdx dnscrypt-proxy[311201]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:08:43.906818 osdx dnscrypt-proxy[311201]: Firefox workaround initialized Apr 10 20:08:43.906822 osdx dnscrypt-proxy[311201]: Loading the set of cloaking rules from [/tmp/tmp91vbq3s4] Apr 10 20:08:44.076078 osdx dnscrypt-proxy[311201]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 10 20:08:44.076091 osdx dnscrypt-proxy[311201]: [RD] OK (DoH) - rtt: 69ms Apr 10 20:08:44.076098 osdx dnscrypt-proxy[311201]: Server with the lowest initial latency: RD (rtt: 69ms) Apr 10 20:08:44.076102 osdx dnscrypt-proxy[311201]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:08:49.056456 osdx OSDxCLI[284355]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Apr 10 20:08:51.151390 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Apr 10 20:08:51.356674 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:08:51.358673 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:08:51.358721 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:08:51.366729 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:08:51.669897 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:51.788486 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:08:51.879736 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:08:51.991689 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:52.071123 osdx ubnt-cfgd[311254]: inactive Apr 10 20:08:52.125387 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:08:52.125398 osdx dnscrypt-proxy[311201]: Stopped. Apr 10 20:08:52.126582 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:08:52.126686 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:08:52.200434 osdx ca-certificates[311340]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:08:52.457156 osdx ca-certificates[311909]: done. Apr 10 20:08:52.460945 osdx ca-certificates[311919]: Updating certificates in /etc/ssl/certs... Apr 10 20:08:52.901463 osdx ca-certificates[312770]: 140 added, 0 removed; done. Apr 10 20:08:52.904354 osdx ca-certificates[312776]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:08:52.907201 osdx ca-certificates[312778]: done. Apr 10 20:08:52.922128 osdx INFO[312781]: FRR daemons did not change Apr 10 20:08:52.922622 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:52.925418 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:52.965737 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:54.349507 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:08:54.412475 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:08:54.515198 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:08:54.577949 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:08:54.671585 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:08:54.770419 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:08:54.827010 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 10 20:08:54.921250 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:08:54.998246 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:08:55.080616 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:08:55.156754 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:08:55.251489 osdx ubnt-cfgd[312815]: inactive Apr 10 20:08:55.303057 osdx INFO[312825]: FRR daemons did not change Apr 10 20:08:55.315400 osdx ca-certificates[312841]: Updating certificates in /etc/ssl/certs... Apr 10 20:08:55.843186 osdx ca-certificates[313845]: 1 added, 0 removed; done. Apr 10 20:08:55.846055 osdx ca-certificates[313851]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:08:55.848756 osdx ca-certificates[313853]: done. Apr 10 20:08:55.866677 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:08:56.010995 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:08:56.012136 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:08:56.023722 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:08:56.048454 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:08:56.049532 osdx dnscrypt-proxy[313963]: dnscrypt-proxy 2.0.45 Apr 10 20:08:56.049610 osdx dnscrypt-proxy[313963]: Network connectivity detected Apr 10 20:08:56.049841 osdx dnscrypt-proxy[313963]: Dropping privileges Apr 10 20:08:56.052685 osdx dnscrypt-proxy[313963]: Network connectivity detected Apr 10 20:08:56.052723 osdx dnscrypt-proxy[313963]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:08:56.052728 osdx dnscrypt-proxy[313963]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:08:56.052750 osdx dnscrypt-proxy[313963]: Firefox workaround initialized Apr 10 20:08:56.052754 osdx dnscrypt-proxy[313963]: Loading the set of cloaking rules from [/tmp/tmps36l9vn6] Apr 10 20:08:56.236495 osdx dnscrypt-proxy[313963]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 10 20:08:56.236510 osdx dnscrypt-proxy[313963]: [RD] OK (DoH) - rtt: 71ms Apr 10 20:08:56.236518 osdx dnscrypt-proxy[313963]: Server with the lowest initial latency: RD (rtt: 71ms) Apr 10 20:08:56.236522 osdx dnscrypt-proxy[313963]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:09:01.199850 osdx OSDxCLI[284355]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Apr 10 20:09:03.289896 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Apr 10 20:09:03.529049 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:03.530670 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:03.530716 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:03.538300 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:03.841176 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:03.898197 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:09:04.008784 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:09:04.072874 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:04.171880 osdx ubnt-cfgd[314039]: inactive Apr 10 20:09:04.221141 osdx dnscrypt-proxy[313963]: Stopped. Apr 10 20:09:04.221172 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:09:04.221925 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:09:04.222023 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:04.302992 osdx ca-certificates[314125]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:09:04.583093 osdx ca-certificates[314695]: done. Apr 10 20:09:04.587280 osdx ca-certificates[314703]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:05.021159 osdx ca-certificates[315554]: 140 added, 0 removed; done. Apr 10 20:09:05.024180 osdx ca-certificates[315561]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:05.027261 osdx ca-certificates[315563]: done. Apr 10 20:09:05.043588 osdx INFO[315566]: FRR daemons did not change Apr 10 20:09:05.043863 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:05.046512 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:05.073166 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:06.334479 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:06.396259 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:06.498736 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:06.579502 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:06.693142 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:06.813971 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:06.871827 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 10 20:09:07.008194 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:07.084550 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:07.173763 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:07.245881 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:07.370918 osdx ubnt-cfgd[315600]: inactive Apr 10 20:09:07.441095 osdx INFO[315610]: FRR daemons did not change Apr 10 20:09:07.454476 osdx ca-certificates[315626]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:08.001592 osdx ca-certificates[316630]: 1 added, 0 removed; done. Apr 10 20:09:08.005832 osdx ca-certificates[316636]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:08.010347 osdx ca-certificates[316638]: done. Apr 10 20:09:08.030680 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:08.219011 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:08.220240 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:08.234059 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:08.245696 osdx dnscrypt-proxy[316748]: dnscrypt-proxy 2.0.45 Apr 10 20:09:08.245785 osdx dnscrypt-proxy[316748]: Network connectivity detected Apr 10 20:09:08.246054 osdx dnscrypt-proxy[316748]: Dropping privileges Apr 10 20:09:08.249044 osdx dnscrypt-proxy[316748]: Network connectivity detected Apr 10 20:09:08.249084 osdx dnscrypt-proxy[316748]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:08.249093 osdx dnscrypt-proxy[316748]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:08.249130 osdx dnscrypt-proxy[316748]: Firefox workaround initialized Apr 10 20:09:08.249136 osdx dnscrypt-proxy[316748]: Loading the set of cloaking rules from [/tmp/tmpe4p5gyw7] Apr 10 20:09:08.265181 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:08.618266 osdx dnscrypt-proxy[316748]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:09:08.618289 osdx dnscrypt-proxy[316748]: [RD] OK (DoH) - rtt: 68ms Apr 10 20:09:08.618304 osdx dnscrypt-proxy[316748]: Server with the lowest initial latency: RD (rtt: 68ms) Apr 10 20:09:08.618310 osdx dnscrypt-proxy[316748]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:09:10.031142 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Apr 10 20:09:13.428477 osdx OSDxCLI[284355]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Apr 10 20:09:15.519540 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Apr 10 20:09:23.338460 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:23.339063 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:23.339111 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:23.348014 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:23.674137 osdx osdx-coredump[318446]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:09:23.681999 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:09:24.211646 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:24.303948 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:24.390820 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:24.459732 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:24.554948 osdx ubnt-cfgd[318464]: inactive Apr 10 20:09:24.613255 osdx INFO[318472]: FRR daemons did not change Apr 10 20:09:24.634693 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:24.723403 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:24.734321 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:24.752929 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:24.918093 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:09:25.308847 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:25.371775 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:25.471707 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:25.562266 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:25.661911 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:25.791322 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:25.869839 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:09:25.922326 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:26.034615 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:26.092159 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:26.214041 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:26.287314 osdx ubnt-cfgd[318633]: inactive Apr 10 20:09:26.457496 osdx INFO[318641]: FRR daemons did not change Apr 10 20:09:26.474629 osdx ca-certificates[318657]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:27.008609 osdx ca-certificates[319663]: 1 added, 0 removed; done. Apr 10 20:09:27.012673 osdx ca-certificates[319669]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:27.016441 osdx ca-certificates[319671]: done. Apr 10 20:09:27.115026 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:27.116628 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:27.119692 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:27.148802 osdx dnscrypt-proxy[319675]: dnscrypt-proxy 2.0.45 Apr 10 20:09:27.148864 osdx dnscrypt-proxy[319675]: Network connectivity detected Apr 10 20:09:27.149051 osdx dnscrypt-proxy[319675]: Dropping privileges Apr 10 20:09:27.151052 osdx dnscrypt-proxy[319675]: Network connectivity detected Apr 10 20:09:27.151085 osdx dnscrypt-proxy[319675]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:27.151093 osdx dnscrypt-proxy[319675]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:27.151114 osdx dnscrypt-proxy[319675]: Firefox workaround initialized Apr 10 20:09:27.151118 osdx dnscrypt-proxy[319675]: Loading the set of cloaking rules from [/tmp/tmpsv6t08vd] Apr 10 20:09:27.194448 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:27.301914 osdx dnscrypt-proxy[319675]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Apr 10 20:09:34.385190 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:34.387806 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:34.387860 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:34.395499 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:34.765590 osdx osdx-coredump[321342]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:09:34.775159 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:09:35.299517 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:35.395159 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:35.490522 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:35.574963 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:35.679085 osdx ubnt-cfgd[321360]: inactive Apr 10 20:09:35.716139 osdx INFO[321368]: FRR daemons did not change Apr 10 20:09:35.739818 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:35.826471 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:35.837979 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:35.859041 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:36.008662 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:09:36.217403 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:36.278729 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:36.377645 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:36.445293 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:36.538726 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:36.599327 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:36.695142 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:09:36.751319 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:36.874723 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:36.929121 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:37.047892 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:37.123109 osdx ubnt-cfgd[321529]: inactive Apr 10 20:09:37.161251 osdx INFO[321537]: FRR daemons did not change Apr 10 20:09:37.174722 osdx ca-certificates[321552]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:37.693435 osdx ca-certificates[322556]: 1 added, 0 removed; done. Apr 10 20:09:37.696291 osdx ca-certificates[322563]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:37.699689 osdx ca-certificates[322565]: done. Apr 10 20:09:37.760092 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:37.761126 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:37.766439 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:37.784474 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:37.790024 osdx dnscrypt-proxy[322569]: dnscrypt-proxy 2.0.45 Apr 10 20:09:37.790080 osdx dnscrypt-proxy[322569]: Network connectivity detected Apr 10 20:09:37.790281 osdx dnscrypt-proxy[322569]: Dropping privileges Apr 10 20:09:37.792438 osdx dnscrypt-proxy[322569]: Network connectivity detected Apr 10 20:09:37.792627 osdx dnscrypt-proxy[322569]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:37.792665 osdx dnscrypt-proxy[322569]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:37.792725 osdx dnscrypt-proxy[322569]: Firefox workaround initialized Apr 10 20:09:37.792759 osdx dnscrypt-proxy[322569]: Loading the set of cloaking rules from [/tmp/tmpt4l56rxi] Apr 10 20:09:37.793523 osdx dnscrypt-proxy[322569]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 10 20:09:37.884382 osdx dnscrypt-proxy[322569]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:09:37.884402 osdx dnscrypt-proxy[322569]: [RD] OK (DoH) - rtt: 68ms Apr 10 20:09:37.884410 osdx dnscrypt-proxy[322569]: Server with the lowest initial latency: RD (rtt: 68ms) Apr 10 20:09:37.884414 osdx dnscrypt-proxy[322569]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Apr 10 20:09:38.032633 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:38.035815 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:38.035883 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:38.043959 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:38.308639 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:38.366355 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:09:38.487469 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:09:38.549257 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:38.653970 osdx ubnt-cfgd[322615]: inactive Apr 10 20:09:38.729886 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:09:38.729918 osdx dnscrypt-proxy[322569]: Stopped. Apr 10 20:09:38.731029 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:09:38.731148 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:38.804433 osdx ca-certificates[322701]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:09:39.074880 osdx ca-certificates[323271]: done. Apr 10 20:09:39.078088 osdx ca-certificates[323279]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:39.515714 osdx ca-certificates[324131]: 140 added, 0 removed; done. Apr 10 20:09:39.518795 osdx ca-certificates[324137]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:39.521719 osdx ca-certificates[324139]: done. Apr 10 20:09:39.540271 osdx INFO[324142]: FRR daemons did not change Apr 10 20:09:39.540807 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:39.543487 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:39.565680 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:40.982075 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:41.066847 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:41.236991 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:41.315986 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:41.413825 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:41.519814 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:41.583389 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 10 20:09:41.678718 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:41.754164 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:41.840253 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:41.917627 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:42.012565 osdx ubnt-cfgd[324176]: inactive Apr 10 20:09:42.074507 osdx INFO[324186]: FRR daemons did not change Apr 10 20:09:42.087012 osdx ca-certificates[324202]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:42.631012 osdx ca-certificates[325205]: 1 added, 0 removed; done. Apr 10 20:09:42.634168 osdx ca-certificates[325212]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:42.637031 osdx ca-certificates[325214]: done. Apr 10 20:09:42.659819 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:42.816239 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:42.817682 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:42.830594 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:42.845012 osdx dnscrypt-proxy[325324]: dnscrypt-proxy 2.0.45 Apr 10 20:09:42.845088 osdx dnscrypt-proxy[325324]: Network connectivity detected Apr 10 20:09:42.845315 osdx dnscrypt-proxy[325324]: Dropping privileges Apr 10 20:09:42.847914 osdx dnscrypt-proxy[325324]: Network connectivity detected Apr 10 20:09:42.848092 osdx dnscrypt-proxy[325324]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:42.848127 osdx dnscrypt-proxy[325324]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:42.848172 osdx dnscrypt-proxy[325324]: Firefox workaround initialized Apr 10 20:09:42.848202 osdx dnscrypt-proxy[325324]: Loading the set of cloaking rules from [/tmp/tmp1erp9q4t] Apr 10 20:09:42.849064 osdx dnscrypt-proxy[325324]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 10 20:09:42.855443 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:42.952114 osdx dnscrypt-proxy[325324]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:09:42.952134 osdx dnscrypt-proxy[325324]: [RD] OK (DoH) - rtt: 68ms Apr 10 20:09:42.952144 osdx dnscrypt-proxy[325324]: Server with the lowest initial latency: RD (rtt: 68ms) Apr 10 20:09:42.952150 osdx dnscrypt-proxy[325324]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Apr 10 20:09:43.149221 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:43.151821 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:43.151900 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:43.162287 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:43.532452 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:43.626308 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:09:43.699341 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:09:43.914544 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:43.993860 osdx ubnt-cfgd[325388]: inactive Apr 10 20:09:44.049876 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:09:44.050001 osdx dnscrypt-proxy[325324]: Stopped. Apr 10 20:09:44.051339 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:09:44.051477 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:44.131520 osdx ca-certificates[325474]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:09:44.402217 osdx ca-certificates[326044]: done. Apr 10 20:09:44.406312 osdx ca-certificates[326053]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:44.899705 osdx ca-certificates[326904]: 140 added, 0 removed; done. Apr 10 20:09:44.902659 osdx ca-certificates[326910]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:44.905718 osdx ca-certificates[326912]: done. Apr 10 20:09:44.923689 osdx INFO[326915]: FRR daemons did not change Apr 10 20:09:44.924261 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:44.926934 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:44.945184 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:46.244137 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:46.304321 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:46.403621 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:46.467701 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:46.561052 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:46.643552 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:46.751876 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:09:46.825539 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 10 20:09:46.944761 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:47.020689 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:47.109262 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:47.226657 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:47.302226 osdx ubnt-cfgd[326952]: inactive Apr 10 20:09:47.401021 osdx INFO[326962]: FRR daemons did not change Apr 10 20:09:47.421652 osdx ca-certificates[326978]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:47.929875 osdx ca-certificates[327981]: 1 added, 0 removed; done. Apr 10 20:09:47.933947 osdx ca-certificates[327988]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:47.937716 osdx ca-certificates[327990]: done. Apr 10 20:09:47.959818 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:48.112292 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:48.113602 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:48.128982 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:48.137605 osdx dnscrypt-proxy[328100]: dnscrypt-proxy 2.0.45 Apr 10 20:09:48.137663 osdx dnscrypt-proxy[328100]: Network connectivity detected Apr 10 20:09:48.137868 osdx dnscrypt-proxy[328100]: Dropping privileges Apr 10 20:09:48.140092 osdx dnscrypt-proxy[328100]: Network connectivity detected Apr 10 20:09:48.140280 osdx dnscrypt-proxy[328100]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:48.140316 osdx dnscrypt-proxy[328100]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:48.140366 osdx dnscrypt-proxy[328100]: Firefox workaround initialized Apr 10 20:09:48.140396 osdx dnscrypt-proxy[328100]: Loading the set of cloaking rules from [/tmp/tmpjqe6wopq] Apr 10 20:09:48.141339 osdx dnscrypt-proxy[328100]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 10 20:09:48.157792 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:48.231146 osdx dnscrypt-proxy[328100]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:09:48.231170 osdx dnscrypt-proxy[328100]: [RD] OK (DoH) - rtt: 67ms Apr 10 20:09:48.231179 osdx dnscrypt-proxy[328100]: Server with the lowest initial latency: RD (rtt: 67ms) Apr 10 20:09:48.231186 osdx dnscrypt-proxy[328100]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Apr 10 20:09:55.368471 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:55.370246 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:55.370310 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:55.380750 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:09:55.740256 osdx osdx-coredump[329785]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Apr 10 20:09:55.750741 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system coredump delete all'. Apr 10 20:09:56.314726 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:56.490951 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:56.615839 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:56.707572 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:56.822016 osdx ubnt-cfgd[329803]: inactive Apr 10 20:09:56.870152 osdx INFO[329811]: FRR daemons did not change Apr 10 20:09:56.890249 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:09:56.974700 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:56.989011 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:57.007090 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:57.231184 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 10 20:09:57.454668 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:09:57.567502 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:09:57.661894 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:09:57.776569 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:09:57.837373 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:09:57.975882 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:09:58.055851 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:09:58.178788 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 10 20:09:58.247873 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:09:58.385629 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:09:58.474734 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:09:58.612975 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:09:58.683068 osdx ubnt-cfgd[329975]: inactive Apr 10 20:09:58.725523 osdx INFO[329983]: FRR daemons did not change Apr 10 20:09:58.740861 osdx ca-certificates[329999]: Updating certificates in /etc/ssl/certs... Apr 10 20:09:59.261521 osdx ca-certificates[331003]: 1 added, 0 removed; done. Apr 10 20:09:59.264646 osdx ca-certificates[331009]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:09:59.268358 osdx ca-certificates[331011]: done. Apr 10 20:09:59.326521 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:09:59.327932 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:09:59.330932 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:09:59.349622 osdx dnscrypt-proxy[331015]: dnscrypt-proxy 2.0.45 Apr 10 20:09:59.349687 osdx dnscrypt-proxy[331015]: Network connectivity detected Apr 10 20:09:59.349874 osdx dnscrypt-proxy[331015]: Dropping privileges Apr 10 20:09:59.351875 osdx dnscrypt-proxy[331015]: Network connectivity detected Apr 10 20:09:59.352044 osdx dnscrypt-proxy[331015]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:09:59.352074 osdx dnscrypt-proxy[331015]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:09:59.352139 osdx dnscrypt-proxy[331015]: Firefox workaround initialized Apr 10 20:09:59.352181 osdx dnscrypt-proxy[331015]: Loading the set of cloaking rules from [/tmp/tmpu2ktxf0b] Apr 10 20:09:59.363107 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:09:59.450415 osdx dnscrypt-proxy[331015]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 10 20:09:59.450435 osdx dnscrypt-proxy[331015]: [RD] OK (DoH) - rtt: 73ms Apr 10 20:09:59.450445 osdx dnscrypt-proxy[331015]: Server with the lowest initial latency: RD (rtt: 73ms) Apr 10 20:09:59.450450 osdx dnscrypt-proxy[331015]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:09:59.570365 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Apr 10 20:09:59.843292 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:09:59.846247 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:09:59.846339 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:09:59.854319 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:10:00.199934 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:00.270308 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:10:00.407820 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:10:00.479173 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:00.584015 osdx ubnt-cfgd[331064]: inactive Apr 10 20:10:00.650814 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:10:00.651315 osdx dnscrypt-proxy[331015]: Stopped. Apr 10 20:10:00.652819 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:10:00.652960 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:00.746585 osdx ca-certificates[331150]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:10:01.039076 osdx ca-certificates[331719]: done. Apr 10 20:10:01.048654 osdx ca-certificates[331727]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:01.559652 osdx ca-certificates[332583]: 140 added, 0 removed; done. Apr 10 20:10:01.563740 osdx ca-certificates[332589]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:01.566590 osdx ca-certificates[332591]: done. Apr 10 20:10:01.584360 osdx INFO[332594]: FRR daemons did not change Apr 10 20:10:01.584888 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:01.587162 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:01.606603 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:03.064542 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:03.128497 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:10:03.246842 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:10:03.315868 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:10:03.415220 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:10:03.481149 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:10:03.574620 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:10:03.646851 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 10 20:10:03.770927 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:10:03.854453 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:10:03.958296 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:10:04.040309 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:04.163949 osdx ubnt-cfgd[332631]: inactive Apr 10 20:10:04.223729 osdx INFO[332641]: FRR daemons did not change Apr 10 20:10:04.238364 osdx ca-certificates[332657]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:04.757299 osdx ca-certificates[333660]: 1 added, 0 removed; done. Apr 10 20:10:04.760108 osdx ca-certificates[333667]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:04.763883 osdx ca-certificates[333669]: done. Apr 10 20:10:04.786245 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:10:04.942803 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:04.944546 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:04.956096 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:04.966430 osdx dnscrypt-proxy[333779]: dnscrypt-proxy 2.0.45 Apr 10 20:10:04.966505 osdx dnscrypt-proxy[333779]: Network connectivity detected Apr 10 20:10:04.966731 osdx dnscrypt-proxy[333779]: Dropping privileges Apr 10 20:10:04.969346 osdx dnscrypt-proxy[333779]: Network connectivity detected Apr 10 20:10:04.969558 osdx dnscrypt-proxy[333779]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:10:04.969600 osdx dnscrypt-proxy[333779]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:10:04.969655 osdx dnscrypt-proxy[333779]: Firefox workaround initialized Apr 10 20:10:04.969694 osdx dnscrypt-proxy[333779]: Loading the set of cloaking rules from [/tmp/tmpzkzs4wiy] Apr 10 20:10:04.976156 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:05.072733 osdx dnscrypt-proxy[333779]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 10 20:10:05.072754 osdx dnscrypt-proxy[333779]: [RD] OK (DoH) - rtt: 73ms Apr 10 20:10:05.072764 osdx dnscrypt-proxy[333779]: Server with the lowest initial latency: RD (rtt: 73ms) Apr 10 20:10:05.072769 osdx dnscrypt-proxy[333779]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:10:05.126954 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Apr 10 20:10:05.346922 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:10:05.350239 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:10:05.350305 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:10:05.357669 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:10:05.616737 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:05.690235 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:10:05.813765 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:10:05.884234 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:05.987451 osdx ubnt-cfgd[333848]: inactive Apr 10 20:10:06.166643 osdx dnscrypt-proxy[333779]: Stopped. Apr 10 20:10:06.166675 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:10:06.168189 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:10:06.168330 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:06.249675 osdx ca-certificates[333934]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:10:06.543103 osdx ca-certificates[334503]: done. Apr 10 20:10:06.548080 osdx ca-certificates[334512]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:07.029471 osdx ca-certificates[335363]: 140 added, 0 removed; done. Apr 10 20:10:07.032559 osdx ca-certificates[335370]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:07.036505 osdx ca-certificates[335372]: done. Apr 10 20:10:07.054843 osdx INFO[335375]: FRR daemons did not change Apr 10 20:10:07.055706 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:07.058416 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:07.087335 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:08.384902 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:08.445901 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:10:08.543644 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:10:08.612037 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:10:08.706427 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:10:08.769053 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:10:08.865490 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 10 20:10:08.927167 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 10 20:10:09.022894 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:10:09.098631 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:10:09.186891 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:10:09.263335 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:09.363039 osdx ubnt-cfgd[335412]: inactive Apr 10 20:10:09.405200 osdx INFO[335422]: FRR daemons did not change Apr 10 20:10:09.417491 osdx ca-certificates[335438]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:09.917641 osdx ca-certificates[336441]: 1 added, 0 removed; done. Apr 10 20:10:09.921702 osdx ca-certificates[336448]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:09.924517 osdx ca-certificates[336450]: done. Apr 10 20:10:09.946234 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:10:10.102571 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:10.103759 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:10.116255 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:10.126388 osdx dnscrypt-proxy[336560]: dnscrypt-proxy 2.0.45 Apr 10 20:10:10.126657 osdx dnscrypt-proxy[336560]: Network connectivity detected Apr 10 20:10:10.126876 osdx dnscrypt-proxy[336560]: Dropping privileges Apr 10 20:10:10.128863 osdx dnscrypt-proxy[336560]: Network connectivity detected Apr 10 20:10:10.128894 osdx dnscrypt-proxy[336560]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:10:10.128899 osdx dnscrypt-proxy[336560]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:10:10.128917 osdx dnscrypt-proxy[336560]: Firefox workaround initialized Apr 10 20:10:10.128921 osdx dnscrypt-proxy[336560]: Loading the set of cloaking rules from [/tmp/tmp28nij4f6] Apr 10 20:10:10.148406 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:10.221815 osdx dnscrypt-proxy[336560]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:10:10.221829 osdx dnscrypt-proxy[336560]: [RD] OK (DoH) - rtt: 70ms Apr 10 20:10:10.221836 osdx dnscrypt-proxy[336560]: Server with the lowest initial latency: RD (rtt: 70ms) Apr 10 20:10:10.221841 osdx dnscrypt-proxy[336560]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:10:10.295595 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Apr 10 20:10:10.535027 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:10:10.538235 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:10:10.538291 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:10:10.545213 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:10:10.830453 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:10.930441 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:10:10.998881 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:10:11.122783 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:11.185786 osdx ubnt-cfgd[336628]: inactive Apr 10 20:10:11.276574 osdx dnscrypt-proxy[336560]: Stopped. Apr 10 20:10:11.276615 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:10:11.277986 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:10:11.278092 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:11.356587 osdx ca-certificates[336714]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:10:11.622050 osdx ca-certificates[337283]: done. Apr 10 20:10:11.626040 osdx ca-certificates[337293]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:12.087690 osdx ca-certificates[338144]: 140 added, 0 removed; done. Apr 10 20:10:12.090790 osdx ca-certificates[338150]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:12.094606 osdx ca-certificates[338152]: done. Apr 10 20:10:12.112240 osdx INFO[338155]: FRR daemons did not change Apr 10 20:10:12.112755 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:12.115279 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:12.138610 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:13.424743 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:13.485625 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:10:13.586189 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:10:13.654641 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:10:13.764441 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:10:13.856889 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:10:13.912952 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 10 20:10:14.010236 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 10 20:10:14.064336 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:10:14.178619 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:10:14.234332 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:10:14.352500 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:14.417319 osdx ubnt-cfgd[338192]: inactive Apr 10 20:10:14.478593 osdx INFO[338202]: FRR daemons did not change Apr 10 20:10:14.492653 osdx ca-certificates[338218]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:15.041753 osdx ca-certificates[339223]: 1 added, 0 removed; done. Apr 10 20:10:15.044624 osdx ca-certificates[339228]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:15.047606 osdx ca-certificates[339230]: done. Apr 10 20:10:15.066257 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:10:15.218593 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:15.219755 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:15.231434 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:15.244982 osdx dnscrypt-proxy[339340]: dnscrypt-proxy 2.0.45 Apr 10 20:10:15.245043 osdx dnscrypt-proxy[339340]: Network connectivity detected Apr 10 20:10:15.245235 osdx dnscrypt-proxy[339340]: Dropping privileges Apr 10 20:10:15.247259 osdx dnscrypt-proxy[339340]: Network connectivity detected Apr 10 20:10:15.247292 osdx dnscrypt-proxy[339340]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:10:15.247296 osdx dnscrypt-proxy[339340]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:10:15.247320 osdx dnscrypt-proxy[339340]: Firefox workaround initialized Apr 10 20:10:15.247324 osdx dnscrypt-proxy[339340]: Loading the set of cloaking rules from [/tmp/tmp0odv1tl5] Apr 10 20:10:15.250892 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:15.343997 osdx dnscrypt-proxy[339340]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 10 20:10:15.344011 osdx dnscrypt-proxy[339340]: [RD] OK (DoH) - rtt: 70ms Apr 10 20:10:15.344018 osdx dnscrypt-proxy[339340]: Server with the lowest initial latency: RD (rtt: 70ms) Apr 10 20:10:15.344022 osdx dnscrypt-proxy[339340]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:10:15.432767 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Apr 10 20:10:15.659434 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:10:15.662238 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:10:15.662306 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:10:15.670673 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:10:16.016839 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:16.078918 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:10:16.196755 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:10:16.281546 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:16.373053 osdx ubnt-cfgd[339408]: inactive Apr 10 20:10:16.422898 osdx dnscrypt-proxy[339340]: Stopped. Apr 10 20:10:16.422973 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:10:16.424175 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:10:16.424302 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:16.504725 osdx ca-certificates[339494]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:10:16.792129 osdx ca-certificates[340063]: done. Apr 10 20:10:16.795654 osdx ca-certificates[340071]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:17.279544 osdx ca-certificates[340923]: 140 added, 0 removed; done. Apr 10 20:10:17.282426 osdx ca-certificates[340930]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:17.285144 osdx ca-certificates[340932]: done. Apr 10 20:10:17.299769 osdx INFO[340935]: FRR daemons did not change Apr 10 20:10:17.300076 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:17.302429 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:17.346429 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:18.574311 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:18.639385 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:10:18.739359 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:10:18.806320 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:10:18.902263 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:10:19.049973 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:10:19.126676 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 10 20:10:19.244342 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 10 20:10:19.305659 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:10:19.426088 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:10:19.495971 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:10:19.580152 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:19.691177 osdx ubnt-cfgd[340972]: inactive Apr 10 20:10:19.747677 osdx INFO[340982]: FRR daemons did not change Apr 10 20:10:19.760518 osdx ca-certificates[340997]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:20.303244 osdx ca-certificates[342001]: 1 added, 0 removed; done. Apr 10 20:10:20.306690 osdx ca-certificates[342008]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:20.309643 osdx ca-certificates[342010]: done. Apr 10 20:10:20.330252 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:10:20.470645 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:20.471957 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:20.486983 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:20.502064 osdx dnscrypt-proxy[342120]: dnscrypt-proxy 2.0.45 Apr 10 20:10:20.502136 osdx dnscrypt-proxy[342120]: Network connectivity detected Apr 10 20:10:20.502385 osdx dnscrypt-proxy[342120]: Dropping privileges Apr 10 20:10:20.504484 osdx dnscrypt-proxy[342120]: Network connectivity detected Apr 10 20:10:20.504690 osdx dnscrypt-proxy[342120]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:10:20.504726 osdx dnscrypt-proxy[342120]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:10:20.504789 osdx dnscrypt-proxy[342120]: Firefox workaround initialized Apr 10 20:10:20.504822 osdx dnscrypt-proxy[342120]: Loading the set of cloaking rules from [/tmp/tmp7hrcn1wz] Apr 10 20:10:20.521340 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:20.608535 osdx dnscrypt-proxy[342120]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 10 20:10:20.608559 osdx dnscrypt-proxy[342120]: [RD] OK (DoH) - rtt: 72ms Apr 10 20:10:20.608571 osdx dnscrypt-proxy[342120]: Server with the lowest initial latency: RD (rtt: 72ms) Apr 10 20:10:20.608578 osdx dnscrypt-proxy[342120]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:10:20.682717 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Apr 10 20:10:20.870510 osdx systemd-journald[55338]: Runtime Journal (/run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf) is 2.0M, max 15.3M, 13.3M free. Apr 10 20:10:20.874236 osdx systemd-journald[55338]: Received client request to rotate journal, rotating. Apr 10 20:10:20.874291 osdx systemd-journald[55338]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5c505a9749274d37b6c4605b7d8c5dbf. Apr 10 20:10:20.880364 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'system journal clear'. Apr 10 20:10:21.151175 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:21.222512 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'delete '. Apr 10 20:10:21.312833 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 10 20:10:21.436473 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:21.524533 osdx ubnt-cfgd[342189]: inactive Apr 10 20:10:21.571842 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Apr 10 20:10:21.571898 osdx dnscrypt-proxy[342120]: Stopped. Apr 10 20:10:21.573463 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Apr 10 20:10:21.573564 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:21.644555 osdx ca-certificates[342275]: Clearing symlinks in /etc/ssl/certs... Apr 10 20:10:21.921046 osdx ca-certificates[342844]: done. Apr 10 20:10:21.924598 osdx ca-certificates[342853]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:22.420421 osdx ca-certificates[343704]: 140 added, 0 removed; done. Apr 10 20:10:22.424548 osdx ca-certificates[343711]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:22.427733 osdx ca-certificates[343713]: done. Apr 10 20:10:22.443794 osdx INFO[343716]: FRR daemons did not change Apr 10 20:10:22.444271 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:22.447054 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:22.465949 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:23.889277 osdx OSDxCLI[284355]: User 'admin' entered the configuration menu. Apr 10 20:10:23.949979 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 10 20:10:24.050600 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 10 20:10:24.120094 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 10 20:10:24.212306 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 10 20:10:24.271405 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 56f84956a81b8326accde7f3159265ae8dee5f1377cc2cbee7baf4ff8b8c82c6'. Apr 10 20:10:24.372330 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 10 20:10:24.440481 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 10 20:10:24.538778 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 10 20:10:24.619731 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Apr 10 20:10:24.723355 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 10 20:10:24.814192 osdx OSDxCLI[284355]: User 'admin' added a new cfg line: 'show working'. Apr 10 20:10:24.891753 osdx ubnt-cfgd[343753]: inactive Apr 10 20:10:24.948259 osdx INFO[343763]: FRR daemons did not change Apr 10 20:10:24.962883 osdx ca-certificates[343779]: Updating certificates in /etc/ssl/certs... Apr 10 20:10:25.031345 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Apr 10 20:10:25.471992 osdx ca-certificates[344784]: 1 added, 0 removed; done. Apr 10 20:10:25.474988 osdx ca-certificates[344791]: Running hooks in /etc/ca-certificates/update.d... Apr 10 20:10:25.477832 osdx ca-certificates[344793]: done. Apr 10 20:10:25.498266 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 10 20:10:25.654569 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Apr 10 20:10:25.655838 osdx cfgd[1682]: [284355]Completed change to active configuration Apr 10 20:10:25.671666 osdx OSDxCLI[284355]: User 'admin' committed the configuration. Apr 10 20:10:25.696392 osdx dnscrypt-proxy[344903]: dnscrypt-proxy 2.0.45 Apr 10 20:10:25.696471 osdx dnscrypt-proxy[344903]: Network connectivity detected Apr 10 20:10:25.696729 osdx dnscrypt-proxy[344903]: Dropping privileges Apr 10 20:10:25.699764 osdx dnscrypt-proxy[344903]: Network connectivity detected Apr 10 20:10:25.699800 osdx dnscrypt-proxy[344903]: Now listening to 127.0.0.1:53 [UDP] Apr 10 20:10:25.699806 osdx dnscrypt-proxy[344903]: Now listening to 127.0.0.1:53 [TCP] Apr 10 20:10:25.699833 osdx dnscrypt-proxy[344903]: Firefox workaround initialized Apr 10 20:10:25.699838 osdx dnscrypt-proxy[344903]: Loading the set of cloaking rules from [/tmp/tmpn7ps3wiy] Apr 10 20:10:25.700977 osdx OSDxCLI[284355]: User 'admin' left the configuration menu. Apr 10 20:10:25.807965 osdx dnscrypt-proxy[344903]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 10 20:10:25.807990 osdx dnscrypt-proxy[344903]: [RD] OK (DoH) - rtt: 85ms Apr 10 20:10:25.808005 osdx dnscrypt-proxy[344903]: Server with the lowest initial latency: RD (rtt: 85ms) Apr 10 20:10:25.808012 osdx dnscrypt-proxy[344903]: dnscrypt-proxy is ready - live servers: 1 Apr 10 20:10:25.905394 osdx OSDxCLI[284355]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.