<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 29 May 2017, at 11:15, Mohit Batra <<a href="mailto:mohit4677@gmail.com" class="">mohit4677@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">Hello Everyone,</div><div class=""><br class=""></div><div class="">I have compiled / configured Stubby successfully, and I can see encrypted DNS query/response packets on port 853 on Wireshark.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Now my question is:</div><div class=""><br class=""></div><div class=""><b class=""><u class="">"Is anyone aware of a documented procedure to decrypt encrypted DNS query/response packets inside Wireshark?”</u></b></div></div></div></blockquote><br class=""></div><div>So a good starting point is: <a href="https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through" class="">https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through</a> which describes the basics of decrypting traffic assuming you are using openssl as a server. </div><div><br class=""></div>From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).</div><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""></div><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Sara. </div></body></html>