[getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ?

[Robert Edmonds]

Sara Dickinson wrote:
> From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).

Seems like it would be easier and more useful to implement dnstap
support in stubby + Wireshark than whatever is needed to break forward
secrecy.

-- 
Robert Edmonds
edmonds at debian.org