[getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ?

Sara Dickinson sara at sinodun.com
Tue May 30 14:54:46 UTC 2017

> On 29 May 2017, at 11:15, Mohit Batra <mohit4677 at gmail.com> wrote:
> Hello Everyone,
> I have compiled / configured Stubby successfully, and I can see encrypted DNS query/response packets on port 853 on Wireshark.
> Now my question is:
> "Is anyone aware of a documented procedure to decrypt encrypted DNS query/response packets inside Wireshark?”

So a good starting point is: https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through <https://wiki.wireshark.org/SSL#Complete_SSL_decryption_walk_through> which describes the basics of decrypting traffic assuming you are using openssl as a server. 

From this you can see that you either need access to the private key of the server (works for RSA cipher suites) or to be able to create a SSL key log file from the DNS client (not so easy, not directly supported in Stubby).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20170530/ddf420a7/attachment.htm>

More information about the Users mailing list