[getdns-users] Procedure to decrypt encrypted DNS query/response packets inside Wireshark ?
Mohit Batra
mohit4677 at gmail.com
Thu Jun 1 13:04:23 CEST 2017
Thanks a lot Sara !!
Just wondering whether this functionality (decryption of encrypted DNS
query/response packets right inside Wireshark, or by some other means) can
be taken up in GetDNSAPI / Stubby in upcoming versions .. Is there a
possibility ?
Thanks & Regards,
Mohit Batra
On Tue, May 30, 2017 at 8:24 PM, Sara Dickinson <sara at sinodun.com> wrote:
>
> On 29 May 2017, at 11:15, Mohit Batra <mohit4677 at gmail.com> wrote:
>
> Hello Everyone,
>
> I have compiled / configured Stubby successfully, and I can see encrypted
> DNS query/response packets on port 853 on Wireshark.
>
>
> Now my question is:
>
> *"Is anyone aware of a documented procedure to decrypt encrypted DNS
> query/response packets inside Wireshark?”*
>
>
> So a good starting point is: https://wiki.wireshark.org/SSL#Complete_SSL_
> decryption_walk_through which describes the basics of decrypting traffic
> assuming you are using openssl as a server.
>
> From this you can see that you either need access to the private key of
> the server (works for RSA cipher suites) or to be able to create a SSL key
> log file from the DNS client (not so easy, not directly supported in
> Stubby).
>
> Sara.
>
> _______________________________________________
> Users mailing list
> Users at getdnsapi.net
> https://getdnsapi.net/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://getdnsapi.net/pipermail/users/attachments/20170601/f922785f/attachment.html>
More information about the Users
mailing list