Allow use of SSLKEYLOGFILE to examine DoH network captures

ameshkov / dnslookup

Simple command line utility to make DNS lookups to the specified server

MIT License

860 stars 73 forks source link

Allow use of SSLKEYLOGFILE to examine DoH network captures #52

Open jasper- opened 1 year ago

jasper- commented 1 year ago

I would like to show the inner workings of DoH to students. For this I use wireshark and use the SSLKEYLOGFILE environment variable to store shared secrets of TLS sessions. When using dnslookup after having set SSLKEYLOGFILE variable using export, the file does not get created. I am running dnslookup v. 1.8.1-8619 - installed from the snap-store - on Ubuntu 22.04.2 LTS.

Would it be an option to make this work?

ameshkov commented 1 year ago

First, this functionality should be added to dnsproxy as dnslookup uses it under the hood.

grasstractor commented 1 year ago

First, this functionality should be added to dnsproxy as dnslookup uses it under the hood.

I have the same question regarding DoQ. Do dnsproxy and quic-go already have this functionality, or should they add it?"

ameshkov commented 1 year ago

quic-go seems to support it, dnsproxy not yet.

grasstractor commented 1 year ago

quic-go seems to support it, dnsproxy not yet.

Yes, I found that quic-go has the functionality to support it. However, dnsproxy still needs to support it, or it will be too difficult for users to use it with dnslookup.