Ask Your Question

Why isn't DNS-over-TLS (DoT) - RFC7858 - being dissected by Wireshark 3.0?

asked 2019-07-11 12:32:48 +0000

SaraD gravatar image

updated 2019-07-11 17:27:36 +0000

Guy Harris gravatar image

I see that Wireshark 3.0 now has support for DoH (DNS-over-HTTPS, RFC8484), but I can't see anyway to make it decode DNS-over-TLS on the IANA assigned port (853). I can decode the raw bytes, but they are not recognised as DNS.

Please let me know if this is supported and I am just missing something.

Otherwise please let me know if there are plans to support this in future?

edit retag flag offensive close merge delete


Is the decryption working? The data can't be dissected as DNS unless it can be decrypted.

grahamb gravatar imagegrahamb ( 2019-07-11 12:46:36 +0000 )edit

Are you able to share the trace, with the DoH?

xinxolHH gravatar imagexinxolHH ( 2019-07-11 14:36:38 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-07-12 15:00:45 +0000

SaraD gravatar image

updated 2019-07-12 15:21:51 +0000

grahamb gravatar image

OK - so this does work if you either

  1. simply configure the RSA key in the new 'RSA Keys' dialog in the preferences OR
  2. configure the key in the Protocols->TLS->RSA keys list AND then use the 'Decode as' dialog to instruct wireshark to decode port 853 as DNS

I was confused because when using the second method the default 'Decode as' protocol for port 853 seems to be TLS not DNS, but manually overriding this works.

edit flag offensive delete link more


DNS-over-TLS (DoT) is different from DNS-over-HTTPS (DoH). The former defaults to TCP port 853 where the latter runs over TCP port 443.

Lekensteyn gravatar imageLekensteyn ( 2019-07-20 17:28:33 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2019-07-11 12:32:48 +0000

Seen: 2,461 times

Last updated: Jul 12 '19