Ask Your Question
0

Wireshark, DNS Over HTTPS, and NextDNS

asked 2023-08-17 13:00:10 +0000

Patrick Dark gravatar image

updated 2023-08-17 13:26:35 +0000

Is there any way to get Wireshark to make direct DNS lookups using DNS Over HTTPS (DOH)? If not, is there any plan to support this? This seems like a strange omission for a major network security tool.

I can configure browsers like Firefox to do this with a Trusted Recursive Resolver (TRR) URL like https://dns.nextdns.io/[NextDNS ID for macOS Device]/Firefox/ in about:config so that DNS lookups are listed as coming from not only my macOS device, but Firefox on that device specifically, but there doesn’t seem to be any way to do this in Wireshark or to even have it use DNS Over HTTPS at all unless it’s using the default OS resolver.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2023-08-17 13:24:32 +0000

grahamb gravatar image

Wireshark isn't really a network security tool, it's a packet inspection tool, and as such I would expect folks using it would like to see the contents of DNS requests and responses without having to configure decryption (if at all possible).

Name resolution by Wireshark itself can be disabled by configuration.

An enhancement request can be raised at the Wireshark GitLab instance.

edit flag offensive delete link more

Comments

Make sure to mention to change from c-ares to unbound.

Jaap gravatar imageJaap ( 2023-08-17 15:24:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-08-17 13:00:10 +0000

Seen: 1,590 times

Last updated: Aug 17 '23