[GH-ISSUE #52] Allow use of SSLKEYLOGFILE to examine DoH network captures #36

New issue

Open

opened 2026-03-14 01:06:58 +03:00 by kerem · 4 comments

kerem commented

2026-03-14 01:06:58 +03:00

Owner

Originally created by @jasper- on GitHub (Apr 24, 2023).
Original GitHub issue: https://github.com/ameshkov/dnslookup/issues/52

I would like to show the inner workings of DoH to students.
For this I use wireshark and use the SSLKEYLOGFILE environment variable to store shared secrets of TLS sessions.
When using dnslookup after having set SSLKEYLOGFILE variable using export, the file does not get created.
I am running dnslookup v. 1.8.1-8619 - installed from the snap-store - on Ubuntu 22.04.2 LTS.

Would it be an option to make this work?

Originally created by @jasper- on GitHub (Apr 24, 2023). Original GitHub issue: https://github.com/ameshkov/dnslookup/issues/52 I would like to show the inner workings of DoH to students. For this I use wireshark and use the SSLKEYLOGFILE environment variable to store shared secrets of TLS sessions. When using dnslookup after having set SSLKEYLOGFILE variable using export, the file does not get created. I am running dnslookup v. 1.8.1-8619 - installed from the snap-store - on Ubuntu 22.04.2 LTS. Would it be an option to make this work?

kerem added the

enhancement

label

2026-03-14 01:06:58 +03:00

kerem commented

2026-03-14 01:07:08 +03:00

Author

Owner

@ameshkov commented on GitHub (Apr 25, 2023):

First, this functionality should be added to dnsproxy as dnslookup uses it under the hood.

@ameshkov commented on GitHub (Apr 25, 2023): First, this functionality should be added to [dnsproxy](https://github.com/AdguardTeam/dnsproxy) as dnslookup uses it under the hood.

kerem commented

2026-03-14 01:07:14 +03:00

Author

Owner

@grasstractor commented on GitHub (Sep 14, 2023):

First, this functionality should be added to dnsproxy as dnslookup uses it under the hood.

I have the same question regarding DoQ. Do dnsproxy and quic-go already have this functionality, or should they add it?"

@grasstractor commented on GitHub (Sep 14, 2023): > First, this functionality should be added to [dnsproxy](https://github.com/AdguardTeam/dnsproxy) as dnslookup uses it under the hood. I have the same question regarding DoQ. Do [dnsproxy](https://github.com/AdguardTeam/dnsproxy) and [quic-go](https://github.com/quic-go/quic-go) already have this functionality, or should they add it?"

kerem commented

2026-03-14 01:07:19 +03:00

Author

Owner

@ameshkov commented on GitHub (Sep 14, 2023):

quic-go seems to support it, dnsproxy not yet.

@ameshkov commented on GitHub (Sep 14, 2023): quic-go seems to support it, dnsproxy not yet.

kerem commented

2026-03-14 01:07:24 +03:00

Author

Owner

@grasstractor commented on GitHub (Sep 14, 2023):

quic-go seems to support it, dnsproxy not yet.

Yes, I found that quic-go has the functionality to support it. However, dnsproxy still needs to support it, or it will be too difficult for users to use it with dnslookup.

@grasstractor commented on GitHub (Sep 14, 2023): > quic-go seems to support it, dnsproxy not yet. Yes, I found that quic-go has the functionality to support it. However, dnsproxy still needs to support it, or it will be too difficult for users to use it with dnslookup.