# requirements:
# UNIX: flex, sed
# me: yy025, yy048, yy049, yy050, yy051, h1b (haproxy config)
# other: h2b (curveprotect), b2h (curveprotect), daemontools (envdir), ldns (drill), nc (Al Walker aka Hobbit), haproxy
# todo:
# eliminate requirement for drill
usage="usage: ${0##*/} DoH-server-id [RR-type (default is 01)] [httpMethod (default is GET)]";
test $# -gt 0||exec echo "$usage";
case $1 in add_more_DoH_providers_below)
;;1)export URL=https://cloudflare-dns.com/dns-query?dns=
;;2)export URL=https://rdns.faelix.net/?dns=
esac;
(
case $3 in cloudflare_is_the_only_DoH_provider_who_supports_POST?)
;;p|post|POST)
unset __close;
export Accept=application/dns-message;
echo application/dns-message >ua/1/Content-Type;
echo > ua/1/Content-Length;
echo ${URL%?*}|envdir ua/1 yy025|b2h|sed 's/.\{8\}$//' >hh3;
read hh3 < hh3;
export hh3;
type=${2-01} yy048|envdir ua/1 yy051|h2b
;;g|get|GET|*)
export Connection=keep-alive;
export Accept=application/dns-message;
export nokac=1;
type=${2-01} yy048|yy049|yy050|sed "s>.*>$URL&>"|yy025
esac;
unset Accept;
export httpMethod=HEAD;
export Connection=close;
echo https://example.com|yy025
)|nc -vv h1b 80|b2h|sed 's/0000818/\
&/g'|while read x;do echo $x|drill -i/dev/stdin 2>/dev/null;done
# alternative to using a tcp client + a tls-enabled proxy
# host=$(echo $URL|yy004)
# openssl s_client -connect $host:443 -ign_eof|sed 's/0000818/ ...
# most DoH servers do _not_ require SNI
# but some do, e.g., Cloudflare
# note Cloudflare supports ESNI
# ESNI-enabled openssl is available from Stepehn Farrell at Trinity College Dublin github.com/sftcd