# requirements:
  # UNIX: flex, sed
  # me: yy025, yy048, yy049, yy050, yy051, h1b (haproxy config)
  # other: h2b (curveprotect), b2h (curveprotect), daemontools (envdir), ldns (drill), nc (Al Walker aka Hobbit), haproxy 
  # todo:
  # eliminate requirement for drill

         usage="usage: ${0##*/} DoH-server-id [RR-type (default is 01)] [httpMethod (default is GET)]";
         test $# -gt 0||exec echo "$usage";
         case $1 in add_more_DoH_providers_below)
         ;;1)export URL=https://cloudflare-dns.com/dns-query?dns=
         ;;2)export URL=https://rdns.faelix.net/?dns=
         esac;
         (
         case $3 in cloudflare_is_the_only_DoH_provider_who_supports_POST?)
         ;;p|post|POST) 
         unset __close;
         export Accept=application/dns-message;
         echo application/dns-message >ua/1/Content-Type;
         echo > ua/1/Content-Length;
         echo ${URL%?*}|envdir ua/1 yy025|b2h|sed 's/.\{8\}$//' >hh3;
         read hh3 < hh3;
         export hh3;
         type=${2-01} yy048|envdir ua/1 yy051|h2b
         ;;g|get|GET|*)
         export Connection=keep-alive;
         export Accept=application/dns-message;
         export nokac=1;
         type=${2-01} yy048|yy049|yy050|sed "s>.*>$URL&>"|yy025
         esac;
         unset Accept;
         export httpMethod=HEAD;
         export Connection=close;
         echo https://example.com|yy025
         )|nc -vv h1b 80|b2h|sed 's/0000818/\
         &/g'|while read x;do echo $x|drill -i/dev/stdin 2>/dev/null;done

   # alternative to using a tcp client + a tls-enabled proxy
   # host=$(echo $URL|yy004)
   # openssl s_client -connect $host:443 -ign_eof|sed 's/0000818/ ...
   # most DoH servers do _not_ require SNI
   # but some do, e.g., Cloudflare
   # note Cloudflare supports ESNI 
   # ESNI-enabled openssl is available from Stepehn Farrell at Trinity College Dublin github.com/sftcd