
Unbound – a validating, recursive, caching DNS resolver - bjoko
https://nlnetlabs.nl/projects/unbound/about/
======
3xblah
Unbound is of course just one of the many programs using ldns. nsd, drill are
also useful. More recently, stubby.1

1 [https://getdnsapi.net/blog/dns-privacy-daemon-
stubby/](https://getdnsapi.net/blog/dns-privacy-daemon-stubby/)

Here is how to use drill to do DOH via POST, using Cloudflare DNS as an
example.

    
    
       test $# = 1|| exec echo usage: $0 query
    
       # requirements: sed, wc, xxd, openssl, ldns, drill 
       # reference:  https://tools.ietf.org/html/rfc8484#section-4.1
    
       a=$(drill -q /dev/stdout $1 |sed '1,2d;s/;.*//;s/ //g'|xxd -p -r|wc -m);

(printf "POST /dns-query HTTP/1.1\r\nHost: cloudflare-dns.com\r\nAccept: _/_
\r\nContent-Type: application/dns-message\r\nConnection: close\r\nContent-
Length: $a\r\n\r\n"; drill -q /dev/stdout $1|sed '1,2d;s/;.*//;s/
//g;3s/..../0001/'|xxd -p -r)|openssl s_client -no_tls1 -no_tls1_1 -no_ssl2
-no_ssl3 -ign_eof -no_ticket -host cloudflare-dns.com -port 443 -servername
1.1.1.1|sed -n \$p|xxd -p|drill -i /dev/stdin|sed '/^;; Data: \\\\#/d'

