Unbound is of course just one of the many programs using ldns. nsd, drill are also useful. More recently, stubby.1<p>1 <a href="https://getdnsapi.net/blog/dns-privacy-daemon-stubby/" rel="nofollow">https://getdnsapi.net/blog/dns-privacy-daemon-stubby/</a><p>Here is how to use drill to do DOH via POST, using Cloudflare DNS as an example.<p><pre><code> test $# = 1|| exec echo usage: $0 query
# requirements: sed, wc, xxd, openssl, ldns, drill
# reference: https://tools.ietf.org/html/rfc8484#section-4.1
a=$(drill -q /dev/stdout $1 |sed '1,2d;s/;.*//;s/ //g'|xxd -p -r|wc -m);</code></pre>
(printf "POST /dns-query HTTP/1.1\r\nHost: cloudflare-dns.com\r\nAccept: <i>/</i>\r\nContent-Type: application/dns-message\r\nConnection: close\r\nContent-Length: $a\r\n\r\n"; drill -q /dev/stdout $1|sed '1,2d;s/;.*//;s/ //g;3s/..../0001/'|xxd -p -r)|openssl s_client -no_tls1 -no_tls1_1 -no_ssl2 -no_ssl3 -ign_eof -no_ticket -host cloudflare-dns.com -port 443 -servername 1.1.1.1|sed -n \$p|xxd -p|drill -i /dev/stdin|sed '/^;; Data: \\#/d'