Proxy config doh

[wtoorop]

DoH support to be configured with the 'alpn' parameters for the upstreams. Here is some example config for the cloudflare, google and quad9 DoH resolvers:

"upstream_recursive_servers":
[
  {
    "address_data": 2606:4700:4700::1111,
    "alpn": "h2",
    "doh_path": "dns_query",
    "tls_auth_name": "one.one.one.one",
    "tls_port": 443
  },
  {
    "address_data": 2001:4860:4860::8888,
    "alpn": "h2",
    "doh_path": "dns_query",
    "tls_auth_name": "dns.google",
    "tls_port": 443
  },
  {
    "address_data": 2620:fe::9,
    "alpn": "h2",
    "doh_path": "dns_query",
    "tls_auth_name": "dns9.quad9.net",
    "tls_port": 443
  },
]

Note that dns-query is the default value of the doh_path parameter and does not need to be specified. If h2 is the value for the alpn parameter, the default for the tls_port parameter is 443. If alpn has value dot (the default), the default tls_port is 853

Addresses in string format such as usable after the @ with getdns_query use underscore (_) to specify alpn and slash (/) to specify the doh_path parameter:

upstreams: @<ip>[%<scope_id>][@<port>][^<tsig spec>]
                [#<tls port>][~<tls name>][_<alpn>][/<doh path>]
            <ip>@<port> may be given as <IPv4>:<port>
                  or '['<IPv6>[%<scope_id>]']':<port> too

I.e.:

getdns_query -s @1.1.1.1_h2#443~one.one.one.one/dns-query
getdns_query -s @8.8.8.8_h2#443~dns.google/dns-query
getdns_query -s @9.9.9.9_h2#443~dns9.quad9.net/dns-query

Or with leaving out default values:

getdns_query -s @1.1.1.1_h2~one.one.one.one
getdns_query -s @8.8.8.8_h2~dns.google
getdns_query -s @9.9.9.9_h2~dns9.quad9.net