Stubby support for http/https proxy

[aquac]

I am trying to use stubby in a corporate network, where a http proxy has to be used.

Currently, I am seeing in stubby's log *FAILURE* no valid transports or upstreams available! messages. I suspect that this is because stubby does not follow the set http proxy.

I tried the following ways to set the proxy: Globally:

% cat /etc/profile.d/proxy.sh 
export http_proxy=http://192.168.0.1:8080
export https_proxy=$http_proxy

and in the systemd file:

[Unit]
Description=stubby DNS resolver
Wants=network-online.target
After=network-online.target

[Service]
Environment="http_proxy=http://192.168.0.1:8080"
Environment="https_proxy=http://192.168.0.1:8080"
User=stubby
DynamicUser=yes
CacheDirectory=stubby
WorkingDirectory=/var/cache/stubby
ExecStart=/usr/bin/stubby
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

For normal users, a connection to one of the configured upstream servers, which is also listed a "connection failed", seems possible:

curl -Is https://145.100.185.15                                                                                                                             
HTTP/1.1 200 Connection established

For a fully stubby log, please see https://gist.github.com/aquac/f502f0c457ae598df069a4576569520d

Edit: I tried with the 843 port default server as well as with the 443 port servers.

# getdns_query -s @127.0.0.1 google.de 
{
  "answer_type": GETDNS_NAMETYPE_DNS,
  "canonical_name": <bindata for google.de.>,
  "just_address_answers": [],
  "replies_full": [],
  "replies_tree": [],
  "status": GETDNS_RESPSTATUS_ALL_TIMEOUT
}

[dirdi]

Stubby does not support DoH (DNS over HTTPS), yet. Hence, what you request is impossible to achieve with recent version of stubby.