DoHを試す

DNS over HTTPSを試す
こんな構成で作る

Nginx -> doh-httpproxy -> systemd-resolved

インストール
doh-proxy pip3でインストールすればOK

pip3 install doh-proxy

以下のような設定でserviceを作る
/etc/systemd/system/doh-httpproxy.service

[Unit]
Description=doh-httpproxy
After=nginx.service 

[Install]
WantedBy=multi-user.target

[Service]
ExecStart=/usr/local/bin/doh-httpproxy --upstream-resolver=127.0.0.53 --port 8080 --listen-address 127.0.0.1

Nginx側設定例

server {
    listen 443 ssl http2;
    server_name doh.example.net;
    ssl_certificate /etc/letsencrypt/live/doh.example.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/doh.example.net/privkey.pem;
    location /dns-query {
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080;
    }
}

確認

curl --doh-url https://doh.example.net/dns-query google.co.jp