How do I use curl to resolve a dns over https (DOH) query?

Question

I am running the latest version of curl (7.76.1).

I have set up my own dnsdist server / doh proxy which queries to a bind9 resolver I set up as well.

What is the right syntax to get curl to return only the resolved IPs?

When I run the following, All that is returned is example.com's html. I do not want the html. I want the resolved DNS IP addresses.

curl --doh-insecure --doh-url https://10.10.10.10/dns-query http://www.example.com

If I run with verbose output I can see the following.

* DOH A: 93.184.216.34
* DOH AAAA: 2606:2800:0220:0001:0248:1893:25c8:1946

How do I get curl to only return the DNS dig response, and not the response from a HTTP GET request to the site in question?

Here is the full output:

*   Trying 10.10.10.10:443...
* Found bundle for host 10.10.10.10: 0x55b7b243c3a0 [serially]
* Hostname 10.10.10.10 was found in DNS cache
*   Trying 10.10.10.10:443...
* Connected to 10.10.10.10 (10.10.10.10) port 443 (#2)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* Connected to 10.10.10.10 (10.10.10.10) port 443 (#1)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Denver; O=MyCompany; OU=MyOU; CN=doh.domain.internal
*  start date: May 12 19:28:36 2021 GMT
*  expire date: May 12 19:28:36 2022 GMT
*  issuer: C=US; ST=Denver; L=Colorado; O=MyO; OU=MyOU; CN=ca.domain.internal
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /dns-query HTTP/1.1
Host: 10.10.10.10
Accept: */*
Content-Type: application/dns-message
Content-Length: 33

* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=Denver; O=MyCompany; OU=MyOU; CN=doh.domain.internal
*  start date: May 12 19:28:36 2021 GMT
*  expire date: May 12 19:28:36 2022 GMT
*  issuer: C=US; ST=Denver; L=Colorado; O=MyO; OU=MyOU; CN=ca.domain.internal
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /dns-query HTTP/1.1
Host: 10.10.10.10
Accept: */*
Content-Type: application/dns-message
Content-Length: 33

* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Thu, 13 May 2021 18:14:40 GMT
< Connection: keep-alive
< Content-Length: 61
< Server: h2o/dnsdist
< content-type: application/dns-message
< cache-control: max-age=84701
<
* Connection #2 to host 10.10.10.10 left intact
* a DOH request is completed, 1 to go
* old SSL session ID is stale, removing
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Thu, 13 May 2021 18:14:40 GMT
< Connection: keep-alive
< Content-Length: 49
< Server: h2o/dnsdist
< content-type: application/dns-message
< cache-control: max-age=69736
<
* Connection #1 to host 10.10.10.10 left intact
* a DOH request is completed, 0 to go
* DOH Host name: www.example.com
* TTL: 69736 seconds
* DOH A: 93.184.216.34
* DOH AAAA: 2606:2800:0220:0001:0248:1893:25c8:1946
*   Trying 93.184.216.34:80...
* Connected to www.example.com (93.184.216.34) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.com
> User-Agent: curl/7.76.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 270738
< Cache-Control: max-age=604800
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 13 May 2021 18:14:40 GMT
< Etag: "3147526947"
< Expires: Thu, 20 May 2021 18:14:40 GMT
< Last-Modified: Thu, 17 Oct 2019 07:18:26 GMT
< Server: ECS (phd/FD6D)
< Vary: Accept-Encoding
< X-Cache: HIT
< Content-Length: 1256
<
<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;

    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 2em;
        background-color: #fdfdff;
        border-radius: 0.5em;
        box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        div {
            margin: 0 auto;
            width: auto;
        }
    }
    </style>
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.</p>
    <p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
* Connection #0 to host www.example.com left intact

Answer 1

I understand you wanted to use curl to get a dig response. But maybe just try dig with +https option instead?

dig +https @1.1.1.1 example.com

Answer 2

curl returns a webpage.

To get an IP address, better install DNSLOOKUP tool with command

#snap install dnslookup

After installation, use the following command to get the IP address

#VERIFY=0 dnslookup www.example.com https://10.10.10.10/dns-query

If you have a valid certificate, VERIFY=0 can be removed.

#dnslookup www.example.com https://dns.google/dns-query

Answer 3

According to Cloudflare

curl -vH "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=example.com&type=AAAA"

should get you the DNS result you want

Answer 4

Use can specify an address of a DoH server via --doh-url, example with a public Cloudflare server:

curl --doh-url https://cloudflare-dns.com/dns-query https://github.com