[dnsdist] Choices to use DoT/DoH with DNSdist from OpenWRT 17.01?

[Normen Kowalewski]

Dear Remi and Group,

this is only partially an dnsdist question, but probably some folks here might have looked into this.

1. when trying out dnsmasq/stubby [1],[2] to tstart and later also to talk to a DNSdist instance - seems to work fine from a newly rebuilt openwrt 18.06.02
root at OpenWrt:~# stubby
[13:33:12.016680] STUBBY: Read config from file /etc/stubby/stubby.yml
[13:33:12.016787] STUBBY: DNSSEC Validation is OFF
[13:33:12.016794] STUBBY: Transport list is:
[13:33:12.016797] STUBBY:   - TLS
[13:33:12.016800] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[13:33:12.016804] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[13:33:12.016807] STUBBY: Starting DAEMON....

Question are who is is running this running also with older OpenWRT…

a) does anyone have DNSdist working with a stubby built from a LEDE 17.01 [3] box?
b) have you seen a working (and non-performance breakdown) way to install a very simple binary openWRT package that allows DNS-over-TLS with DNSdist in a silmilarly easy way as https_dns_proxy [3] does?
IIRC it can’t work with DNSdist becasue of DNSdist not supporting application/dns-json as content type - or can DNSdist do that by some currently not (yet?) published extension/config flag?
c) or is the only way to get this work on LEDE 17.01 using unbound [4] (nothing to be said against unbound, except that there might be a simpler way)? 

BR, Normen

[1] https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby 
[2] https://openwrt.org/docs/guide-user/services/dns/dot_dnsmasq_stubby
[3] https://github.com/aarond10/https_dns_proxy
[4] https://openwrt.org/docs/guide-user/services/dns/dot_unbound
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190822/1291b7ab/attachment.html>