> To my knowledge none. Nobody is doing this, because it subverts how DNS is supposed to operate.
Huh? Of course people do this, it's a standard way to do DNS that improves over older DNS wire protocols by offering better security properties. It's unfortunate that we had to involve HTTP in this, but needs must.
For example you can drop in an NSS replacement that uses DoH instead of conventional DNS for all your glibc software, or you can get software from a variety of sources that runs on UDP port 53 of your local machine like a normal DNS relay but uses DoH to someone trustworthy to deliver.
Huh? Of course people do this, it's a standard way to do DNS that improves over older DNS wire protocols by offering better security properties. It's unfortunate that we had to involve HTTP in this, but needs must.
For example you can drop in an NSS replacement that uses DoH instead of conventional DNS for all your glibc software, or you can get software from a variety of sources that runs on UDP port 53 of your local machine like a normal DNS relay but uses DoH to someone trustworthy to deliver.