name resolution fails with --doh-url

[dtmsecurity]

I did this

I have tried the 7.62 release and compiling from git on Ubuntu 16.04 LTS and also tried the 7.62 release on OS X via brew and I can't seem to make DoH resolution work via the command line argument --doh-url.

$ /usr/local/opt/curl/bin/curl --version
curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'
$ /usr/local/opt/curl/bin/curl -v --doh-url https://1.1.1.1 http://www.example.org/
* Couldn't resolve host 'www.example.org'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.example.org'

I get the above regardless of what I try and I've tried other DoH providers than Cloudflare and different URIs i.e. with/without /dns-query.

I expected the following

DoH to successfully resolve, this to work as described here:
https://daniel.haxx.se/blog/2018/09/06/doh-in-curl/

curl/libcurl version

curl 7.62.0 (x86_64-apple-darwin17.7.0) libcurl/7.62.0 SecureTransport zlib/1.2.11
Release-Date: 2018-10-31

and

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.0.2g zlib/1.2.8
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy ```

### operating system

OS X and Ubuntu 16.04.5 LTS (Xenial Xerus)

[bagder]

I use this command line in my attempts to reproduce your problem:

curl -v --doh-url https://1.1.1.1/dns-query http://www.example.org/

This works fine with my curl from stock debian unstable:

curl 7.62.0 (x86_64-pc-linux-gnu) libcurl/7.62.0 OpenSSL/1.1.1a zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.34.0 librtmp/2.3
Release-Date: 2018-10-31

With my current build from git master on debian Linux:

curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.1a zlib/1.2.11 brotli/1.0.7 c-ares/1.14.0 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.1_DEV nghttp2/1.35.0-DEV librtmp/2.3
Release-Date: [unreleased]

With my current build from git master on mac:

curl 7.63.0-DEV (x86_64-apple-darwin17.7.0) libcurl/7.63.0-DEV SecureTransport zlib/1.2.11 nghttp2/1.32.0
Release-Date: [unreleased]

Puzzling!

[dtmsecurity]

I think this could be related Issue #3064 - all of your version strings have nghttp2?

[dtmsecurity]

Just confirmed this - on Ubuntu if I install nghttp2 lib:

apt install libnghttp2-dev

Then recompile it works:

root@blacksmith:~/curl# ./src/curl --version
curl 7.63.0-DEV (x86_64-pc-linux-gnu) libcurl/7.63.0-DEV OpenSSL/1.1.0g zlib/1.2.11 **nghttp2/1.30.0**
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy 

[bagder]

I don't understand. Are you saying that DoH doesn't work for you if you build curl without HTTP/2 support?

[dtmsecurity]

Yes, without nghttp2 it did not work. I build it with nghttp2 and it does. That's the only thing I did differently.

[bagder]

Aaah yes, we only support DoH over HTTP/2 for now. I didn't bother to make it use in HTTP/2-disabled builds... but I figure I can. I'll put a PR up.