From c1e1341bb4e1fe2ad8b53ef4fc02f5072470ef81 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Tue, 19 Nov 2019 15:56:49 +0100
Subject: [PATCH] dnsdist: Add DoH behind reverse proxy (and http) to guide

---
 pdns/dnsdistdist/docs/guides/dns-over-https.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/dnsdistdist/docs/guides/dns-over-https.rst b/pdns/dnsdistdist/docs/guides/dns-over-https.rst
index 2cf6fadbb8..353ba944bf 100644
--- a/pdns/dnsdistdist/docs/guides/dns-over-https.rst
+++ b/pdns/dnsdistdist/docs/guides/dns-over-https.rst
@@ -31,3 +31,8 @@ A more complicated (and more realistic) example is when you want to indicate met
 
   addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', "/", {customResponseHeaders={["link"]="<https://example.com/policy.html> rel=\\"service-meta\\"; type=\\"text/html\\""}})
 
+In case you want to run DNS-over-HTTPS behind a reverse proxy you probably don't want to encrypt your traffic between reverse proxy and dnsdist.
+To let dnsdist listen for DoH queries over HTTP on localhost at port 8053 add one of the following to your config::
+
+  addDOHLocal("127.0.0.1:8053")
+  addDOHLocal("127.0.0.1:8053", nil, nil, "/", { reusePort=true })
\ No newline at end of file
-- 
2.47.2