How to query for DNS over HTTPS/DNS over TLS using command line?

I didn't find a single tool for both the purpose, but I did find ways to use them.

There are two ways to query DoH:

# json
curl -H 'accept: application/dns-json' '' | jq .
# dns wireformat
curl -H 'accept: application/dns-message' ''  | hexdump -c

For DoT, you can use kdig tool provided by knot. The command line is similar to dig:

apt-get install knot-dnsutils
# For macOS:
# brew install knot
kdig -d @ +tls-ca

where the is the pre-resolved address of the tls host (

Update: Here is a tool ( that supports all major DNS protocols on its own and is able to produce machine-readable output.

curl has official DoH support since version 7.62.0 (the question is how many of your target endpoints have curl uptodate to this version.)

Use it by utilizing the --doh-url option. Example:

curl --doh-url