Add DNS over HTTPS service

pages/01.home/dns/default.md

@@ -113,6 +113,25 @@ nameserver fd42:5d71:219:0:1::43
 nameserver 172.20.20.65
 ```
 
+#### DNS over HTTPS (DoH)
+
+* https://dns.burble.dn42/dns-query
+* https://[fd42:4242:2601:ac53::53]/dns-query
+* https://172.20.129.2/dns-query
+
+The recursive DNS service supports DNS over HTTPS. The HTTPS service is signed by the
+burble.dn42 [Certificate Authority](/home/certificate-authority), and the CA certificate
+will be required by the DoH client in order to use the service. Unfortunately, the
+use of a self-signed CA means that OCSP stapling is not supported. 
+
+```
+$ doh burble.dn42 https://[fd42:4242:2601:ac53::53]/dns-query
+burble.dn42 from https://[fd42:4242:2601:ac53::53]/dns-query
+TTL: 3600 seconds
+A: 172.20.129.3
+AAAA: fd42:4242:2601:ac80:0000:0000:0000:0001
+```
+
 ## Implementation
 
 The DNS service is implemented as a tiered, anycast service with each node
@@ -122,15 +141,21 @@ in the network providing a local cache in front of five, regional, master nodes.
 
 The ns1.burble.dn42 authoritative service is provided by [dnsdist](https://dnsdist.org/).
 Queries are forwarded to the nearest regional master node and responses are then cached.
-If the regional master is not available, the next nearest will be queried until a response is found.
+If the regional master is not available, the next nearest will be queried until a response
+is found.
 
-The dns.burble.dn42 recursive service is provided by [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
-configured using the 'all-servers' mode. Queries are forwarded to all 5 regional masters in parallel
-and the first response received is then returned. This approach ensures users get the lowest latency
-results possible, regardless of location, and that any local connectivity issues do not impact the results.
+The dns.burble.dn42 recursive service is provided by
+[dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
+configured using the 'all-servers' mode. Queries are forwarded to all 5 regional masters
+in parallel and the first response received is then returned. This approach ensures users
+get the lowest latency results possible, regardless of location, and that any local
+connectivity issues do not impact the results.
 
 Recursive queries are cached on the edge nodes and master nodes, creating a network wide cache
-of results across all users of the service. 
+of results across all users of the service.
+
+Each edge node also runs [m13253/dns-over-https](https://github.com/m13253/dns-over-https)
+to provide the DNS over HTTPS service.
 
 Anycast routes to the DNS servers are advertised to the main Bird2 instance using
 [GoBGP](https://github.com/osrg/gobgp) and a health checking script.

pages/01.home/maintenance-log/default.md

@@ -10,6 +10,10 @@ A log of changes to the burble.dn42 network.
 
 ## burble.dn42 Maintenance Log
 
+#### 17nd July 2019
+
+DoH! The [DNS Service](/home/dns) now support DNS over HTTPS.
+
 #### 22nd June 2019
 
 Tidied up node information.

pages/04.about/default.md

@@ -6,7 +6,7 @@ media_order: 'DN42 Map 181224.2.png'
 #burble.dn42
 
 burble.dn42 is an experimental global network, part of [dn42](https://dn42.us/)  
-By active peer count, burble.dn42 is the 3rd largest IPv4 and 2nd largest IPv6 network in dn42.
+By active peer count, burble.dn42 is currently the largest network in dn42.
 
 #####Background