From bb4b86c8178faa74bbbfd20e91626bf9372424c6 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Mon, 12 Feb 2024 03:34:00 +0000
Subject: [PATCH] Add note about DoH proof building usage.

---
 src/query.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/query.rs b/src/query.rs
index 07954b3..bb8fd7d 100644
--- a/src/query.rs
+++ b/src/query.rs
@@ -183,6 +183,11 @@ const MAX_REQUESTS: usize = 10;
 /// [`ProofBuilder::process_response`] should be called, and each fresh query returned should be
 /// sent to the resolver. Once [`ProofBuilder::awaiting_responses`] returns false,
 /// [`ProofBuilder::finish_proof`] should be called to fetch the resulting proof.
+///
+/// To build a DNSSEC proof using a DoH server, take each [`QueryBuf`], encode it as base64url, and
+/// make a query to `https://doh-server/endpoint?dns=base64url_encoded_query` with an `Accept`
+/// header of `application/dns-message`. Each response, in raw binary, can be fed directly into
+/// [`ProofBuilder::process_response`].
 pub struct ProofBuilder {
 	proof: Vec<u8>,
 	min_ttl: u32,
-- 
2.39.5