DNS-based rendezvous for Snowflake

From #25594: An idea to use DNS over HTTPS: https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4

The circumvention idea is to take any existing DNS tunneling scheme and send it through DNS over HTTPS. To be a bit more specific: you send recursive DNS queries (encoding your upstream traffic) to the DNS-over-HTTPS server, which then forwards the queries to another specialized server that decodes them and proxies the data they contain.

Even if not a general-purpose transport, DNS-over-HTTPS could be an ideal rendezvous mechanism for a system like Snowflake or Moat. One where you only need to send/receive a small amount of very hard-to-block data in order to bootstrap a connection.

The way I see it, there are two parts of this:

1. Using DNS as an underlying transport: the client sends a DNS request containing its encoded offer; the broker sends back a DNS response containing an encoded proxy answer.
2. Sending via DNS-over-HTTPS in order to avoid blocking of the DNS messages themselves.