Oblivious DoH requires, at a minimum:
o Two DoH servers, where one can act as an Oblivious Proxy, and the
other can act as an Oblivious Target.
o Public keys for encrypting DNS queries that are passed from a
client through a proxy to a target (Section 6). These keys
guarantee that only the intended Oblivious Target can decrypt
client queries.
o Client ability to generate random [RFC4086] one-time-use symmetric
keys to encrypt DNS responses. These symmetric keys ensure that
only the client will be able to decrypt the response from the
Oblivious Target. They are only used once to prevent the
Oblivious Target from tracking clients based on keys.
Draft here: https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-01
The gist of it: