-
This commit allows opportunistic DNS over TLS to origins configured as supporting DoT on port 853. It also adds interface for clearing configured TLS clients to allow runtime reconfiguration. The general mode of operation is as follows: 1. Produce a new outgoing query 2. Check if the selected upstream address has configured TLS support on port 853 2a. If it does: upgrade to DNS over TLS, it cannot be downgraded from this point 2b. If not: continue with preferred protocol This allows further automatic discovery as in [1], but right now it has to be configured manually. [1]: https://tools.ietf.org/id/draft-bortzmeyer-dprive-resolver-to-auth-00.html (cherrypicked from cloudflare branch, need to be adapted)
fa677610