RFC 7858: kresd should be able to use TLS on outbound queries when configured in forwarding mode.
we currently allow policies like:
It would be great if we could do forwarding (stub-to-recursive) over TLS.
I propose something like
policy:add(policy.all(policy.FORWARD('TLS:192.168.1.1'))), though i'm open to other suggestions for how this would be implemented.