make bind prefer DoT for recursion

[Erich Eckner]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I am running a recursive resolver for my local network and was wondering 
whether it is possible (and if so: how) to make it resolve via 
DNS-over-TLS if that's available on the authoritative name servers.

Setting up stunnel like for stub resolvers seems non-practical, as bind 
will have to contact many different remote dns servers.

cheers,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAlyUnWYACgkQCu7JB1Xa
e1pIFBAAuKb2yuK5KvYtrnQ/PI4DRcOHz33Y71vYzBjGUf6RhcZF7N6SmIcyul13
gFWxmyHbha+O+a1D7CEUCnUVJ5Spx1KeNJbCI8XKPvPd6Fg0n35WDQV8iHtWuMhT
Z09E7bn0FaDbcUxNYY9fXVNA9JXTjZAYayOaVwX3Sd7wwHhLuyR2PZrUfZ+sIoW9
XqaeAbSvSYvjqnuhjvXA7a5UfO8aEVQAQI5mfASODHQQN3Sb/Zvvrx7MCLEzXpSa
P5+0HCWWyVE1IIyKy2yU4Cov8uZ95r6+BcfKBYOfIrpz4WlROnPubKfee7o40YB/
KhrRQZJ0pWrPdJGgPZUfqp3DLadGgCCYd7UFm5efptRtWiUvNcx5Z3pl1VQlHU/F
/d3qJtD0KCzV2qlo/5YVilYtHeHBZNRhyfmVPlj2Ousp6euBoDT6s4J3uIFUU6nK
v51IE8h2GwwGNtmzqcqPRHdRGngEMH5PBD2uhKZ/EUi4+DYhCeqGY+SkM0/37RMv
cWEsXU1nnjuAzpWUob/BxCsR1p7DVWNXMUp+2XuUlee08spksR7QfjQCEk/eCaeK
xsv2JtIQGWpR72uysjRAq9M4E6ZohOsqMS1ELYS/yPyT5Ox/cCER8iMR1bw/tS4p
4siaxnp3tvHlX0w8r2kdiPm8pC6Vd/qFslS6XtFiC9NmiqBrnZw=
=9oou
-----END PGP SIGNATURE-----