i need a "dns ring"
it's vital that hundreds of millions of currently-stub resolvers become fully recursive and validating. one of the reasons why some people like 8.8 or 1.1 or 9.9 is that it has a "mixer" effect, where surveillance at the authority servers cannot tell where the original question came from. we can expect that ECS will die in a fire now that this issue has been raised so widely. however, i need to construct a crowd-sourced ring of dns forwarders such that hundreds of thousands of them share upstream "forwarder" duties for the billion or so new 127.0.0.1 recursive validating servers we will have to create to blunt the true effects of surveillance capitalism.
let bind9 work sort of like modern ntp does -- ask an AAAA and A question of some well known name whose name servers can randomly select a set of trusted recursive validating resolvers (TRVR) every few minutes and then randomly scatter any forwarding activities among that set. if forwarders aren't otherwise enabled (perhaps by my related "auto forwarder" feature request), then there should be a way to randomly shunt 50% of the recursively validating 127.0.0.1 server to be "forward anyway".
i expect we can ask dns-oarc to operate a TRVR registry, but there may be more than one, so its domain name should be a configuration element. and to support /dev/null as a config file, this option should be specifiable on the command line as well as via the config file.