TLS key logging
Use-case: DoT/DoH debugging Debugging encrypted transports is very hard because we do not see in the traffic, so plain PCAPs are useless.
Introduce a new logging channel for TLS keys, which would produce stream of TLS pre-master secrets which can be used with Wireshark to decrypt TLS traffic. (Volume of the logged data can be significant so it's important to have some size limits on the file size - that's why I'm proposing to reuse logging machinery we have already.)
Open question is if it should somehow take into account
SSLKEYLOGFILE environment variable as it is customary in GnuTLS and NSS. The reason is that environment variable will be easier to use when debugging something in an automated test systems (as opposed to modifying named.conf). Maybe
SSLKEYLOGFILE environment variable could, if present, just generate in-memory logging config snippet?