Implement support for DNS over QUIC

Description

DNS-over-QUIC, specified in RFC 9250, has considerable advantages over the already-implemented options.

• With the debatable exception of DoH and HTTP/3, it is the only standardized encrypted DNS protocol to operate over UDP.
• It avoids issues such as head-of-line blocking and potential for amplification attacks.
• It avoids the overhead of DNS-over-HTTPS.

Request

DNS-over-QUIC should be offered wherever DNS-over-HTTPS or DNS-over-TLS is, at minimum. Its use should be encouraged over the others where applicable.

RFC 9250 emphasizes the following scopes of usage:

• the "stub to recursive resolver" scenario (also called the "stub to recursive" scenario in this document)
• the "recursive resolver to authoritative nameserver" scenario (also called the "recursive to authoritative" scenario in this document), and
• the "nameserver to nameserver" scenario (mainly used for zone transfers (XFR) RFC1995 RFC5936).

I believe that covers every function of BIND.

---

While not specific to DNS-over-QUIC, the implementation should be designed with future support for non-standard ports and SVBC records in mind. 53/udp is explicitly banned for use with this protocol, but it should eventually be possible to use any other non-standard port rather than 853/udp.