Implement support for DNS over QUIC

Description

DNS-over-QUIC, specified in RFC 9250, has considerable advantages over the already-implemented options.

With the debatable exception of DoH and HTTP/3, it is the only standardized encrypted DNS protocol to operate over UDP.
It avoids issues such as head-of-line blocking and potential for amplification attacks.
It avoids the overhead of DNS-over-HTTPS.

Request

DNS-over-QUIC should be offered wherever DNS-over-HTTPS or DNS-over-TLS is, at minimum. Its use should be encouraged over the others where applicable.

RFC 9250 emphasizes the following scopes of usage:

the "stub to recursive resolver" scenario (also called the "stub to recursive" scenario in this document)

the "recursive resolver to authoritative nameserver" scenario (also called the "recursive to authoritative" scenario in this document), and

the "nameserver to nameserver" scenario (mainly used for zone transfers (XFR) RFC1995 RFC5936).

I believe that covers every function of BIND.

While not specific to DNS-over-QUIC, the implementation should be designed with future support for non-standard ports and SVBC records in mind. 53/udp is explicitly banned for use with this protocol, but it should eventually be possible to use any other non-standard port rather than 853/udp.

Edited Oct 31, 2022 by Jeremy Saklad