1. Proposed title of this feature request

Support CoreDNS forwarding DNS requests over TLS

2. What is the nature and description of the request?

Telco partners and their customers require outbound DNS requests from CoreDNS to upstream DNS servers to be transported over TLS in order to provide privacy and data integrity protection. Requests from pods to CoreDNS will not be transported over TLS.

The request flow required to be supported is:

DNS client/stub resolver ==plain unencrypted DNS (port 53)==> CoreDNS ==DNS over TLS (port 853)==> Upstream/external DNS server/resolver

It would appear that CoreDNS already supports forwarding of requests over TLS via its
forward plugin, however it is not currently possible to configure forwarding over TLS via the OpenShift DNS Operator.

This RFE is to provide DNS over TLS support for the scenario above. This RFE is related to RFE-1859 because this RFE is requesting a subset of the functionality covered by RFE-1859.

3. Why does the customer need this? (List the business requirements here)

To encrypt DNS transport outside of the cluster for privacy protection and data integrity.

4. List any affected packages or components.

DNS Operator, CoreDNS