Goal

• As a network administrator, I need RFC9463 to allow clients to discover encryption-enabled name servers via a new DHCP option, so that they can securely resolve DNS queries using supported protocols like DNS over TLS. This feature should be offered via DBus to any service capable of processing it, and the discovered servers should be passed as unbound forwarders. The system should support the definition of additional encrypted DNS protocols, ensuring future extensibility

Acceptance Criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

• Verify that the system can discover and process encryption-enabled name servers through the new DHCP option
• Verify that the discovered name servers' IP addresses and hostnames are offered via DBus to any capable service
• Verify that DNS over TLS (RFC 7858) is supported as the mandatory protocol
• Verify that the system is capable of being extended to support new encrypted DNS protocols without breaking the API/ABI
• Verify that for each resolver, the following information can be specified: IP address (IPv4 or IPv6), Authentication hostname for X.509 certificate, Protocol supported, with optional prioritization, (Optional) Alternative port of service
• Verify that multiple resolvers can be configured for a single connection or global configuration (e.g. unbound)
• Verify that the system can handle cases where the IP address alone is sufficient to verify the host certificate
• Verify that the system can correctly authenticate certificates when IP addresses are obtained from network-provided servers