Goal

As a network administrator, I want to implement new configuration options to enforce DNS over TLS (DoT), so that users have the flexibility to connect securely to DoT-enabled name servers while accommodating both relaxed and strict security modes. This ensures that users can either fallback to plain DNS when DoT is unavailable or enforce strict encryption requirements, satisfying both casual users and enterprise security policies.

Acceptance Criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

• Verify that the configuration options for selecting relaxed or strict DoT modes exist
• Verify that the system supports a relaxed DoT mode, where users can connect to a DoT-enabled name server if available and fall back to an unencrypted DNS protocol if not
• Verify that the system supports a strict DoT mode, where DNS queries must be encrypted using DoT, and connections should fail if DoT is unavailable
• Verify that the relaxed mode seamlessly falls back to the plain DNS protocol without requiring manual intervention when DoT is not available
• Verify that the strict mode does not allow any DNS resolution if the DoT-enabled name server is not available, ensuring compliance with enterprise security requirements
• Verify that switching between relaxed and strict modes does not disrupt ongoing network connections and is applied consistently across all network interfaces and connections
• Verify that both configuration modes persist across system reboots and are enforced immediately upon network reconnection
• Verify that administrators receive appropriate logging or alerts when a fallback to plain DNS occurs in relaxed mode or when a connection fails in strict mode due to unavailability of DoT