Goal

• As an administrator, I want support for DNS over TLS (DoT) in RHEL IdM so that all DNS traffic within modern deployments can be authenticated, authorized, and encrypted, ensuring secure communication in a Zero-Trust environment.

Acceptance criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

• Verify administrators can enable and configure DNS over TLS (DoT) for DNS zones managed by RHEL IdM.
• Verify encrypted DNS traffic (via DoT) is logged appropriately, with no sensitive data being exposed.
• Verify that when encrypted DNS is enforced, RHEL IdM blocks unencrypted DNS queries within the internal network.
• Verify IdM provides a fallback mechanism to log and alert administrators when encrypted DNS traffic fails to establish.
• Verify the system supports backward compatibility with deployments that do not use DoT.
• Verify DNS traffic encryption settings are integrated into the IdM framework, allowing configuration via CLI.