feat: add DNS-over-TLS (DoT) listener (RFC 7858)

Refactor handle_query into transport-agnostic resolve_query that returns a BytePacketBuffer, keeping the UDP path zero-alloc. Add a TLS listener on port 853 with persistent connections, idle timeout, connection limits, and coalesced writes. Supports user-provided certs or self-signed CA fallback. Includes 5 integration tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 00:36:26 +03:00
parent 766935ec97
commit e4350ae81c
7 changed files with 534 additions and 11 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -5,6 +5,7 @@ pub mod cache;
 pub mod config;
 pub mod ctx;
 pub mod dnssec;
+pub mod dot;
 pub mod forward;
 pub mod header;
 pub mod lan;