[FR] Provide DNS over QUIC (DoQ) forwarding in libunbound

[rwfranks]

Perl Net::DNS is widely used for test scripts and can be integrated with libunbound to provide both upstream DoT and DNSSEC validation.

There is, or soon will be, a real need to extend this capability to DoQ test scripts.

I anticipate that usage would be similar to the following DoT example:

    use Net::DNS;
    use Net::DNS::Resolver::Unbound 1.29 -register;

    my $resolver = Net::DNS::Resolver->new(
        nameserver  => '1.1.1.1@853#cloudflare-dns.com',
        nameserver  => '8.8.8.8@853#dns.google',
        add_ta_file => '/var/lib/unbound/root.key',
        option      => [qw(tls-cert-bundle /etc/ssl/cert.pem)],
        set_tls     => 1,
        );

    my $response = $resolver->send( 'example.com.', 'AAAA' );

[wcawijngaards]

There is a branch with doq functionality, but it is downstream only. In that branch, there is a testcode client, 'doqclient', that can perform client side doq lookups for unit tests. The upstream forward using doq is an good plan, but not there right now.

[rwfranks]

An existing Net::DNS user expressed a wish to use DoQ for a global performance monitoring project.
Integrating Net::DNS and libunbound seems the best route to achieve this.
A favourable slot on your todo list would be much appreciated.

[pemensik]

I would like this feature too. Great thing is, client quic implementation is possible with openssl directly. https://docs.openssl.org/master/man7/openssl-quic/. Unlike usage with ngtcp2 where openssl is not yet supported. I admit using ngtcp2 library with at least client support part would be better than implementing separate support for openssl only. Especially as current API does not provide server side support.

[rwfranks]

Please add this [FR] to (new) milestone 1.23.0 to provide visibility to interested parties.

Completion of #871 and recent release of 1.22.0 inevitably increases the demand for upstream DoQ.