Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder
See https://tools.ietf.org/html/rfc7858 for the proposed standard. The benefit to the user is out of the box DNS privacy.
Unbound seems to support TLS from their changelog but its not specified that it is '7858 compliant.
I think that for the UI, there should simply be an option to enable TLS on outgoing or incomming request and the rest should be tuck away in the advanced settings tab. By "the rest" I mean standard TLS options : port, certificate management, cipher choice etc...
There are already 2 major providers supporting it in production : Google (188.8.131.52 & 184.108.40.206) and Cloudfare (220.127.116.11 & 18.104.22.168) so testing should be easy.