[$] System-wide encrypted DNS

The increasing sophistication of attackers has organizationsrealizing that perimeter-based security models are inadequate. Manyare planning to transition their internal networks to a zero-trustarchitecture. This requires every communication on the network tobe encrypted, authenticated, and authorized. This can be achieved inapplications and services by using modern communicationprotocols. However, the world still depends on Domain Name System(DNS) services where encryption, while possible, is far from being theindustry standard. To address this we, as part of a working group atRed Hat, worked on fully integrating encrypted DNS for Linuxsystems-not only while the system is running but also during theinstallation and boot process, including support for a customcertificate chain in the initial ramdisk. This integration is nowavailable in CentOSStream9, 10, and the upcomingFedora43 release.