Support DNS over TLS

[M0NsTeRRR]

Feature Request

Support DNS over TLS to secure DNS queries

Description

Systemd resolved support DoT and it would be nice if talos support it.
Systemd resolved configuration example :

[Resolve]
DNS=192.168.10.21#dns1.unicornafk.fr 192.168.10.22#dns2.unicornafk.fr 2a0c:b641:2c0:110::21#dns1.unicornafk.fr 2a0c:b641:2c0:110::22#dns2.unicornafk.fr
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net

[smira]

Should be already supported in the upstream library, only configuration/implementation is missing.

[nberlee]

Please note: There is a potential dependency problem here between NTP and DNS over TLS.

• DNS lookup is required for NTP synchronization.
• DNS over TLS relies on correct system time to validate certificates.

This creates a circular dependency during system boot if DNS over TLS is used. Specifically, for DNS over TLS to function, a valid system time must already be set, typically via the RTC. However, not all systems have a reliable RTC configuration, which may lead to failures during the boot process.

[smira]

There's another one - what should be the default one on boot before machine configuration is established