nss-tls (DNS-over-HTTPS resolver)

nss-tls is an alternative, encrypted name resolving library for Linux
distributions with glibc which uses DNS-over-HTTPS. The glibc name
resolver can be configured through nsswitch.conf(5) to use nss-tls
instead of the DNS resolver, or fall back to DNS when nss-tls fails.

This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently
migrated from DNS to encrypted means of name resolving, with
zero application-side changes and minimal resource consumption
footprint. However, nss-tls does not deal with applications that use
their own, built-in DNS resolver.

See README_SBo.txt for instructions on setting things up, once the
package is installed. It won't "just work", you really do have to
configure it.

The default servers in the config file are provided by Google, Quad9,
and Cloudflare. If you'd like to change these, there is a list of
public DoH servers here:

https://zenodo.org/records/4923371