Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

[Kan-Ru Chen <koster@debian.org>]

Package: wnpp
Severity: wishlist
Owner: Kan-Ru Chen <koster@debian.org>

* Package name    : nss-tls
  Version         : pre-release
  Upstream Author : Dima Krasner <dima@dimakrasner.com>
* URL             : https://github.com/dimkr/nss-tls
* License         : LGPL-2.1
  Programming Lang: C
  Description     : encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)

nss-tls is an alternative, encrypted name resolving library to use
with glibc, which uses DNS-over-HTTPS (DoH).

The glibc name resolver can be configured through nsswitch.conf(5) to
use nss-tls instead of the DNS resolver, or fall back to DNS when
nss-tls fails.

This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently migrated
from DNS to encrypted means of name resolving, with zero
application-side changes and minimal resource consumption footprint.
However, nss-tls does not deal with applications that use their own,
built-in DNS resolver.

There should be three binary packages:

1. nss-tlsd - a daemon that runs in the background, receives name
resolving requests over a Unix socket and replies with resolved
addresses.

2. libnss_tls.so - is a tiny client library, which delegates the
resolving work to nss-tlsd through the Unix socket and passes the
results back to the application, without dependencies other than libc.

3. tlslookup - a utility program that is equivalent to nslookup(1),
but uses libnss_tls.so instead of DNS.