I was wondering about securing DNS; securing data in transit against tampering, and checking the identity of servers. TLS would be fine with TCP or SCTP, but you would really want long-term persistent connections for decent performance and their cost in RAM would be a real nuisance.
I read that cloudflare offers TLS / TCP at
2606:4700:4700::1111
2606:4700:4700::1001
1.1.1.1
1.0.0.1
all on TCP port 853. There is also Quad9
2620:fe::fe
2620:fe::9
9.9.9.9
149.112.112.112
I would need my Firebrick router to support this protocol though, as all my boxes are set to use it as a caching relay DNS server and it could then act as a protocol converter.