nss-tls

Changes compared to v1.0:

• If resolvers= is empty or the configuration file is missing, DoH servers are guessed using /etc/resolv.conf
  • /etc/resolv.conf is monitored for changes, just like the configuration file
  • Special hack to deal with the ugly way systemd-resolved hijacks DNS requests
• By default, resolvers= is empty
• nss-tlsd no longer exits if there are no configured DoH servers; instead, it keeps running and monitors the configuration for changes
  • If there are no configured DoH servers, nsswitch.conf dictates whether or not we fall back to DNS
• Various bug fixes
• The post-installation script now gives nss-tls priority over systemd's nss-resolve, too (although Debian has adopted systemd-resolved using the combination of glibc's nss-dns, and systemd-resolved's modification of /etc/resolv.conf)