https://kb.leuxner.net/article/dns-over-tls-using-bind-and-nginx/
Since our BIND server currently does not support TLS secured queries natively, we will be using nginx rather than stunnel to provide a secured endpoint. Not
dns over tlsusingbindnginxkb