[Pre-RFC] DNS domains as package namespaces

tcsc: > Regarding DNSSEC, DoH (DNS-over-HTTPS) is more widely deployed and has superior security properties. So I don't think spoofed DNS data is a real risk. DoH protects the communication with the recursive resolver using TLS. DNSSEC protects the communication between the recursive resolver and the nameserver using offline signatures. They are complementary to each other.