[client] Explicitly disable DNSOverTLS for systemd-resolved (#4579)

Author: kleschenko

client/internal/dns/systemd_linux.go

@@ -31,6 +31,7 @@ const (
 	systemdDbusSetDefaultRouteMethodSuffix = systemdDbusLinkInterface + ".SetDefaultRoute"
 	systemdDbusSetDomainsMethodSuffix      = systemdDbusLinkInterface + ".SetDomains"
 	systemdDbusSetDNSSECMethodSuffix       = systemdDbusLinkInterface + ".SetDNSSEC"
+	systemdDbusSetDNSOverTLSMethodSuffix   = systemdDbusLinkInterface + ".SetDNSOverTLS"
 	systemdDbusResolvConfModeForeign       = "foreign"
 
 	dbusErrorUnknownObject = "org.freedesktop.DBus.Error.UnknownObject"
@@ -102,6 +103,11 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig, stateMana
 		log.Warnf("failed to set DNSSEC to 'no': %v", err)
 	}
 
+	// We don't support DNSOverTLS. On some machines this is default on so we explicitly set it to off
+	if err := s.callLinkMethod(systemdDbusSetDNSOverTLSMethodSuffix, dnsSecDisabled); err != nil {
+		log.Warnf("failed to set DNSOverTLS to 'no': %v", err)
+	}
+
 	var (
 		searchDomains []string
 		matchDomains  []string