support plain HTTP for DoH (#4997)

Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
author: Ondřej Benkovský <ondrej.benkovsky@jamf.com> 2021-11-23 14:03:26 +0100
committer: GitHub <noreply@github.com> 2021-11-23 14:03:26 +0100
commit: b8439789f4d8dbcad0493ee96b5700605ce49e3a (patch)
tree: ac6c0c3e4a1b487292e98990ad3dabfba2c4bfbc /README.md
parent: 5f45ace89e0bb1d9120975d3d08e06dca8fa6dce (diff)
download: coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.tar.gz
coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.tar.zst
coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/README.md b/README.md
index 96305aa39..2a5d57c48 100644
--- a/README.md
+++ b/README.md
@@ -201,8 +201,15 @@ https://example.org {
     tls mycert mykey
 }
 ~~~
+in this setup, the CoreDNS will be responsible for TLS termination
 
-Note that you must have the *tls* plugin configured as DoH requires that to be setup.
+you can also start DNS server serving DoH without TLS termination (plain HTTP), but beware that in such scenario there has to be some kind
+of TLS termination proxy before CoreDNS instance, which forwards DNS requests otherwise clients will not be able to communicate via DoH with the server
+~~~ corefile
+https://example.org {
+    whoami
+}
+~~~
 
 Specifying ports works in the same way:
author	Ondřej Benkovský <ondrej.benkovsky@jamf.com>	2021-11-23 14:03:26 +0100
committer	GitHub <noreply@github.com>	2021-11-23 14:03:26 +0100
commit	b8439789f4d8dbcad0493ee96b5700605ce49e3a (patch)
tree	ac6c0c3e4a1b487292e98990ad3dabfba2c4bfbc /README.md
parent	5f45ace89e0bb1d9120975d3d08e06dca8fa6dce (diff)
download	coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.tar.gz coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.tar.zst coredns-b8439789f4d8dbcad0493ee96b5700605ce49e3a.zip