diff options
| author |  Miek Gieben <miek@miek.nl>
| 2018-11-20 21:16:54 +0100 |
|---|---|---|
| committer |  corbot[bot] <corbot[bot]@users.noreply.github.com>
| 2018-11-20 20:16:54 +0000 |
| commit | 973349592ed4e5f9f5b0ed58715b8a1941a39fa4 (patch) | |
| tree | c69d6fe44ed487d53be77f3a6ed5071d583e183a /plugin | |
| parent | a1d92c51cd93a83dd2936f4b857b155d5d321a26 (diff) | |
| download | coredns-973349592ed4e5f9f5b0ed58715b8a1941a39fa4.tar.gz coredns-973349592ed4e5f9f5b0ed58715b8a1941a39fa4.tar.zst coredns-973349592ed4e5f9f5b0ed58715b8a1941a39fa4.zip | |
plugin/forward: make tls config more clear (#2326)
Automatically submitted.
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/forward/README.md | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/plugin/forward/README.md b/plugin/forward/README.md index c0a426aab..fe32116b6 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -79,7 +79,9 @@ forward FROM TO... { The server certificate is verified using the specified CA file * `tls_servername` **NAME** allows you to set a server name in the TLS configuration; for instance 9.9.9.9 - needs this to be set to `dns.quad9.net`. + needs this to be set to `dns.quad9.net`. Multiple upstreams are still allowed in this scenario, + but they have to use the same `tls_servername`. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1 + (Cloudflare) will not work. * `policy` specifies the policy to use for selecting upstream servers. The default is `random`. * `health_check`, use a different **DURATION** for health checking, the default duration is 0.5s. @@ -160,6 +162,18 @@ service with health checks. } ~~~ +Or with multiple upstreams from the same provider + +~~~ corefile +. { + forward . tls://1.1.1.1 tls://1.0.0.1 { + tls_servername loudflare-dns.com + health_check 5s + } + cache 30 +} +~~~ + ## Bugs The TLS config is global for the whole forwarding proxy if you need a different `tls_servername` for |