forward doc update (#4254)

* forward: add example with multiple DoT upstreams

Remove Bugs section as this is a nice work around.

h/t https://twitter.com/mholt6/status/1284250606673080321

Signed-off-by: Miek Gieben <miek@miek.nl>

* Actually remove bugs section

Signed-off-by: Miek Gieben <miek@miek.nl>

1 files changed, 19 insertions, 4 deletions

diff --git a/plugin/forward/README.md b/plugin/forward/README.md
index 9db30a20c..359fd3827 100644
--- a/plugin/forward/README.md
+++ b/plugin/forward/README.md
@@ -157,7 +157,7 @@ Proxy everything except `example.org` using the host's `resolv.conf`'s nameserve
 }
 ~~~
 
-Proxy all requests to 9.9.9.9 using the DNS-over-TLS protocol, and cache every answer for up to 30
+Proxy all requests to 9.9.9.9 using the DNS-over-TLS (DoT) protocol, and cache every answer for up to 30
 seconds. Note the `tls_servername` is mandatory if you want a working setup, as 9.9.9.9 can't be
 used in the TLS negotiation. Also set the health check duration to 5s to not completely swamp the
 service with health checks.
@@ -184,10 +184,25 @@ Or with multiple upstreams from the same provider
 }
 ~~~
 
-## Bugs
+Or when you have multiple DoT upstreams with different `tls_servername`s, you can do the following:
 
-The TLS config is global for the whole forwarding proxy if you need a different `tls_servername` for
-different upstreams you're out of luck.
+~~~ corefile
+. {
+    forward . 127.0.0.1:5301 127.0.0.1:5302
+}
+
+.:5301 {
+    forward . 8.8.8.8 8.8.4.4 {
+        tls_servername dns.google
+    }
+}
+
+.:5302 {
+    forward . 1.1.1.1 1.0.0.1 {
+        tls_servername cloudflare-dns.com
+    }
+}
+~~~
 
 ## See Also