diff options
| -rw-r--r-- | plugin/forward/README.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/plugin/forward/README.md b/plugin/forward/README.md index 8bc0e2c8b..892701f70 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -79,7 +79,9 @@ forward FROM TO... { * `tls_servername` **NAME** allows you to set a server name in the TLS configuration; for instance 9.9.9.9 needs this to be set to `dns.quad9.net`. Multiple upstreams are still allowed in this scenario, but they have to use the same `tls_servername`. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1 - (Cloudflare) will not work. + (Cloudflare) will not work. Using TLS forwarding but not setting `tls_servername` results in anyone + being able to man-in-the-middle your connection to the DNS server you are forwarding to. Because of this, + it is strongly recommended to set this value when using TLS forwarding. * `policy` specifies the policy to use for selecting upstream servers. The default is `random`. * `random` is a policy that implements random upstream selection. * `round_robin` is a policy that selects hosts based on round robin ordering. |