1 files changed, 27 insertions, 6 deletions

diff --git a/man/coredns-forward.7 b/man/coredns-forward.7
index f6dd92fd1..c4bc6c98c 100644
--- a/man/coredns-forward.7
+++ b/man/coredns-forward.7
@@ -1,5 +1,5 @@
 .\" Generated by Mmark Markdown Processer - mmark.miek.nl
-.TH "COREDNS-FORWARD" 7 "October 2020" "CoreDNS" "CoreDNS Plugins"
+.TH "COREDNS-FORWARD" 7 "November 2020" "CoreDNS" "CoreDNS Plugins"
 
 .SH "NAME"
 .PP
@@ -246,7 +246,7 @@ Proxy everything except \fB\fCexample.org\fR using the host's \fB\fCresolv.conf\
 .RE
 
 .PP
-Proxy all requests to 9.9.9.9 using the DNS-over-TLS protocol, and cache every answer for up to 30
+Proxy all requests to 9.9.9.9 using the DNS-over-TLS (DoT) protocol, and cache every answer for up to 30
 seconds. Note the \fB\fCtls_servername\fR is mandatory if you want a working setup, as 9.9.9.9 can't be
 used in the TLS negotiation. Also set the health check duration to 5s to not completely swamp the
 service with health checks.
@@ -284,12 +284,33 @@ Or with multiple upstreams from the same provider
 .fi
 .RE
 
-.SH "BUGS"
 .PP
-The TLS config is global for the whole forwarding proxy if you need a different \fB\fCtls_servername\fR for
-different upstreams you're out of luck.
+Or when you have multiple DoT upstreams with different \fB\fCtls_servername\fRs, you can do the following:
 
-.SH "ALSO SEE"
+.PP
+.RS
+
+.nf
+\&. {
+    forward . 127.0.0.1:5301 127.0.0.1:5302
+}
+
+\&.:5301 {
+    forward . 8.8.8.8 8.8.4.4 {
+        tls\_servername dns.google
+    }
+}
+
+\&.:5302 {
+    forward . 1.1.1.1 1.0.0.1 {
+        tls\_servername cloudflare\-dns.com
+    }
+}
+
+.fi
+.RE
+
+.SH "SEE ALSO"
 .PP
 RFC 7858
 \[la]https://tools.ietf.org/html/rfc7858\[ra] for DNS over TLS.