coredns/man/coredns-tls.7

.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "COREDNS\-TLS" "7" "March 2019" "CoreDNS" "CoreDNS plugins"
.
.SH "NAME"
\fItls\fR \- allows you to configure the server certificates for the TLS and gRPC servers\.
.
.SH "DESCRIPTION"
CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858) or are using gRPC (https://grpc\.io/, not an IETF standard)\. Normally DNS traffic isn\'t encrypted at all (DNSSEC only signs resource records)\.
.
.P
The \fItls\fR "plugin" allows you to configure the cryptographic keys that are needed for both DNS\-over\-TLS and DNS\-over\-gRPC\. If the \fBtls\fR directive is omitted, then no encryption takes place\.
.
.P
The gRPC protobuffer is defined in \fBpb/dns\.proto\fR\. It defines the proto as a simple wrapper for the wire data of a DNS message\.
.
.SH "SYNTAX"
.
.nf

tls CERT KEY [CA]
.
.fi
.
.P
Parameter CA is optional\. If not set, system CAs can be used to verify the client certificate
.
.SH "EXAMPLES"
Start a DNS\-over\-TLS server that picks up incoming DNS\-over\-TLS queries on port 5553 and uses the nameservers defined in \fB/etc/resolv\.conf\fR to resolve the query\. This proxy path uses plain old DNS\.
.
.IP "" 4
.
.nf

tls://\.:5553 {
    tls cert\.pem key\.pem ca\.pem
    forward \. /etc/resolv\.conf
}
.
.fi
.
.IP "" 0
.
.P
Start a DNS\-over\-gRPC server that is similar to the previous example, but using DNS\-over\-gRPC for incoming queries\.
.
.IP "" 4
.
.nf

grpc://\. {
    tls cert\.pem key\.pem ca\.pem
    forward \. /etc/resolv\.conf
}
.
.fi
.
.IP "" 0
.
.P
Only Knot DNS\' \fBkdig\fR supports DNS\-over\-TLS queries, no command line client supports gRPC making debugging these transports harder than it should be\.
.
.SH "ALSO SEE"
RFC 7858 and https://grpc\.io\.
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`.\" generated with Ronn/v0.7.3`
			`.\" http://github.com/rtomayko/ronn/tree/0.7.3`
			`.`
Doc: regenerate the man-pages (#2739) A 'make -f Makefile.doc clean all'. Signed-off-by: Miek Gieben <miek@miek.nl> 2019-03-30 13:56:52 +00:00			`.TH "COREDNS\-TLS" "7" "March 2019" "CoreDNS" "CoreDNS plugins"`
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`.`
			`.SH "NAME"`
			`\fItls\fR \- allows you to configure the server certificates for the TLS and gRPC servers\.`
			`.`
			`.SH "DESCRIPTION"`
			`CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858) or are using gRPC (https://grpc\.io/, not an IETF standard)\. Normally DNS traffic isn\'t encrypted at all (DNSSEC only signs resource records)\.`
			`.`
			`.P`
			`The \fItls\fR "plugin" allows you to configure the cryptographic keys that are needed for both DNS\-over\-TLS and DNS\-over\-gRPC\. If the \fBtls\fR directive is omitted, then no encryption takes place\.`
			`.`
			`.P`
			`The gRPC protobuffer is defined in \fBpb/dns\.proto\fR\. It defines the proto as a simple wrapper for the wire data of a DNS message\.`
			`.`
			`.SH "SYNTAX"`
			`.`
			`.nf`

generate doc for 1.1.3 (#1832) 2018-05-24 07:51:59 +01:00			`tls CERT KEY [CA]`
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`.`
			`.fi`
			`.`
generate doc for 1.1.3 (#1832) 2018-05-24 07:51:59 +01:00			`.P`
			`Parameter CA is optional\. If not set, system CAs can be used to verify the client certificate`
			`.`
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`.SH "EXAMPLES"`
			`Start a DNS\-over\-TLS server that picks up incoming DNS\-over\-TLS queries on port 5553 and uses the nameservers defined in \fB/etc/resolv\.conf\fR to resolve the query\. This proxy path uses plain old DNS\.`
			`.`
			`.IP "" 4`
			`.`
			`.nf`

			`tls://\.:5553 {`
			`tls cert\.pem key\.pem ca\.pem`
Doc: regenerate the man-pages (#2739) A 'make -f Makefile.doc clean all'. Signed-off-by: Miek Gieben <miek@miek.nl> 2019-03-30 13:56:52 +00:00			`forward \. /etc/resolv\.conf`
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`}`
			`.`
			`.fi`
			`.`
			`.IP "" 0`
			`.`
			`.P`
			`Start a DNS\-over\-gRPC server that is similar to the previous example, but using DNS\-over\-gRPC for incoming queries\.`
			`.`
			`.IP "" 4`
			`.`
			`.nf`

			`grpc://\. {`
			`tls cert\.pem key\.pem ca\.pem`
Doc: regenerate the man-pages (#2739) A 'make -f Makefile.doc clean all'. Signed-off-by: Miek Gieben <miek@miek.nl> 2019-03-30 13:56:52 +00:00			`forward \. /etc/resolv\.conf`
Manual pages (#1346) * Add manual pages Generate manual pages from the README and extend README with Name and Description sections. The generation requires 'ronn' which may not be available. Just check in all generated manual pages. 2018-01-04 12:53:07 +00:00			`}`
			`.`
			`.fi`
			`.`
			`.IP "" 0`
			`.`
			`.P`
			`Only Knot DNS\' \fBkdig\fR supports DNS\-over\-TLS queries, no command line client supports gRPC making debugging these transports harder than it should be\.`
			`.`
			`.SH "ALSO SEE"`
			`RFC 7858 and https://grpc\.io\.`