Docs: Add warning to use tls_servername (#4992)

Signed-off-by: OctoHuman <17958767+OctoHuman@users.noreply.github.com>
2025-10-27 08:14:18 -04:00 · 2021-11-22 01:49:13 -06:00
parent a9d9d2b71e
commit 29f6d0a6b2
1 changed files with 3 additions and 1 deletions
--- a/plugin/forward/README.md
+++ b/plugin/forward/README.md
@@ -79,7 +79,9 @@ forward FROM TO... {
 * `tls_servername` **NAME** allows you to set a server name in the TLS configuration; for instance 9.9.9.9
  needs this to be set to `dns.quad9.net`. Multiple upstreams are still allowed in this scenario,
  but they have to use the same `tls_servername`. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1
-  (Cloudflare) will not work.
+  (Cloudflare) will not work. Using TLS forwarding but not setting `tls_servername` results in anyone
+  being able to man-in-the-middle your connection to the DNS server you are forwarding to. Because of this,
+  it is strongly recommended to set this value when using TLS forwarding.
 * `policy` specifies the policy to use for selecting upstream servers. The default is `random`.
  * `random` is a policy that implements random upstream selection.
  * `round_robin` is a policy that selects hosts based on round robin ordering.