From 8759d00edd4702f578106644b62f5904d44ea0aa Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Tue, 3 Nov 2020 15:32:49 +0100 Subject: [PATCH] forward doc update (#4254) * forward: add example with multiple DoT upstreams Remove Bugs section as this is a nice work around. h/t https://twitter.com/mholt6/status/1284250606673080321 Signed-off-by: Miek Gieben * Actually remove bugs section Signed-off-by: Miek Gieben --- plugin/forward/README.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/plugin/forward/README.md b/plugin/forward/README.md index 9db30a20c..359fd3827 100644 --- a/plugin/forward/README.md +++ b/plugin/forward/README.md @@ -157,7 +157,7 @@ Proxy everything except `example.org` using the host's `resolv.conf`'s nameserve } ~~~ -Proxy all requests to 9.9.9.9 using the DNS-over-TLS protocol, and cache every answer for up to 30 +Proxy all requests to 9.9.9.9 using the DNS-over-TLS (DoT) protocol, and cache every answer for up to 30 seconds. Note the `tls_servername` is mandatory if you want a working setup, as 9.9.9.9 can't be used in the TLS negotiation. Also set the health check duration to 5s to not completely swamp the service with health checks. @@ -184,10 +184,25 @@ Or with multiple upstreams from the same provider } ~~~ -## Bugs +Or when you have multiple DoT upstreams with different `tls_servername`s, you can do the following: -The TLS config is global for the whole forwarding proxy if you need a different `tls_servername` for -different upstreams you're out of luck. +~~~ corefile +. { + forward . 127.0.0.1:5301 127.0.0.1:5302 +} + +.:5301 { + forward . 8.8.8.8 8.8.4.4 { + tls_servername dns.google + } +} + +.:5302 { + forward . 1.1.1.1 1.0.0.1 { + tls_servername cloudflare-dns.com + } +} +~~~ ## See Also