mirror of
https://github.com/coredns/coredns.git
synced 2026-06-02 07:10:24 -04:00
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
This commit is contained in:
Dmytro Alieksieiev
committed by
GitHub
GitHub
parent
33c71b1554
commit
ce0e5a6f39
@@ -31,7 +31,9 @@ forward FROM TO...
|
||||
that expand to multiple reverse zones are not fully supported; only the first expanded zone is used.
|
||||
* **TO...** are the destination endpoints to forward to. The **TO** syntax allows you to specify
|
||||
a protocol, `tls://9.9.9.9` or `dns://` (or no protocol) for plain DNS. The number of upstreams is
|
||||
limited to 15.
|
||||
limited to 15. In addition to IP addresses and files (like `/etc/resolv.conf`), **TO** can also be
|
||||
a hostname (e.g., `my-dns.svc.cluster.local`). Hostnames are resolved to IP addresses at startup.
|
||||
See the `resolver` option below.
|
||||
|
||||
Multiple upstreams are randomized (see `policy`) on first use. When a healthy proxy returns an error
|
||||
during the exchange the next upstream in the list is tried.
|
||||
@@ -55,6 +57,7 @@ forward FROM TO... {
|
||||
next RCODE_1 [RCODE_2] [RCODE_3...]
|
||||
failfast_all_unhealthy_upstreams
|
||||
failover RCODE_1 [RCODE_2] [RCODE_3...]
|
||||
resolver IP[:PORT] [IP[:PORT]...]
|
||||
}
|
||||
~~~
|
||||
|
||||
@@ -114,6 +117,7 @@ forward FROM TO... {
|
||||
* `next_on_nodata` If `NOERROR` is returned by the remote, but an empty answer section (`NODATA`) was provided, execute the next `forward` plugin, if configured.
|
||||
* `failfast_all_unhealthy_upstreams` - determines the handling of requests when all upstream servers are unhealthy and unresponsive to health checks. Enabling this option will immediately return SERVFAIL responses for all requests. By default, requests are sent to a random upstream.
|
||||
* `failover` - By default when a DNS lookup fails to return a DNS response (e.g. timeout), _forward_ will attempt a lookup on the next upstream server. The `failover` option will make _forward_ do the same for any response with a response code matching an `RCODE` ( e.g. `SERVFAIL`、`REFUSED`). `NOERROR` cannot be used. If all upstreams have been tried, the response from the last attempt is returned.
|
||||
* `resolver` **IP[:PORT] [IP[:PORT]...]** specifies one or more DNS resolver addresses used to resolve hostname-based **TO** endpoints at startup. If not specified, the system resolver (`/etc/resolv.conf`) is used. Each address is either a bare IP (IPv4 or IPv6, port 53 assumed) or `IP:port`. Multiple addresses can be specified for redundancy.
|
||||
|
||||
Also note the TLS config is "global" for the whole forwarding proxy if you need a different
|
||||
`tls_servername` for different upstreams you're out of luck.
|
||||
@@ -313,6 +317,16 @@ In the following example, if the response from `1.2.3.4` is `SERVFAIL` or `REFUS
|
||||
}
|
||||
~~~
|
||||
|
||||
Forward to an upstream identified by hostname, using a specific resolver to look it up:
|
||||
|
||||
~~~ txt
|
||||
. {
|
||||
forward . dns.example.local {
|
||||
resolver 10.0.0.1
|
||||
}
|
||||
}
|
||||
~~~
|
||||
|
||||
## See Also
|
||||
|
||||
[RFC 7858](https://tools.ietf.org/html/rfc7858) for DNS over TLS.
|
||||
|
||||
Reference in New Issue
Block a user