Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-06 10:25:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

plugin/forward: make tls config more clear (#2326)

Browse Source 
Automatically submitted.
This commit is contained in:
Miek Gieben
2018-11-20 21:16:54 +01:00
committed by corbot[bot]
parent a1d92c51cd
commit 973349592e
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugin/forward/README.md
View File

@@ -79,7 +79,9 @@ forward FROM TO... {
The server certificate is verified using the specified CA file The server certificate is verified using the specified CA file
* `tls_servername` **NAME** allows you to set a server name in the TLS configuration; for instance 9.9.9.9 * `tls_servername` **NAME** allows you to set a server name in the TLS configuration; for instance 9.9.9.9
needs this to be set to `dns.quad9.net`. needs this to be set to `dns.quad9.net`. Multiple upstreams are still allowed in this scenario,
but they have to use the same `tls_servername`. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1
(Cloudflare) will not work.
* `policy` specifies the policy to use for selecting upstream servers. The default is `random`. * `policy` specifies the policy to use for selecting upstream servers. The default is `random`.
* `health_check`, use a different **DURATION** for health checking, the default duration is 0.5s. * `health_check`, use a different **DURATION** for health checking, the default duration is 0.5s.
@@ -160,6 +162,18 @@ service with health checks.
} }
~~~ ~~~
Or with multiple upstreams from the same provider
~~~ corefile
. {
forward . tls://1.1.1.1 tls://1.0.0.1 {
tls_servername loudflare-dns.com
health_check 5s
}
cache 30
}
~~~
## Bugs ## Bugs
The TLS config is global for the whole forwarding proxy if you need a different `tls_servername` for The TLS config is global for the whole forwarding proxy if you need a different `tls_servername` for