diff options
author | Guilhem Lettron <guilhem@barpilot.io> | 2019-11-30 03:51:40 +0100 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-12-04 23:24:06 +0900 |
commit | 2e22a54f4e085496088b77085f38b66532da59fb (patch) | |
tree | c3bc6bb24cafaae584504da112beb38d1b946695 /man/resolved.conf.xml | |
parent | b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff) | |
download | systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz |
Implement SNI when using DNS-over-TLS
Some DNS providers need SNI to identify client.
This can be used by adding #name to a DNS.
Example:
[Resolve]
DNS=192.168.1.1#example.com
Diffstat (limited to 'man/resolved.conf.xml')
-rw-r--r-- | man/resolved.conf.xml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 818000145b..0f70ced5b5 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -214,6 +214,9 @@ resolver is not capable of authenticating the server, so it is vulnerable to "man-in-the-middle" attacks.</para> + <para>Server Name Indication (SNI) can be used when opening a TLS connection. + Entries in <varname>DNS=</varname> should be in format <literal>address#server_name</literal>.</para> + <para>In addition to this global DNSOverTLS setting <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> also maintains per-link DNSOverTLS settings. For system DNS |