Implement SNI when using DNS-over-TLS

Some DNS providers need SNI to identify client. This can be used by adding #name to a DNS. Example: [Resolve] DNS=192.168.1.1#example.com
author: Guilhem Lettron <guilhem@barpilot.io> 2019-11-30 03:51:40 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2019-12-04 23:24:06 +0900
commit: 2e22a54f4e085496088b77085f38b66532da59fb (patch)
tree: c3bc6bb24cafaae584504da112beb38d1b946695 /man/resolved.conf.xml
parent: b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff)
download: systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 818000145b..0f70ced5b5 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -214,6 +214,9 @@
         resolver is not capable of authenticating the server, so it is
         vulnerable to "man-in-the-middle" attacks.</para>
 
+        <para>Server Name Indication (SNI) can be used when opening a TLS connection.
+        Entries in <varname>DNS=</varname> should be in format <literal>address#server_name</literal>.</para>
+
         <para>In addition to this global DNSOverTLS setting
         <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         also maintains per-link DNSOverTLS settings. For system DNS
author	Guilhem Lettron <guilhem@barpilot.io>	2019-11-30 03:51:40 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2019-12-04 23:24:06 +0900
commit	2e22a54f4e085496088b77085f38b66532da59fb (patch)
tree	c3bc6bb24cafaae584504da112beb38d1b946695 /man/resolved.conf.xml
parent	b7aa08ca15d0080bfbdc8820b8b9b617b550a0e0 (diff)
download	systemd-2e22a54f4e085496088b77085f38b66532da59fb.tar.gz