From: Remi Gacogne Date: Wed, 22 Aug 2018 14:08:10 +0000 (+0200) Subject: dnsdist: Fix DoT docs to clarify we only listen on TCP, not UDP X-Git-Tag: dnsdist-1.3.3~149^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F6870%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Fix DoT docs to clarify we only listen on TCP, not UDP --- diff --git a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst index 7fbfb48d3a..bb201aa309 100644 --- a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst +++ b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst @@ -9,10 +9,10 @@ Adding a listen port for DNS-over-TLS can be done with the :func:`addTLSLocal` f addTLSLocal('192.0.2.55', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key') -This will make :program:`dnsdist` listen on 192.0.2.55:853 on TCP and UDP and will use the provided certificate and key to provide the TLS connection. +This will make :program:`dnsdist` listen on 192.0.2.55:853 on TCP, and will use the provided certificate and key to serve incoming TLS connections. In order to support multiple certificates and keys, for example an ECDSA and an RSA one, the following syntax may be used instead:: addTLSLocal('192.0.2.55', {'/etc/ssl/certs/example.com.rsa.pem', '/etc/ssl/certs/example.com.ecdsa.pem'}, {'/etc/ssl/private/example.com.rsa.key', '/etc/ssl/private/example.com.ecdsa.key'}) -The certificate chain to present will then be selected based on the algorithms advertised by the client. +The certificate chain presented by the server to an incoming client will then be selected based on the algorithms this client advertised support for.