doc: document TLS_FORWARD issues with some public DNS providers

author Tomas Krizek <tomas.krizek@nic.cz>

Wed, 10 Jul 2019 08:50:42 +0000 (10:50 +0200)

committer Tomas Krizek <tomas.krizek@nic.cz>

Wed, 10 Jul 2019 12:11:48 +0000 (14:11 +0200)
author Tomas Krizek <tomas.krizek@nic.cz>
Wed, 10 Jul 2019 08:50:42 +0000 (10:50 +0200)
committer Tomas Krizek <tomas.krizek@nic.cz>
Wed, 10 Jul 2019 12:11:48 +0000 (14:11 +0200)
diff --git a/modules/policy/README.rst b/modules/policy/README.rst

index b48e1d25d45a2dccdd2a64f5461fbbb1df0e96f9..72d8dfc9ddd0f018caecd5e2baa295ae2650fa53 100644 (file)
--- a/modules/policy/README.rst
+++ b/modules/policy/README.rst
@@ -79,6 +79,12 @@ Queries affected by `TLS_FORWARD` policy will always be resolved over TLS connec
  
  To test this feature you need to either :ref:`configure Knot Resolver as DNS-over-TLS server <tls-server-config>`, or pick some public DNS-over-TLS server. Please see `DNS Privacy Project`_ homepage for list of public servers.
  
+.. note:: Some public DNS-over-TLS providers may apply rate-limiting which
+   makes their service incompatible with Knot Resolver's TLS forwarding.
+   Notably, `Google Public DNS
+   <https://developers.google.com/speed/public-dns/docs/dns-over-tls>`_ doesn't
+   work as of 2019-07-10.
+
  When multiple servers are specified, the one with the lowest round-trip time is used.
  
  CA+hostname authentication
author	Tomas Krizek <tomas.krizek@nic.cz>
	Wed, 10 Jul 2019 08:50:42 +0000 (10:50 +0200)
committer	Tomas Krizek <tomas.krizek@nic.cz>
	Wed, 10 Jul 2019 12:11:48 +0000 (14:11 +0200)