2026-01-28 22:29:11 +00:00
1 changed files with 16 additions and 11 deletions
--- a/CONFIGURATION_GRAMMAR.md
+++ b/CONFIGURATION_GRAMMAR.md
@@ -458,6 +458,7 @@ options:
    - <address>
    - address: <address>
      port: <port>
+      tls: <tls_name>
  
  # DNSSEC
  dnssec_enable: <bool>                 # DEPRECATED in 9.15+
@@ -593,7 +594,8 @@ options:
    
    forwarders:
      - 1.1.1.1
-      - 8.8.8.8
+      - address: 8.8.8.8
+        tls: dot-tls
    
    dnssec_validation: auto
    
@@ -917,6 +919,7 @@ zones:
      - <address>
      - address: <address>
        port: <port>
+        tls: <tls_name>
    
    # DNSSEC
    dnssec_policy: <policy_name>  # DNSSEC policy to use
@@ -1017,7 +1020,8 @@ zones:
      forward: only
      forwarders:
        - 10.0.0.1
-        - 10.0.0.2
+        - address: 10.0.0.2
+          tls: internal-tls
 ```

 ---
@@ -1079,9 +1083,9 @@ addresses:
  - 10.0.0.0/8
 ```

-### Address with Port/DSCP
+### Address with Port/TLS

-For options accepting `address [port X] [dscp Y]`:
+For options accepting `address [port X] [tls Y]` (e.g., `forwarders`):

 ```yaml
 # Simple list
@@ -1089,27 +1093,28 @@ forwarders:
  - 1.1.1.1
  - 8.8.8.8

-# With source port/dscp
+# With global port/tls
 forwarders:
-  port: 5353
-  dscp: 46
+  port: 853
+  tls: dot-tls
  addresses:
    - 1.1.1.1
    - 8.8.8.8

-# Per-address port/dscp
+# Per-address port/tls
 forwarders:
  - address: 1.1.1.1
    port: 53
  - address: 8.8.8.8
-    port: 5353
-    dscp: 46
+    port: 853
+    tls: cloudflare-tls

 # Mixed format
 forwarders:
  - 1.1.1.1
  - address: 8.8.8.8
-    port: 5353
+    port: 853
+    tls: dot-tls
 ```

 ### Address with Key/TLS