mirror.MikroTik/eworm-de.routeros-scripts_main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-06-21 02:05:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc/netwatch-dns: warn on different certificate...

Browse source 
... based on indicated server name.

Currently this is true for 8.8.8.8 (GTS Root R1) and dns.google (GTS Root R4).
This commit is contained in:
Christian Hesse 2025-02-05 09:55:41 +01:00
parent 27c92b4382
commit 84ba3a463a
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
doc/netwatch-dns.md
View file

@ -66,6 +66,10 @@ Importing a certificate automatically is possible. You may want to find the
/tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9;
/tool/netwatch/add comment="doh, doh-cert=GTS Root R1" host=8.8.8.8; /tool/netwatch/add comment="doh, doh-cert=GTS Root R1" host=8.8.8.8;
> ⚠️ **Warning**: Combining these techniques can cause some confusion and
> troubles! Chances are that a service uses different certificates based
> on indicated server name.
Sometimes using just one specific (possibly internal) DNS server may be Sometimes using just one specific (possibly internal) DNS server may be
desired, with fallback in case it fails. This is possible as well: desired, with fallback in case it fails. This is possible as well: