docs: add a note for DNS resolver recommendations (#21250)

* add a warning to DNS resolver configurations * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Update website/content/docs/services/discovery/dns-configuration.mdx Co-authored-by: Blake Covarrubias <blake@covarrubi.as> * add references todo --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2025-01-22 03:29:43 +00:00 · 2024-06-04 17:30:53 -04:00 · 2024-06-04 17:30:53 -04:00 · cb7ae646da
commit cb7ae646da
parent d3ad840d8c
1 changed files with 3 additions and 1 deletions
--- a/website/content/docs/services/discovery/dns-configuration.mdx
+++ b/website/content/docs/services/discovery/dns-configuration.mdx
@ -33,6 +33,8 @@ You can specify a list of addresses in the agent's [`recursors`](/consul/docs/ag

 Nodes that query records outside the `consul.` domain resolve to an upstream DNS. You can specify IP addresses or use `go-sockaddr` templates. Consul resolves IP addresses in the specified order and ignores duplicates.

+We recommend that you configure DNS resolvers to point the `consul.` domain towards your Consul DNS servers. Misconfigurations may cause other DNS infrastructure to route queries for the `consul.` domain outside of your network instead, leaking DNS queries to root DNS servers. Refer to [Forward DNS for Consul Service Discovery](/consul/tutorials/networking/dns-forwarding) for instructions.
+
 ### Enable non-Consul queries
 You enable non-Consul queries to be resolved by setting Consul as the DNS server for a node and providing a [`recursors`](/consul/docs/agent/config/config-files#recursors) configuration.