Merge pull request #5223 from hashicorp/backport/jbrandhorst-clarify-…

…upstream-dns-servers-use/apparently-measured-hen This pull request was automerged via backport-assistant
hashicorp · Oct 30, 2024 · 16258f4 · 16258f4
2 parents 20b1a44 + 1003b9f
commit 16258f4
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/website/content/docs/api-clients/client-agent.mdx b/website/content/docs/api-clients/client-agent.mdx
@@ -534,12 +534,24 @@ To configure the DNS server(s) to use, use the `override_upstream_dns_servers` c
 # The DNS servers must be specified as an IP, or an IP:Port.
 # If no port is provided, port 53 is assumed.
 # The order of the entries specifies the priority.
+# We recommended providing both the VPN DNS servers
+# and the default DNS servers, so that DNS requests can
+# be resolved even when the VPN is not active.
 override_upstream_dns_servers = [
-   "8.8.8.8",
-   "8.8.4.4:53",
+   "10.0.0.1", # Example primary VPN DNS server
+   "10.0.0.2", # Example secondary VPN DNS server
+   "8.8.8.8",  # Fallback default DNS server
+   "8.8.4.4:53", # Fallback default DNS server with a custom port
 ]
 ```
 
+<Note>
+
+The `override_upstream_dns_servers` is used for all non-Boundary DNS requests.
+If you only provide the VPN DNS servers, the Client Agent will not be able to resolve any DNS requests when the VPN is not active.
+
+</Note>
+
 #### Primary network interfaces
 
 By default, the Client Agent creates IPs on the primary network interface to serve its DNS server.