I tried to customize the coredns of kubernetes by adding a domain and forwarded it to another server using forward plugin in coredns as below.
Corefile: |
console.chn1s1.pub:53 {
log
errors
cache 30
whoami
forward . 10.94.66.8
reload
}
.:53 {
log
errors
health {
lameduck 5s
}
ready
whoami
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . "/etc/resolv.conf"
cache 30
loop
reload
loadbalance
}
I tried using dig command to resolve as below:
dnstools# dig console.chn1s1.pub
; <<>> DiG 9.11.3 <<>> console.chn1s1.pub
;; global options: cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 17671
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fffd92ca8a1f341b (echoed)
;; QUESTION SECTION:
;console.chn1s1.pub. IN A
;; Query time: 2 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Fri Apr 01 14:05:04 UTC 2022
;; MSG SIZE rcvd: 64
I see in coredns logs it is trying for search options in resolv.conf which means this dns query forwarded to .:53 server block (default one). I have seen the reload completed logs after changing the coredns Corefile.
[INFO] Reloading
[INFO] plugin/health: Going into lameduck mode for 5s
[INFO] 127.0.0.1:39697 - 30224 "HINFO IN 8546588560289937675.1040920946066232789. udp 57 false 512" NXDOMAIN qr,rd,ra 132 0.033646039s
[INFO] plugin/reload: Running configuration MD5 = 704f45a88b35bcfc3d65ab9a4bf70fe8
[INFO] Reloading complete
[INFO] 10.42.1.19:40365 - 28204 "A IN console.chn1s1.pub.default.svc.cluster.local. udp 67 false 512" NXDOMAIN qr,aa,rd 160 0.000288693s
[INFO] 10.42.1.19:56662 - 62228 "A IN console.chn1s1.pub.svc.cluster.local. udp 59 false 512" NXDOMAIN qr,aa,rd 152 0.00016752s
[INFO] 10.42.1.19:44234 - 41058 "A IN console.chn1s1.pub.cluster.local. udp 55 false 512" NXDOMAIN qr,aa,rd 148 0.000163651s
[INFO] 10.42.1.19:53530 - 44256 "A IN console.chn1s1.pub.openstacklocal. udp 56 false 512" NXDOMAIN qr,rd,ra 131 2.024311363s
[INFO] 10.42.1.19:37942 - 4348 "A IN console.chn1s1.pub. udp 41 false 512" FORMERR qr,rd 41 0.001628102s
/etc/resolv.conf
dnstools# cat /etc/resolv.conf
nameserver 10.43.0.10
search default.svc.cluster.local svc.cluster.local cluster.local openstacklocal
options ndots:5
As I am quite new to coredns and kubernetes, it would be really helpful if someone explains why this is trying .:53 server block always and how to make it work. How to debug it further to find the root cause of this issue. Thanks in advance!!!
CodePudding user response:
The request from kubernetes nameserver to my internal nameserver (I used to forward to ) is not reachable. This issue got solved after making my internal nameserver to allow requests from kubernetes nameserver IP.