Home > Enterprise >  Coredns is not forwarding the domains to external dns
Coredns is not forwarding the domains to external dns

Time:04-07

I tried to customize the coredns of kubernetes by adding a domain and forwarded it to another server using forward plugin in coredns as below.

Corefile: |
    console.chn1s1.pub:53 {
      log
      errors
      cache 30
      whoami
      forward . 10.94.66.8
      reload
    }
    .:53 {
      log
      errors
      health {
        lameduck 5s
      }
      ready
      whoami
      kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
      }
      prometheus :9153
      forward . "/etc/resolv.conf"
      cache 30
      loop
      reload
      loadbalance
    }

I tried using dig command to resolve as below:

dnstools# dig console.chn1s1.pub

; <<>> DiG 9.11.3 <<>> console.chn1s1.pub
;; global options:  cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 17671
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: fffd92ca8a1f341b (echoed)
;; QUESTION SECTION:
;console.chn1s1.pub.       IN      A

;; Query time: 2 msec
;; SERVER: 10.43.0.10#53(10.43.0.10)
;; WHEN: Fri Apr 01 14:05:04 UTC 2022
;; MSG SIZE  rcvd: 64

I see in coredns logs it is trying for search options in resolv.conf which means this dns query forwarded to .:53 server block (default one). I have seen the reload completed logs after changing the coredns Corefile.

[INFO] Reloading
[INFO] plugin/health: Going into lameduck mode for 5s
[INFO] 127.0.0.1:39697 - 30224 "HINFO IN 8546588560289937675.1040920946066232789. udp 57 false 512" NXDOMAIN qr,rd,ra 132 0.033646039s
[INFO] plugin/reload: Running configuration MD5 = 704f45a88b35bcfc3d65ab9a4bf70fe8
[INFO] Reloading complete

[INFO] 10.42.1.19:40365 - 28204 "A IN console.chn1s1.pub.default.svc.cluster.local. udp 67 false 512" NXDOMAIN qr,aa,rd 160 0.000288693s
[INFO] 10.42.1.19:56662 - 62228 "A IN console.chn1s1.pub.svc.cluster.local. udp 59 false 512" NXDOMAIN qr,aa,rd 152 0.00016752s
[INFO] 10.42.1.19:44234 - 41058 "A IN console.chn1s1.pub.cluster.local. udp 55 false 512" NXDOMAIN qr,aa,rd 148 0.000163651s
[INFO] 10.42.1.19:53530 - 44256 "A IN console.chn1s1.pub.openstacklocal. udp 56 false 512" NXDOMAIN qr,rd,ra 131 2.024311363s
[INFO] 10.42.1.19:37942 - 4348 "A IN console.chn1s1.pub. udp 41 false 512" FORMERR qr,rd 41 0.001628102s

/etc/resolv.conf

dnstools# cat /etc/resolv.conf
nameserver 10.43.0.10
search default.svc.cluster.local svc.cluster.local cluster.local openstacklocal
options ndots:5

As I am quite new to coredns and kubernetes, it would be really helpful if someone explains why this is trying .:53 server block always and how to make it work. How to debug it further to find the root cause of this issue. Thanks in advance!!!

CodePudding user response:

The request from kubernetes nameserver to my internal nameserver (I used to forward to ) is not reachable. This issue got solved after making my internal nameserver to allow requests from kubernetes nameserver IP.

  • Related