Home > Net >  How to configure coredns Corefile similar to unbound configurations?
How to configure coredns Corefile similar to unbound configurations?

Time:03-31

Is there a possibility to configure all the unbound configurations listed here https://linux.die.net/man/5/unbound.conf similarly in kubernetes coredns 'Corefile' configuration like this https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/. Only few options are listed in https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/. I am looking for the below server options in unbound conf to be done on kubernetes Corefile coredns configmap.

  1. do-ip6
  2. verbosity
  3. outgoing-port-avoid, outgoing-port-permit
  4. domain-insecure
  5. access-control
  6. local-zone

Example unbound conf which I am looking to do as same in kubernetes Corefile configuration:

server:  
 do-ip6: yes  
 root-hints: /etc/unbound/named.cache  
 verbosity: 1  
 outgoing-port-avoid: 0-32767  
 outgoing-port-permit: 32768-65535   
 domain-insecure: "pub"  
 access-control: 0.0.0.0/0 refuse  
 local-zone: 10.in-addr.arpa nodefault  
 local-zone: 16.172.in-addr.arpa nodefault

I need to do above unbound conf similarly in kubernetes Corefile configuration. As I am new to kubernetes coredns, I am not sure whether these configurations are possible in Coredns. Can someone direct me how to do that? Also I am looking for steps on how to configure this in Corefile configmap using helm. It would be really helpful if I get some information on this. Thanks in advance!!!

CodePudding user response:

CoreDNS supports some requested features via plugins:

  • do-ip6 - CoreDNS works with ipv6 by default (if cluster is dual-stack)
  • verbosity - log plugin will show more details about queries, it can have different format and what it shows (success, denial, errors, everything)
  • outgoing-port-avoid, outgoing-port-permit - did not find any support of this
  • domain-insecure - please check if dnssec can help (It looks similar to what unbound has, but I'm not really familiar with it).
  • access-control - acl plugin does it.
  • local-zone - local plugin can be tried for this purpose, it doesn't have lots of options though.

Bonus point:

  • CoreDNS config's change - reload allows automatic reload of a changed Corefile.

All mentioned above plugins have syntax and examples on their pages.

Page link:https//www.codepudding.com/net/355324.html

Prev:Ajax POST Request to Flask Application
Next:Can a dash app be filtered via URL like Power BI
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding