Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to override CoreDNS forward? #10951

Closed
mreiche opened this issue Sep 26, 2024 · 2 comments
Closed

How to override CoreDNS forward? #10951

mreiche opened this issue Sep 26, 2024 · 2 comments

Comments

@mreiche
Copy link

mreiche commented Sep 26, 2024
edited
Loading

Hi. I'm having trouble using my private DNS for coredns as described here: #7822

My host's /etc/resolv.conf contains only one nameserver

nameserver <My-Private-DNS-Server>

DNS resolving on the host works fine but not in CoreDNS.

What I tried:

Create a custom-dns configmap (not working)

forward.override: |
    forward . <My-Private-DNS-Server>

Using resolv.conf (not working)

forward.override: |
    forward . /etc/resolv.conf {
      policy sequential
    }

Hacking the coredns ConfigMap

What works is the following in Corefile:

forward . <My-Private-DNS-Server>

But I don't want to override /var/lib/rancher/k3s/server/manifests/coredns.yaml or coredns ConfigMap.

Creating an own zone

What also works is creating a custom zone.

  custom.server: |
    example.com {
      forward . <My-Private-DNS-Server>
    }

But I don't want to create a specified zone but using the forward for all requests not known to the cluster. I want either to add coredns-custom to override the default forward or get coredns using the host's DNS (/etc/resolv.conf)

References:
@mreiche mreiche changed the title How to override CoreDNS forward How to override CoreDNS forward? Sep 26, 2024
@mreiche mreiche mentioned this issue Sep 26, 2024
Closed
@zalmane
Copy link

zalmane commented Sep 26, 2024

The issue stems from the fact that a local resolver would only listen on 127.0.0.1, so even if we were to "forward" to the node IP, it would get rejected, unless the local resolver would listen on 0.0.0.0. We may be able to get around it by using iptables to route these requests. Especially in single-node installs, it would be great to resolve it generically.

@brandond
Copy link
Member

brandond commented Sep 30, 2024
edited
Loading

You can't use a local resolver on 127.0.0.1 within containers, as each pod has its own loopback address within the pod's network namespace - it will not reach the host's loopback interface.

You should give your local resolver an actual IP on your network, and either put that in the host's resolv.conf, or create another resolv.conf with the preferred configuration, and point k3s at that file with the --resolv-conf flag.

@github-project-automation github-project-automation bot moved this from New to Done Issue in K3s Development Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
K3s Development
Status: Done Issue
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandond @mreiche @zalmane