How to override CoreDNS forward?

[mreiche]

Hi. I'm having trouble using my private DNS for coredns as described here: #7822

My host's /etc/resolv.conf contains only one nameserver

nameserver <My-Private-DNS-Server>

DNS resolving on the host works fine but not in CoreDNS.

What I tried:

Create a custom-dns configmap (not working)

forward.override: |
    forward . <My-Private-DNS-Server>

Using resolv.conf (not working)

forward.override: |
    forward . /etc/resolv.conf {
      policy sequential
    }

Hacking the coredns ConfigMap

What works is the following in Corefile:

forward . <My-Private-DNS-Server>

But I don't want to override /var/lib/rancher/k3s/server/manifests/coredns.yaml or coredns ConfigMap.

Creating an own zone

What also works is creating a custom zone.

  custom.server: |
    example.com {
      forward . <My-Private-DNS-Server>
    }

But I don't want to create a specified zone but using the forward for all requests not known to the cluster. I want either to add coredns-custom to override the default forward or get coredns using the host's DNS (/etc/resolv.conf)

References:

• How to use a private DNS with k3s #7822
• [FEATURE] Allow CoreDNS extension with custom configuration k3d-io/k3d#816
• More extensibility to CoreDNS configmap #462

[zalmane]

The issue stems from the fact that a local resolver would only listen on 127.0.0.1, so even if we were to "forward" to the node IP, it would get rejected, unless the local resolver would listen on 0.0.0.0. We may be able to get around it by using iptables to route these requests. Especially in single-node installs, it would be great to resolve it generically.