Skip to content

How to override DNS results served by CoreDNS

This document (000020117) is provided subject to the disclaimer at the end of this document.

Situation

Task

By default, DNS requests for pods using CoreDNS will be made directly to the upstream nameservers configured in /etc/resolv.conf on the node.

At times, it may not be possible to easily update records on the upstream nameservers, or specific records for the cluster may be needed. In these cases it's useful to override the results that CoreDNS will serve pods.

Pre-requisites

These steps should work for any cluster running CoreDNS where the coredns ConfigMap is used.

Steps

There are two approaches to achieve this, please read through both to understand which is best for your environment.

Both approaches require editting the coredns ConfigMap, specifically the Corefile key. This can be done in the UI by clicking View/Edit YAML, Edit, or on the command line with kubectl.

Along with these options, both plugins covered provide other features, like adjusting the TTL for records, see the documentation links for more information.

Rewrite

The rewrite plugin will perform a rewritten query to the upstream nameserver, and respond to the query with the results. The outcome would be similar to configuring a CNAME for the domain.

data:
  Corefile: |
    .:53 {
        [...]
        rewrite name archive.ubuntu.com internal-mirror.ubuntu.local
    }

In this example, pods configured with the default Ubuntu mirror are now resolving to the internal mirror without any custom configuration.

The benefit of this approach is that the upstream nameserver remains the source of truth for the results.

Hosts

The hosts plugin provides the ability to define a list of IPs and domains in the form of /etc/hosts to respond as query results.

data:
  Corefile: |
    .:53 {
        [...]
        hosts {
          10.0.0.1 archive.ubuntu.com
          10.0.0.2 testing.com
          fallthrough
        }
    }

A similar example, the internal IPs listed are provided as results.

A downside to this approach is that the ConfigMap becomes a source of truth for these results, if changes in the environment are not reflected these entries could become stale. However, it does provide the most flexibility without needing to depend on any upstream nameserver to serve results.

Persist the changes

In an RKE or Rancher environment, during cluster or addon upgrades, it's possible that changes to the coredns ConfigMap are updated to use the provided version.

To persist the changes made to the ConfigMap, add the changes as a user-defined addon. The steps to do this are documented under How To Update CoreDNS's Resolver Policy article.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.