CoreDNS do not respect local DNS

Question

I am running a k3s cluster on some raspberry pi 4, in my local network. I have a DNS server (dnsmasq) on the master nodes. I want that the pods of my cluster use that DNS server, via coredns. However when I ping an adress from within a pod I always pass via the google DNS servers and overpass my local DNS rules.

apiVersion: v1
kind: ConfigMap
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        hosts /etc/coredns/NodeHosts {
          reload 1s
          fallthrough
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }

this is my coredns config. As you see there is the forward . /etc/resolv.conf

my /etc/resolv.conf

domain home
nameserver 127.0.0.1

Any suggestions ?

Where is this file /etc/resolv.conf from? Pod or host? – aniucum Sep 27 '20 at 06:44 — aniucum, Sep 27 '20 at 06:44

score 4 · Answer 1 · answered Sep 29 '20 at 21:01

thanks guys I change my coredns to

kind: ConfigMap
metadata:
  annotations:
  name: coredns
  namespace: kube-system
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        hosts /etc/coredns/NodeHosts {
          reload 1s
          fallthrough
        }
        prometheus :9153
        forward . <master node ip>
        cache 30
        loop
        reload
        loadbalance
    }
  NodeHosts: |
    <master node ip> master
    <slave node ip> slave

and it worked !

sfb103 · Answer 2 · 2020-09-27T06:15:56.933

1

You might try just forwarding to the Master node's real IP where your DNS server is running. This would be the IP that can be utilized by the other nodes in the cluster. So rather than /etc/resolv.conf, it would be something like:

forward . <master node ip>

edited Sep 27 '20 at 06:15

answered Sep 27 '20 at 06:10

sfb103

264
1
7

score 1 · Answer 3 · answered Sep 28 '20 at 10:33

CoreDNS official doc says that:

In its most basic form, a simple forwarder uses this syntax:

forward FROM TO...

FROM is the base domain to match for the request to be forwarded.

TO… are the destination endpoints to forward to. The TO syntax allows you to specify a protocol, tls://9.9.9.9 or dns:// (or no protocol) for plain DNS. The number of upstreams is limited to 15.

Somehow instead of destination endpoints which are capable of performing DNS resolution, you are forwarding to the localhosts /etc/resolv.conf (which is a valid approach), where you have loop IP.

If you really need DNS requests to be processed not by CoreDNS Pod but by DNSMasq on the Host Node , the easiet way would be to forward them to Node's IP.

If i forward the master node ip, would it be still possible to use the internal kubernetes dns ? Like would it be still possible to ping service.namespace from a pods ? — samsja, Sep 29 '20 at 18:58

CoreDNS do not respect local DNS

3 Answers3