Using unbound for private DNS resolution in kubernetes

$ kubectl get svc kube-dns -n kube-system
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns 10.3.240.10 <none> 53/UDP,53/TCP 153d
$ kubectl exec some-pod — cat /etc/resolv.conf
nameserver 10.3.240.10
search default.svc.cluster.local svc.cluster.local cluster.local options ndots:5
apiVersion: v1
data:
stubDomains: |
{“myzone.net”: [“10.3.253.199”]}

kind: ConfigMap
metadata:
creationTimestamp: 2017–05–05T19:46:59Z
labels:
addonmanager.kubernetes.io/mode: EnsureExists
name: kube-dns
namespace: kube-system
resourceVersion: “14031511”
selfLink: /api/v1/namespaces/kube-system/configmaps/kube-dns
uid: 9a32e0d4–31cb-11e7-a0b1–42010a800246

To get kube-dns to forward to a specific upstream for a private DNS zone we can edit its configmap

forwardZones:
- name: "fake.net"
forwardHosts:
- "fake1.host.net"
- "fake2.host.net"
- name: "stillfake.net"
forwardIps:
- "10.10.10.10"
- "10.11.10.10"
$ gcloud container clusters describe clustername
clusterIpv4Cidr: 10.0.0.0/14
make apply release \
VALUES=yourzones.yaml \
CLUSTER_IP4_CIDR=10.0.0.0/14
$ kubectl get configmap kube-dns -n kube-system -oyaml > config.yaml
$ kubectl get svc | grep kunbound | awk '{print $2}'
data:
stubDomains: |
{“myzone.net”: [“10.3.200.190”]}
kubectl apply -f config.yaml

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store