From f10d1327d4fb3d0553b55ac7bf4f2e2250297c2d Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 21 Dec 2016 15:24:17 +0100 Subject: [PATCH] Revert "Do not forward private domains for upstream resolvers" --- docs/dns-stack.md | 10 ++-------- roles/dnsmasq/templates/01-kube-dns.conf.j2 | 4 +--- .../kubernetes-apps/ansible/templates/kubedns-rc.yml | 12 ++---------- 3 files changed, 5 insertions(+), 21 deletions(-) diff --git a/docs/dns-stack.md b/docs/dns-stack.md index 09609f602..808b8aae4 100644 --- a/docs/dns-stack.md +++ b/docs/dns-stack.md @@ -51,13 +51,6 @@ aforementioned vars: * Resolvconf's head/base files are disabled from populating anything into the `/etc/resolv.conf`. -It is important to note that multiple search domains combined with high ``ndots`` -values lead to poor performance of DNS stack, so please choose it wisely. -The dnsmasq DaemonSet can accept lower ``ndots`` values and return NXDOMAIN -replies for [bogus internal FQDNS](https://github.com/kubernetes/kubernetes/issues/19634#issuecomment-253948954) -before it even hits the kubedns app. This enables dnsmasq to serve as a -protective, but still recursive resolver in front of kubedns. - DNS configuration details ------------------------- @@ -113,7 +106,8 @@ Limitations [no way to specify a custom value](https://github.com/kubernetes/kubernetes/issues/33554) for the SkyDNS ``ndots`` param via an [option for KubeDNS](https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-dns/app/options/options.go) - add-on, while SkyDNS supports it though. + add-on, while SkyDNS supports it though. Thus, DNS SRV records may not work + as expected as they require the ``ndots:7``. * the ``searchdomains`` have a limitation of a 6 names and 256 chars length. Due to default ``svc, default.svc`` subdomains, the actual diff --git a/roles/dnsmasq/templates/01-kube-dns.conf.j2 b/roles/dnsmasq/templates/01-kube-dns.conf.j2 index dff91564d..562b4bbcc 100644 --- a/roles/dnsmasq/templates/01-kube-dns.conf.j2 +++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2 @@ -7,8 +7,6 @@ addn-hosts=/etc/hosts strict-order # Forward k8s domain to kube-dns server=/{{ dns_domain }}/{{ skydns_server }} -# Reply NXDOMAIN to private/internal domains requests -local=/internal./local./lc./{{ private_domains }} #Set upstream dns servers {% if upstream_dns_servers is defined %} @@ -19,7 +17,7 @@ server={{ srv }} server={{ default_resolver }} {% endif %} -{% if kube_log_level == '4' %} +{% if kube_log_level == 4 %} log-queries {% endif %} bogus-priv diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml index 0e54d3bb7..a7392cc87 100644 --- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml +++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml @@ -78,16 +78,8 @@ spec: - --log-facility=- - --cache-size=1000 - --no-resolv - - --server=/{{ dns_domain }}/127.0.0.1#10053 - - --local=/internal./local./lc./{{ private_domains }} -{% if upstream_dns_servers is defined %} -{% for srv in upstream_dns_servers %} - - --server={{ srv }} -{% endfor %} -{% else %} - - --server={{ default_resolver }} -{% endif %} -{% if kube_log_level == '4' %} + - --server=127.0.0.1#10053 +{% if kube_log_level == 4 %} - --log-queries {% endif %} ports: