Merge pull request #722 from bogdando/dnsmasq_armors

Do not forward private domains for upstream resolvers
2026-02-28 09:39:12 +03:00 · 2016-12-20 14:25:17 +01:00
parent ee62c99eb1 101864c050
commit 11380769cd
3 changed files with 21 additions and 5 deletions
--- a/roles/dnsmasq/templates/01-kube-dns.conf.j2
+++ b/roles/dnsmasq/templates/01-kube-dns.conf.j2
@@ -7,6 +7,8 @@ addn-hosts=/etc/hosts
 strict-order
 # Forward k8s domain to kube-dns
 server=/{{ dns_domain }}/{{ skydns_server }}
+# Reply NXDOMAIN to private/internal domains requests
+local=/internal./local./lc./{{ private_domains }}

 #Set upstream dns servers
 {% if upstream_dns_servers is defined %}
@@ -17,7 +19,7 @@ server={{ srv }}
 server={{ default_resolver }}
 {% endif %}

-{% if kube_log_level == 4 %}
+{% if kube_log_level == '4' %}
 log-queries
 {% endif %}
 bogus-priv
--- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
@@ -78,8 +78,16 @@ spec:
        - --log-facility=-
        - --cache-size=1000
        - --no-resolv
-        - --server=127.0.0.1#10053
-{% if kube_log_level == 4 %}
+        - --server=/{{ dns_domain }}/127.0.0.1#10053
+        - --local=/internal./local./lc./{{ private_domains }}
+{% if upstream_dns_servers is defined %}
+{% for srv in upstream_dns_servers %}
+        - --server={{ srv }}
+{% endfor %}
+{% else %}
+        - --server={{ default_resolver }}
+{% endif %}
+{% if kube_log_level == '4' %}
        - --log-queries
 {% endif %}
        ports: