Gardener

Appearance

Unifying DNS Behavior: Custom CoreDNS Configurations Now Supported in node-local-dns

Gardener is committed to making node-local-dns a standard feature across all shoot clusters to enhance DNS performance and reliability. A recent enhancement ensures that enabling this feature is a seamless experience, even for clusters with specialized DNS configurations. Gardener now supports applying custom CoreDNS rules directly within node-local-dns.

The Challenge: Inconsistent DNS Resolution

Previously, enabling node-local-dns could alter the expected DNS resolution behavior for operators who defined custom rules in the coredns-custom ConfigMap. The node-local-dns agent, which acts as a DNS cache on each node, is designed to forward requests to either the in-cluster CoreDNS or directly to upstream DNS servers.

This created a problem: if a user configured a custom rule (for example, to rewrite an external domain to a cluster-internal service), node-local-dns might forward the request directly to an upstream server, bypassing the main CoreDNS and ignoring the custom rule. This resulted in failed requests and inconsistent behavior compared to clusters without node-local-dns.

The Solution: Applying Custom Rules to the Node Cache

To address the inconsistency, Gardener now automatically mounts the coredns-custom ConfigMap into the node-local-dns pods. The Corefile for node-local-dns has been updated to include any custom server blocks (generated-config/custom-server-block.server) or override rules (custom/*.override) specified in this ConfigMap. To get the correct server blocks, a sidecar container is added to the node-local-dns pods. This sidecar reads the server blocks from the coredns-custom ConfigMap and generates a new configuration file with the appropriate bind statement and port mappings. This newly generated configuration file is then imported into the node-local-dns pods.

This change ensures that the same custom DNS logic is applied at the node-level cache, before any requests are forwarded. As a result, DNS resolution remains consistent whether node-local-dns is active or not, and the previous workaround of forcing all requests through the central CoreDNS is no longer necessary.

Further Information

For a more detailed look at the implementation, you can review the pull request on GitHub. To see a demonstration of this feature, you can watch the relevant segment from our recent community meeting.

EU and German government funding logos

Funded by the European Union – NextGenerationEU.

The views and opinions expressed are solely those of the author(s) and do not necessarily reflect the views of the European Union or the European Commission. Neither the European Union nor the European Commission can be held responsible for them.

Copyright © Linux Foundation Europe.

Unifying DNS Behavior: Custom CoreDNS Configurations Now Supported in node-local-dns | Gardener is a project of NeoNephos Foundation. For applicable policies including privacy policy, terms of use and trademark usage guidelines, please see https://linuxfoundation.eu. Linux is a registered trademark of Linus Torvalds.
Terms of Use|Privacy Statement|Legal Disclosure