Chapter 1. DNS Operator in OpenShift Dedicated

• Specify name servers (spec.servers) for every zone. If the forwarded zone is the ingress domain managed by OpenShift Dedicated, then the upstream name server must be authorized for the domain.

  Important

  You must specify at least one zone. Otherwise, your cluster can lose functionality.

• Provide a list of upstream DNS servers (spec.upstreamResolvers).
• Change the default forwarding policy.

Procedure

• Modify the DNS Operator object named default:

  $ oc edit dns.operator/default

  Copy to Clipboard Toggle word wrap

  After you issue the previous command, the Operator creates and updates the config map named dns-default with additional server configuration blocks based on spec.servers.

  Important

  When specifying values for the zones parameter, ensure that you only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.

  If none of the servers have a zone that matches the query, then name resolution falls back to the upstream DNS servers.

  Configuring DNS forwarding

  apiVersion: operator.openshift.io/v1
  kind: DNS
  metadata:
    name: default
  spec:
    cache:
      negativeTTL: 0s
      positiveTTL: 0s
    logLevel: Normal
    nodePlacement: {}
    operatorLogLevel: Normal
    servers:
    - name: example-server
      zones:
      - example.com
      forwardPlugin:
        policy: Random
        upstreams:
        - 1.1.1.1
        - 2.2.2.2:5353
    upstreamResolvers:
      policy: Random
      protocolStrategy: ""
      transportConfig: {}
      upstreams:
      - type: SystemResolvConf
      - type: Network
        address: 1.2.3.4
        port: 53
      status:
        clusterDomain: cluster.local
        clusterIP: x.y.z.10
        conditions:
  ...

  Copy to Clipboard Toggle word wrap

  where:

  spec.servers.name

  Must comply with the rfc6335 service name syntax.

  spec.servers.zones

  Must conform to the rfc1123 subdomain syntax. The cluster domain cluster.local is invalid for zones.

  spec.servers.forwardPlugin.policy

  Specifies the upstream selection policy. Defaults to Random; allowed values are RoundRobin and Sequential.

  spec.servers.forwardPlugin.upstreams

  Must provide no more than 15 upstreams entries per forwardPlugin.

  spec.upstreamResolvers.upstreams

  Specifies an upstreamResolvers to override the default forwarding policy and forward DNS resolution to the specified DNS resolvers (upstream resolvers) for the default domain. You can use this field when you need custom upstream resolvers; otherwise queries use the servers declared in /etc/resolv.conf.

  spec.upstreamResolvers.policy

  Specifies the upstream selection order. Defaults to Sequential; allowed values are Random, RoundRobin, and Sequential.

  spec.upstreamResolvers.protocolStrategy

  Specify TCP to force the protocol to use for upstream DNS requests, even if the request uses UDP. Valid values are TCP and omitted. When omitted, the platform chooses a default, normally the protocol of the original client request.

  spec.upstreamResolvers.transportConfig

  Specifies the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.

  spec.upstreamResolvers.upstreams.type

  Specifies two types of upstreams: SystemResolvConf or Network. SystemResolvConf configures the upstream to use /etc/resolv.conf and Network defines a Networkresolver. You can specify one or both.

  spec.upstreamResolvers.upstreams.address

  Specifies a valid IPv4 or IPv6 address when type is Network.

  spec.upstreamResolvers.upstreams.port

  Specifies an optional field to provide a port number. Valid values are between 1 and 65535; defaults to 853 when omitted.