Chapter 1. DNS Operator in Red Hat OpenShift Service on AWS

Procedure

1. Modify the DNS Operator object named default:

   $ oc edit dns.operator/default

   After you issue the previous command, the Operator creates and updates the config map named dns-default with additional server configuration blocks based on spec.servers.

   Important

   When specifying values for the zones parameter, ensure that you only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.

   If none of the servers have a zone that matches the query, then name resolution falls back to the upstream DNS servers.

   Configuring DNS forwarding

   apiVersion: operator.openshift.io/v1
   kind: DNS
   metadata:
     name: default
   spec:
     cache:
       negativeTTL: 0s
       positiveTTL: 0s
     logLevel: Normal
     nodePlacement: {}
     operatorLogLevel: Normal
     servers:
     - name: example-server 1
       zones:
       - example.com 2
       forwardPlugin:
         policy: Random 3
         upstreams: 4
         - 1.1.1.1
         - 2.2.2.2:5353
     upstreamResolvers: 5
       policy: Random 6
       protocolStrategy: ""  7
       transportConfig: {}  8
       upstreams:
       - type: SystemResolvConf 9
       - type: Network
         address: 1.2.3.4 10
         port: 53 11
       status:
         clusterDomain: cluster.local
         clusterIP: x.y.z.10
         conditions:
      ...

   1

   Must comply with the rfc6335 service name syntax.

   2

   Must conform to the definition of a subdomain in the rfc1123 service name syntax. The cluster domain, cluster.local, is an invalid subdomain for the zones field.

   3

   Defines the policy to select upstream resolvers listed in the forwardPlugin. Default value is Random. You can also use the values RoundRobin, and Sequential.

   4

   A maximum of 15 upstreams is allowed per forwardPlugin.

   5

   You can use upstreamResolvers to override the default forwarding policy and forward DNS resolution to the specified DNS resolvers (upstream resolvers) for the default domain. If you do not provide any upstream resolvers, the DNS name queries go to the servers declared in /etc/resolv.conf.

   6

   Determines the order in which upstream servers listed in upstreams are selected for querying. You can specify one of these values: Random, RoundRobin, or Sequential. The default value is Sequential.

   7

   When omitted, the platform chooses a default, normally the protocol of the original client request. Set to TCP to specify that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP.

   8

   Used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.

   9

   You can specify two types of upstreams: SystemResolvConf or Network. SystemResolvConf configures the upstream to use /etc/resolv.conf and Network defines a Networkresolver. You can specify one or both.

   10

   If the specified type is Network, you must provide an IP address. The address field must be a valid IPv4 or IPv6 address.

   11

   If the specified type is Network, you can optionally provide a port. The port field must have a value between 1 and 65535. If you do not specify a port for the upstream, the default port is 853.