Chapter 1. DNS Operator in OpenShift Dedicated

• Specify name servers (spec.servers) for every zone. If the forwarded zone is the ingress domain managed by OpenShift Dedicated, then the upstream name server must be authorized for the domain.

  Important

  You must specify at least one zone. Otherwise, your cluster can lose functionality.

• Provide a list of upstream DNS servers (spec.upstreamResolvers).
• Change the default forwarding policy.

Procedure

• Modify the DNS Operator object named default:

  $ oc edit dns.operator/default

  Copy to Clipboard Toggle word wrap

  After you issue the previous command, the Operator creates and updates the config map named dns-default with additional server configuration blocks based on spec.servers.

  Important

  When specifying values for the zones parameter, ensure that you only forward to specific zones, such as your intranet. You must specify at least one zone. Otherwise, your cluster can lose functionality.

  If none of the servers have a zone that matches the query, then name resolution falls back to the upstream DNS servers.

  Configuring DNS forwarding

  apiVersion: operator.openshift.io/v1
  kind: DNS
  metadata:
    name: default
  spec:
    cache:
      negativeTTL: 0s
      positiveTTL: 0s
    logLevel: Normal
    nodePlacement: {}
    operatorLogLevel: Normal
    servers:
    - name: example-server 

  1

  
      zones:
      - example.com 

  2

  
      forwardPlugin:
        policy: Random 

  3

  
        upstreams: 

  4

  
        - 1.1.1.1
        - 2.2.2.2:5353
    upstreamResolvers: 

  5

  
      policy: Random 

  6

  
      protocolStrategy: ""  

  7

  
      transportConfig: {}  

  8

  
      upstreams:
      - type: SystemResolvConf 

  9

  
      - type: Network
        address: 1.2.3.4 

  10

  
        port: 53 

  11

  
      status:
        clusterDomain: cluster.local
        clusterIP: x.y.z.10
        conditions:
  ...

  Copy to Clipboard Toggle word wrap

  1

  Must comply with the rfc6335 service name syntax.

  2

  Must conform to the definition of a subdomain in the rfc1123 service name syntax. The cluster domain, cluster.local, is an invalid subdomain for the zones field.

  3

  Defines the policy to select upstream resolvers listed in the forwardPlugin. Default value is Random. You can also use the values RoundRobin, and Sequential.

  4

  A maximum of 15 upstreams is allowed per forwardPlugin.

  5

  You can use upstreamResolvers to override the default forwarding policy and forward DNS resolution to the specified DNS resolvers (upstream resolvers) for the default domain. If you do not provide any upstream resolvers, the DNS name queries go to the servers declared in /etc/resolv.conf.

  6

  Determines the order in which upstream servers listed in upstreams are selected for querying. You can specify one of these values: Random, RoundRobin, or Sequential. The default value is Sequential.

  7

  When omitted, the platform chooses a default, normally the protocol of the original client request. Set to TCP to specify that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP.

  8

  Used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.

  9

  You can specify two types of upstreams: SystemResolvConf or Network. SystemResolvConf configures the upstream to use /etc/resolv.conf and Network defines a Networkresolver. You can specify one or both.

  10

  If the specified type is Network, you must provide an IP address. The address field must be a valid IPv4 or IPv6 address.

  11

  If the specified type is Network, you can optionally provide a port. The port field must have a value between 1 and 65535. If you do not specify a port for the upstream, the default port is 853.