1. 技术文章
  2. CoreDNS suffix rewrite causes DNS queries to return the rewritten name

CoreDNS suffix rewrite causes DNS queries to return the rewritten name

…衆ロ難τιáo~ 提交于 2020-06-01 05:31:22

问题


I have a Kubernetes 1.13.1 cluster with CoreDNS and a number of services running in the default namespace that I'd like to be reachable via <servicename>.nsc in addition to the default <servicename>.default.svc.cluster.local.

The first thing I've tried was manually rewriting each service, like this:

rewrite name gitea.nsc gitea.default.svc.cluster.local

Running nslookup gitea.nsc returns the expected output:

Server:     10.245.0.10
Address:    10.245.0.10#53

Name:   gitea.nsc
Address: 10.245.64.203

I can curl it, all is fine.

But then I tried abstracting this somewhat, as manually adding a line for each service is tedious.

I ended up with this:

rewrite name suffix .nsc .default.svc.cluster.local

But now, curling suddenly fails. nslookup gives a possible clue as to why:

Server:     10.245.0.10
Address:    10.245.0.10#53

Name:   gitea.default.svc.cluster.local
Address: 10.245.64.203

Now the name in the response contains the rewritten host, not the original input. My guess is that this throws off ping, curl, wget.

My Corefile currently looks like this:

.:53 {
        errors
        health
        rewrite name git.nsc gitea.default.svc.cluster.local
        rewrite name suffix .nsc .default.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        proxy . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }

Everything apart from the two rewrite lines is autogenerated by my hosting provider. I'm using git.nsc in one case so I can have both rewrites in the Corefile simultaneously while I'm debugging this.

I'm puzzled. How do I get CoreDNS to rewrite <servicename>.nsc, yet not return the rewritten host in its response?


回答1:


Turns out the answer is right in the rewrite plugin Readme. Summarizing:

As it turns out, exact rewrites like my git.nsc rewrite above get the response rewritten for free, the default is to return the rewritten host. For other types like regex or suffix, you have to do that explicitly. This is only possible for regex rewrites, so suffix rewrites need to be rewritten to regex rewrites first.

The following snippet works for me:

rewrite stop {
    name regex (.*)\.nsc {1}.default.svc.cluster.local
    answer name (.*)\.default\.svc\.cluster\.local {1}.nsc
}

The answer name part is basically the name regex part in reverse.



来源:https://stackoverflow.com/questions/54509142/coredns-suffix-rewrite-causes-dns-queries-to-return-the-rewritten-name

标签
Kubernetes
CoreDNS
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!