Custom Wildcard Domain for CoreDNS

Zhimin Wen
3 min readDec 4, 2023
Image by KTC Services from Pixabay

I normally forward the CoreDNS to an external DNS server for some custom wildcard domain requirement. This is achieved by adding the following forward plugin into the coredns config map,

apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
apps.k3s.io.cpak:53 {
errors
cache 30
forward . 192.168.10.79
reload
}
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
import /etc/coredns/custom/*.server

But the precondition is that the UDP traffic is allowed from the cluster nodes to the custom DNS server.

I have a K3S cluster where the UDP traffic between the nodes are not allowed. To overcome this, let’s explore the built-in custom “file” plugin support of CoreDNS.

RFC1035 Style File

Create a following text file,

$ORIGIN {{ .domain }}.
$TTL 60
@ IN SOA ns1.{{ .domain }}. hostmaster.{{ .domain }}. (
2023120101 ; serial
60 ; refresh (1 minute)
15 ; retry (15 seconds)
604800 ; expire (1 week)
60 ; minimum TTL (1 minute)
)
@ IN A {{ .lbIp }}
* IN CNAME @

The {{ .domain }} is the custom domain, for an example, apps.tzone.apic.io. The {{ .lbIp }} is to replaced with the IP address to be resolved to.

$ORIGIN {{ .domain }}.: Sets the origin for the zone, meaning that all unqualified domain names (those without a trailing dot) in this zone will be relative to the domain.

$TTL 60: Sets the default Time-to-Live (TTL) for all resource records in the zone to 60 seconds.

@ IN SOA ns1.{{ .domain }}. hostmaster.{{ .domain }}. ( … ): This is the Start of Authority (SOA) record. It contains information about the domain and the zone.

The character @ is the shorthand representation for the domain itself. “IN” stands for Internet.

--

--