Re: openshift dns as delegated domain

Hi Javier.

am Montag, 05. Juni 2017 um 14:06 schrieben Sie:

>> De: Aleksandar Lazic [mailto:aleks me2digital eu]
>> >
>> > I would like to convert the skydns built into openshift into a
>> > delegated zone of our own DNS domain. I've seen that it runs at 8053,
>> The dnsmasq is not a workaround it's the solution for keep DNS
>> resolving up and running.
> Maybe I didn't explain well enough. I don't want to get DNS
> resolucion from whitin the openshift nodes towards themselves or the
> outside. I want to make the **.cluster.local names resolvable from the outside.

Due to the fact that dnsmasq listen by default on all interfaces

netstat -tulpn|egrep 'Pro|dns'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      97429/dnsmasq
tcp6       0      0 :::53                   :::*                    LISTEN      97429/dnsmasq
udp        0      0    *                           97429/dnsmasq
udp6       0      0 :::53                   :::*                                97429/dnsmasq

you can add udp 53 to OS_FIREWALL_ALLOW chain on the nodes which you want
to use as dns resolver for cluster.local?

You can add for example on master01 the following line in /etc/sysconfig/iptables.

-A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT

Then you only need to point the ns entry to the master01 and of course 
your clients must be able to reach master01 via udp 53.

Does this helps?

> Javier Palacios

Best Regards
Aleksandar Lazic - ME2Digital e. U.

