Rewrite DNS example in docs not working as expected

[sgerace]

I'm trying to implement a simple DNS rewrite in our AKS instance and the provided example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  example.server: | # you may select any name here, but it must end with the .server file extension
    example.com:53 {
      log
      errors
      rewrite stop {
        name regex (.*)\.example.com {1}.default.svc.cluster.local
        answer name (.*)\.default\.svc\.cluster\.local {1}.example.com
      }
      forward . /etc/resolv.conf # you can redirect this to a specific DNS server such as 10.0.0.10, but that server must be able to resolve the rewritten domain name
    }

Is not working. If I look at the logs from the coredns pods, I see the following:

[INFO] 10.0.20.18:56053 - 58809 "A IN test.example.com. udp 60 false 512" NXDOMAIN qr,rd,ra 121 0.003595002s
[INFO] 10.0.20.18:56053 - 59326 "AAAA IN test.example.com. udp 60 false 512" NXDOMAIN qr,rd,ra 121 0.004423049s

However, if I add the following:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  example.server: | # you may select any name here, but it must end with the .server file extension
    example.com:53 {
      log
      errors
      rewrite stop {
        name regex (.*)\.example.com {1}.default.svc.cluster.local
        answer name (.*)\.default\.svc\.cluster\.local {1}.example.com
      }
      kubernetes cluster.local in-addr.arpa ip6.arpa {
        pods insecure
        fallthrough in-addr.arpa ip6.arpa
      }
      forward . /etc/resolv.conf # you can redirect this to a specific DNS server such as 10.0.0.10, but that server must be able to resolve the rewritten domain name
    }

Then it works as expected and I receive the following:

[INFO] 10.0.20.18:42972 - 14130 "AAAA IN test.example.com. udp 60 false 512" NOERROR qr,aa,rd 139 0.000387509s
[INFO] 10.0.20.18:42972 - 6446 "A IN test.example.com. udp 60 false 512" NOERROR qr,aa,rd 90 0.000153903s

and requests are routed properly.

I'm trying to understand if this is expected and correct behavior. I'm guessing that it has something to do with the location of the import custom/*.server line in the default coredns Corefile configmap, which has it outside of the root .:53 block:

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        ready
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
        import custom/*.override
    }
    import custom/*.server

If that is indeed the case, I would expect I should probably include the other commands as well (e.g., cache, loop, reload, and loadbalance) to my custom configmap. Is that correct?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 2f95537e-770a-739c-0175-4447a995f8b2
• Version Independent ID: 6c9a1132-05af-70f1-5a2b-8dad56de9cc3
• Content: Customize CoreDNS for Azure Kubernetes Service (AKS) - Azure Kubernetes Service
• Content Source: articles/aks/coredns-custom.md
• Service: container-service
• GitHub Login: @palma21
• Microsoft Alias: jpalma

[kobulloc-MSFT]

@sgerace Thank you for bringing this to our attention! We've assigned this to the document author for further review.

[chrisohaver]

Rewrites that change incoming question names to kubernetes zone names should be added to the default server block via the custom/*.override import. coredns/coredns#5122 (comment)

[schaffererin]

Hi @kobulloc-MSFT, thanks for your feedback. And thank you @chrisohaver for providing help here. I'm updating the doc and incorporating this feedback. I will now close this GH issue.

#please-close