Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using CoreDNS as public authoritative DNS #1223

Closed
alialshamali opened this issue Nov 12, 2017 · 7 comments
Closed

Using CoreDNS as public authoritative DNS #1223

alialshamali opened this issue Nov 12, 2017 · 7 comments
Labels
plugin/etcd question

Comments

@alialshamali
Copy link

alialshamali commented Nov 12, 2017
edited

Hi I want to use CoreDNS as a authoritative DNS (name server), I have been trying to figure it out. I want to use etcd as backend for the zone files. I kind of figure out some stuff, but not sure what I am missing. Does anyone have experience with a similar setup?

Here is the config map I am using:

apiVersion: v1
kind: ConfigMap
metadata:
  name: authoritative-coredns
data:
  Corefile: |
    .:53 {
        errors
        log stdout
        health
        etcd  {
          endpoint #endpoints here
          path /authoritative-dns
          TLS etcd_cert etcd_key etcd_ca
        }
        cache
    }
  etcd_ca: "/authoritative-coredns-secrets/etcd-ca"
  etcd_cert: "/authoritative-coredns-secrets/etcd-cert"
  etcd_key: "/authoritative-coredns-secrets/etcd-key"

I am using Kubernetes secrets to load in the etcd certificates as Base64. To make its easier to manage.
Also what would be the sample zone file in etcd for example: example1.com, example2.com

Any help will be appreciated.
Thanks
@miekg
Copy link
Member

miekg commented Nov 13, 2017

The etcd plugin doesn't provide all resource type - I'll clarify that in the docs. For now only the file plugin is there for authoritative serving. We had some discussion a while back on making a DB backend and interface a while back.

What problems are you seeing?

@schors
Copy link

schors commented Nov 13, 2017

I'm thinking about this for a while. It may be better to implement the resource records backend, not zones, as is done by CloudFlare

@miekg
Copy link
Member

miekg commented Nov 13, 2017

Sounds interesting, do you some details about this? Or open an issue where we can discuss?

@schors
Copy link

schors commented Nov 13, 2017

The basic requirements for implementing the backend:

  1. Speed :-)
  2. Low latency
  3. Online adding, changing and deleting zones
  4. Online zone refreshing
  5. Selecting for signing or unsigning zones (for secondary zones)

@schors
Copy link

schors commented Nov 13, 2017

Sounds interesting, do you some details about this? Or open an issue where we can discuss?

Open dedicated issue

@alialshamali
Copy link
Author

alialshamali commented Nov 13, 2017
edited

I really like core-dns, and want to figure out if we can replace authoritative DNS with it. I was thinking of using etcd to store the zones so it easy to amend and add zone files. I want to make the service elastic on K8s so you can use the entire cluster incase you need expand the service.

I want to build a test setup and benchmark against NSD / Knot / Bind / Power-DNS and maybe erl-DNS. Also want to figure a way to ensure autoscale for the DNS to ensure it will scale to met the demand.

I believe this a great use case. I will open a new issue

@alialshamali alialshamali mentioned this issue Nov 13, 2017
Closed
@miekg
Copy link
Member

miekg commented Dec 1, 2017

Can't be done with etc, see #1226 for discussion on how to make that possible

@miekg miekg closed this as completed Dec 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
plugin/etcd question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alialshamali @miekg @schors