baremetal and friends: Set coredns forward policy to sequential

This was already done for openstack in #1527, but not for baremetal because we don't have any separation between external and internal hostnames. However, this behavior is unintuitive and we've found a number of instances where it has caused problems on the other platforms too. Switching the forward policy to sequential will avoid potentially confusing issues where a set of DNS servers works fine standalone but breaks when configured as the forwarding upstreams in coredns.
openshift · Nov 9, 2020 · 0d7e44e · 0d7e44e
1 parent ba0a056
commit 0d7e44e
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 5 deletions.
diff --git a/manifests/on-prem/coredns-corefile.tmpl b/manifests/on-prem/coredns-corefile.tmpl
@@ -2,7 +2,9 @@
     errors
     health :18080
     mdns {{ .ControllerConfig.DNS.Spec.BaseDomain }} {{`{{.Cluster.MasterAmount}}`}} {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}}
-    forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}}
+    forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+        policy sequential
+    }
     cache 30
     reload
     template IN {{`{{ .Cluster.IngressVIPRecordType }}`}} {{ .ControllerConfig.DNS.Spec.BaseDomain }} {

diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go
diff --git a/templates/common/on-prem/files/coredns-corefile.yaml b/templates/common/on-prem/files/coredns-corefile.yaml
@@ -6,7 +6,9 @@ contents:
         errors
         health :18080
         mdns {{ .DNS.Spec.BaseDomain }} 0 {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}}
-        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}}
+        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+            policy sequential
+        }
         cache 30
         reload
         template IN {{`{{ .Cluster.IngressVIPRecordType }}`}} {{ .DNS.Spec.BaseDomain }} {

diff --git a/templates/common/ovirt/files/coredns-corefile.yaml b/templates/common/ovirt/files/coredns-corefile.yaml
@@ -6,7 +6,9 @@ contents:
         errors
         health :18080
         mdns {{ .DNS.Spec.BaseDomain }} 0 {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}}
-        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}}
+        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+            policy sequential
+        }
         cache 30
         reload
         file /etc/coredns/node-dns-db {{ .DNS.Spec.BaseDomain }}

diff --git a/templates/common/vsphere/files/coredns-corefile.yaml b/templates/common/vsphere/files/coredns-corefile.yaml
@@ -7,7 +7,9 @@ contents:
         errors
         health :18080
         mdns {{ .DNS.Spec.BaseDomain }} 0 {{`{{.Cluster.Name}}`}} {{`{{.NonVirtualIP}}`}}
-        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}}
+        forward . {{`{{- range $upstream := .DNSUpstreams}} {{$upstream}}{{- end}}`}} {
+            policy sequential
+        }
         cache 30
         reload
         hosts {