diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/Corefile b/app/kuma-dp/pkg/dataplane/dnsserver/Corefile new file mode 100644 index 000000000000..3da2108419fd --- /dev/null +++ b/app/kuma-dp/pkg/dataplane/dnsserver/Corefile @@ -0,0 +1,15 @@ +.:{{ .CoreDNSPort }} { + forward . 127.0.0.1:{{ .EnvoyDNSPort }} + # We want all requests to be sent to the Envoy DNS Filter, unsuccessful responses should be forwarded to the original DNS server. + # For example: requests other than A, AAAA and SRV will return NOTIMP when hitting the envoy filter and should be sent to the original DNS server. + # Codes from: https://github.com/miekg/dns/blob/master/msg.go#L138 + alternate NOTIMP,FORMERR,NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf + prometheus localhost:{{ .PrometheusPort }} + errors +} + +.:{{ .CoreDNSEmptyPort }} { + template ANY ANY . { + rcode NXDOMAIN + } +} diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/config_file.go b/app/kuma-dp/pkg/dataplane/dnsserver/config_file.go index 40f127e04cf9..cae9d6049617 100644 --- a/app/kuma-dp/pkg/dataplane/dnsserver/config_file.go +++ b/app/kuma-dp/pkg/dataplane/dnsserver/config_file.go @@ -1,6 +1,7 @@ package dnsserver import ( + "embed" "os" "path/filepath" @@ -9,6 +10,9 @@ import ( kuma_dp "github.com/kumahq/kuma/pkg/config/app/kuma-dp" ) +//go:embed Corefile +var config embed.FS + func GenerateConfigFile(cfg kuma_dp.DNS, config []byte) (string, error) { configFile := filepath.Join(cfg.ConfigDir, "Corefile") if err := writeFile(configFile, config, 0o600); err != nil { diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go index 465bcf3f9272..381a31a59f31 100644 --- a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go +++ b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver.go @@ -36,23 +36,6 @@ type Opts struct { Quit chan struct{} } -// DefaultCoreFileTemplate defines the template to use to configure coreDNS to use the envoy dns filter. -const DefaultCoreFileTemplate = `.:{{ .CoreDNSPort }} { - forward . 127.0.0.1:{{ .EnvoyDNSPort }} - # We want all requests to be sent to the Envoy DNS Filter, unsuccessful responses should be forwarded to the original DNS server. - # For example: requests other than A, AAAA and SRV will return NOTIMP when hitting the envoy filter and should be sent to the original DNS server. - # Codes from: https://github.com/miekg/dns/blob/master/msg.go#L138 - alternate NOTIMP,FORMERR,NXDOMAIN,SERVFAIL,REFUSED . /etc/resolv.conf - prometheus localhost:{{ .PrometheusPort }} - errors -} - -.:{{ .CoreDNSEmptyPort }} { - template ANY ANY . { - rcode NXDOMAIN - } -}` - func lookupDNSServerPath(configuredPath string) (string, error) { return files.LookupBinaryPath( files.LookupInPath(configuredPath), @@ -108,7 +91,11 @@ func (s *DNSServer) Start(stop <-chan struct{}) error { tmpl = t } else { - t, err := template.New("Corefile").Parse(DefaultCoreFileTemplate) + corefile, err := config.ReadFile("Corefile") + if err != nil { + return errors.Wrap(err, "couldn't open embedded Corefile") + } + t, err := template.New("Corefile").Parse(string(corefile)) if err != nil { return err } diff --git a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go index b7968d35268d..ad5a766af899 100644 --- a/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go +++ b/app/kuma-dp/pkg/dataplane/dnsserver/dnsserver_test.go @@ -132,7 +132,8 @@ var _ = Describe("DNS Server", func() { template ANY ANY . { rcode NXDOMAIN } -}`)) +} +`)) })) It("should return an error if DNS Server crashes", test.Within(10*time.Second, func() {