How do I configure a conditional forwarder with CoreDNS in my Amazon EKS cluster?

Short description

You can use CoreDNS to configure conditional forwarding for DNS queries sent to the domains resolved by a customized DNS server. For more information, see Customizing DNS Service on the Kubernetes website.

Important: Apply the modifications in the following resolution to self-managed CoreDNS only. To make configuration changes to the CoreDNS Amazon EKS add-on, determine the settings that Amazon EKS manages by checking the Amazon EKS add-on configuration. Check the add-on configuration before making any changes, because modifying a field managed by Amazon EKS prevents Amazon EKS from managing the add-on. This could result in your changes being overwritten when an add-on is updated.

Resolution

1.    Modify the CoreDNS ConfigMap and add the conditional forwarder configuration:

$ kubectl -n kube-system edit configmap coredns

Output:

apiVersion: v1
kind: ConfigMap
metadata:
  annotations:
  labels:
    eks.amazonaws.com/component: coredns
    k8s-app: kube-dns
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        errors
        health
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
    }
    domain-name:53 {
        errors
        cache 30
        forward . custom-dns-server
        reload
    }

Note: Replace domain-name with your domain name. Replace custom-dns-server with your custom DNS server IP address.

2.    Verify that domain name resolution works:

$ kubectl run busybox --restart=Never --image=busybox:1.28 -- sleep 3600
$ kubectl exec busybox -- nslookup domain-name

Note: Replace domain-name with your domain name.