Internal DNS #719
-
Hello! I did run the task ansible:nuke and I did follow each steps from the readme of the v4.0.1 template. First, DNS wasn't correctly setuped on cloudlfare. My second issue is non related to the migration, but each internal dns request like the kubernetes dashboard or hajimari doesn't work/ are not resolved. My router have one dns server, which is metallb gateway IP that I put on my .config.env. Any help on this would be appreciated! |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 24 replies
-
Yes part of the migration to cloudflared would be to remove the ipv4 references from your records and any TXT records as well. But since this CNAME changed to
This implementation uses external-dns to populate DNS records that points to your cfargotunnel address. So yes, there does need to be DNS records for cloudflared to work.
I would rather keep that here in the discussions so people are chime in with their thoughts. 😄
I might need a little more details here, internal DNS will not work OOTB and requires setup on another device that does DNS for your home network in order to work. However, you can test with your workstations host file. Since what people use for DNS at home varies, it's hard to describe exactly what you need to do as explained here. Edit: I just updated the README on clearer internal DNS things, hopefully it helps. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
I use AdGuard Home and when I set DNS rewrite from
|
Beta Was this translation helpful? Give feedback.
-
I have a similar set up to one of the previous commenters (AdGuard Home, and I have my upstream config set up for conditional forwarding), but I'm having a different problem. I was trying to use Jellyfin, which is "external", but because clients on my network are using AdGuard Home so they're forwarding all requests to EDIT: Something is screwy with my k8s-gateway deployment, because it's saying |
Beta Was this translation helpful? Give feedback.
-
Hey 🙂, I'm relatively new to the world of Kubernetes, flux, and related services. While I'm well-versed in Docker and have already set up a cloudflare and reverse proxy with public services with Docker containers, networking isn't something I deal with regularly. So, configuring things like DNS setup only comes up when necessary and my Pihole and DoH configuration was some time ago. Unfortunately, when it comes to the Kubernetes setup / internal DNS and troubleshooting where requests are getting stuck, I find it quite challenging to keep track. Current SituationLet me outline my current situation and configuration: Current Configuration:RouterMy Router has Bind9Bind9 is configured like this: named.confacl internal {
192.168.0.0/24; //internal Clients
172.19.0.0/24; //some random range which seems to come up by my router for push notifications or something like this
127.0.0.1;
};
options {
forwarders {
${PIHOLE_IP};
};
recursion yes; //necessary?
allow-query { internal; };
};
zone "${SECRET_DOMAIN}" IN {
type master;
file "/etc/bind/${SECRET_DOMAIN}.zone";
}; So that it has a zone for ${SECRET_DOMAIN} configured and forwards requests for that zone as I configured in the ${SECRET_DOMAIN}.zone file. Other requests (external) will be forwarded to the PiHole to handle external DNS and blocking/filtering of unwanted requests. My Zone configuration looks like this (with example entry for Grafana): ${SECRET_DOMAIN}.zone$TTL 2d
$ORIGIN ${SECRET_DOMAIN}.
@ IN SOA ns.${SECRET_DOMAIN}. mail.${SECRET_DOMAIN} (
2023063000 ;serial
12h ;refresh
15m ;retry
3w ;expiry
2h ;minimum-ttl
)
@ IN NS ns.${SECRET_DOMAIN}.
ns IN A ${BIND9_IP}
ingress IN A ${BOOTSTRAP_METALLB_K8S_GATEWAY_ADDR}
grafana IN CNAME ingress.${SECRET_DOMAIN}. I also tried PiHoleMy PiHole Configuration looks like this: Currently, I don't have activated this setting from the Readme: # /etc/dnsmasq.d/99-k8s-gateway-forward.conf
server=/${SECRET_DOMAIN}/${METALLB_K8S_GATEWAY_ADDR} as I want Bind9 to rewrite my domain requests. Expected DNS ResolvingMy DNS-Chain I would like to achieve (or what I thought would make sense) is: For external requests like e.g., google.com: I have noticed that something like Conditional Forwarding in Pi-Hole causes issues, so I deactivated this option (was activated before for custom router domain). When I check the DNS lookup from my client: nslookup$ nslookup grafana.${SECRET_DOMAIN} ${BIND9_IP}
Server: ${BIND9_IP}
Address: ${BIND9_IP}#53
grafana.${SECRET_DOMAIN} canonical name = ingress.${SECRET_DOMAIN}.
Name: ingress.${SECRET_DOMAIN}
Address: ${BOOTSTRAP_METALLB_K8S_GATEWAY_ADDR} This looks good to me so far (I think). When opening this address in a browser from an internal client, it does not resolve. Questions:
I have tried a lot of solutions the last days so I don't know what mistake i made that is does not work right now. Update (Jul 2): Without using Bind9, so just |
Beta Was this translation helpful? Give feedback.
-
For PiHole the following config should work... Tip Below is how to configure a Pi-hole for split DNS. Other platforms should be similar.
# /etc/dnsmasq.d/99-k8s-gateway-forward.conf
server=/${bootstrap_cloudflare.domain}/${bootstrap_cloudflare.gateway_vip}
|
Beta Was this translation helpful? Give feedback.
It seems that just set
BOOTSTRAP_METALLB_K8S_GATEWAY_ADDR
as the only upstream DNS on Pi-hole does the job, without any local dns entry