From abadfe9b254dc38e64da6c8ee870c026e30cf53a Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 30 Apr 2022 03:19:33 +0200
Subject: [PATCH] feat(dns): Refactor DNS setup to use dnsproxy instead of
 unbound

This patch refactors the existing setup to use dnsproxy instead of
unbound for base DNS. This should improve performance and provide better
DNS resolution, since previously there were a lot of failed lookups,
which work with the online resolver.

References:
https://github.com/AdguardTeam/dnsproxy
---
 apps/k8s01/dns/dns.yaml | 75 +++++------------------------------------
 1 file changed, 8 insertions(+), 67 deletions(-)

diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml
index e752f0cf8..acb003f98 100644
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -16,27 +16,14 @@ spec:
         app: resolver
     spec:
       containers:
-        - name: dns-over-httpd
-          image: quay.io/sheogorath/doh:latest
-          env:
-            - name: UPSTREAM_NAME
-              value: localhost4
-          ports:
-            - containerPort: 8053
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              cpu: 100m
-              memory: 256Mi
-        - name: named
-          image: docker.io/secns/unbound:latest
-          env:
-            - name: CACHE_MIN_TTL
-              value: "1200"
-            - name: PREFETCH
-              value: "yes"
+        - name: dnsproxy
+          image: quay.io/sheogorath/dnsproxy:0.42.0
+          args:
+            - --upstream=https://dns.shivering-isles.com/dns-query
+            - --bootstrap=1.1.1.1
+            - --listen 0.0.0.0
+            - --cache-min-ttl=300
+            - --cache-optimistic
           ports:
             - containerPort: 53
               protocol: TCP
@@ -49,27 +36,6 @@ spec:
             limits:
               cpu: 100m
               memory: 256Mi
-          volumeMounts:
-            - name: unbound-chroot
-              mountPath: /usr/local/etc/unbound/conf.d/
-              readOnly: true
-        # - name: unbound-exporter
-        #   image: ghcr.io/leoquote/unbound_exporter:main
-        #   ports:
-        #     - name: metrics
-        #       containerPort: 9167
-        #       protocol: TCP
-        #   resources:
-        #     requests:
-        #       cpu: 100m
-        #       memory: 64Mi
-        #     limits:
-        #       cpu: 100m
-        #       memory: 64Mi
-      volumes:
-        - name: unbound-chroot
-          configMap:
-            name: unbound-chroot
       automountServiceAccountToken: false
 ---
 apiVersion: v1
@@ -104,31 +70,6 @@ spec:
       port: 53
       targetPort: 53
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: dns-over-http
-spec:
-  selector:
-    app: resolver
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8053
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: unbound-chroot
-data:
-  chroot.conf: |
-    server:
-      chroot: ""
-      statistics-interval: 60
-      extended-statistics: yes
-    remote-control:
-      control-enable: yes
----
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-- 
GitLab