From abadfe9b254dc38e64da6c8ee870c026e30cf53a Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Sat, 30 Apr 2022 03:19:33 +0200 Subject: [PATCH] feat(dns): Refactor DNS setup to use dnsproxy instead of unbound This patch refactors the existing setup to use dnsproxy instead of unbound for base DNS. This should improve performance and provide better DNS resolution, since previously there were a lot of failed lookups, which work with the online resolver. References: https://github.com/AdguardTeam/dnsproxy --- apps/k8s01/dns/dns.yaml | 75 +++++------------------------------------ 1 file changed, 8 insertions(+), 67 deletions(-) diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml index e752f0cf8..acb003f98 100644 --- a/apps/k8s01/dns/dns.yaml +++ b/apps/k8s01/dns/dns.yaml @@ -16,27 +16,14 @@ spec: app: resolver spec: containers: - - name: dns-over-httpd - image: quay.io/sheogorath/doh:latest - env: - - name: UPSTREAM_NAME - value: localhost4 - ports: - - containerPort: 8053 - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 100m - memory: 256Mi - - name: named - image: docker.io/secns/unbound:latest - env: - - name: CACHE_MIN_TTL - value: "1200" - - name: PREFETCH - value: "yes" + - name: dnsproxy + image: quay.io/sheogorath/dnsproxy:0.42.0 + args: + - --upstream=https://dns.shivering-isles.com/dns-query + - --bootstrap=1.1.1.1 + - --listen 0.0.0.0 + - --cache-min-ttl=300 + - --cache-optimistic ports: - containerPort: 53 protocol: TCP @@ -49,27 +36,6 @@ spec: limits: cpu: 100m memory: 256Mi - volumeMounts: - - name: unbound-chroot - mountPath: /usr/local/etc/unbound/conf.d/ - readOnly: true - # - name: unbound-exporter - # image: ghcr.io/leoquote/unbound_exporter:main - # ports: - # - name: metrics - # containerPort: 9167 - # protocol: TCP - # resources: - # requests: - # cpu: 100m - # memory: 64Mi - # limits: - # cpu: 100m - # memory: 64Mi - volumes: - - name: unbound-chroot - configMap: - name: unbound-chroot automountServiceAccountToken: false --- apiVersion: v1 @@ -104,31 +70,6 @@ spec: port: 53 targetPort: 53 --- -apiVersion: v1 -kind: Service -metadata: - name: dns-over-http -spec: - selector: - app: resolver - ports: - - protocol: TCP - port: 80 - targetPort: 8053 ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: unbound-chroot -data: - chroot.conf: | - server: - chroot: "" - statistics-interval: 60 - extended-statistics: yes - remote-control: - control-enable: yes ---- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: -- GitLab