feat(dns): Refactor DNS setup to use dnsproxy instead of unbound

This patch refactors the existing setup to use dnsproxy instead of unbound for base DNS. This should improve performance and provide better DNS resolution, since previously there were a lot of failed lookups, which work with the online resolver. References: https://github.com/AdguardTeam/dnsproxy

feat(dns): Refactor DNS setup to use dnsproxy instead of unbound
abadfe9b · Sheogorath · 1272b6dc · abadfe9b
Verified Commit abadfe9b authored 3 years ago by Sheogorath
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -16,27 +16,14 @@ spec:
        app: resolver
    spec:
      containers:
-        - name: dns-over-httpd
-          image: quay.io/sheogorath/doh:latest
-          env:
-            - name: UPSTREAM_NAME
-              value: localhost4
-          ports:
-            - containerPort: 8053
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              cpu: 100m
-              memory: 256Mi
-        - name: named
-          image: docker.io/secns/unbound:latest
-          env:
-            - name: CACHE_MIN_TTL
-              value: "1200"
-            - name: PREFETCH
-              value: "yes"
+        - name: dnsproxy
+          image: quay.io/sheogorath/dnsproxy:0.42.0
+          args:
+            - --upstream=https://dns.shivering-isles.com/dns-query
+            - --bootstrap=1.1.1.1
+            - --listen 0.0.0.0
+            - --cache-min-ttl=300
+            - --cache-optimistic
          ports:
            - containerPort: 53
              protocol: TCP
@@ -49,27 +36,6 @@ spec:
            limits:
              cpu: 100m
              memory: 256Mi
-          volumeMounts:
-            - name: unbound-chroot
-              mountPath: /usr/local/etc/unbound/conf.d/
-              readOnly: true
-        # - name: unbound-exporter
-        #   image: ghcr.io/leoquote/unbound_exporter:main
-        #   ports:
-        #     - name: metrics
-        #       containerPort: 9167
-        #       protocol: TCP
-        #   resources:
-        #     requests:
-        #       cpu: 100m
-        #       memory: 64Mi
-        #     limits:
-        #       cpu: 100m
-        #       memory: 64Mi
-      volumes:
-        - name: unbound-chroot
-          configMap:
-            name: unbound-chroot
      automountServiceAccountToken: false
 ---
 apiVersion: v1
@@ -104,31 +70,6 @@ spec:
      port: 53
      targetPort: 53
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: dns-over-http
-spec:
-  selector:
-    app: resolver
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8053
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: unbound-chroot
-data:
-  chroot.conf: |
-    server:
-      chroot: ""
-      statistics-interval: 60
-      extended-statistics: yes
-    remote-control:
-      control-enable: yes
---
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata: