From da291a7beb6095e2ee1c37e68495147fc45b8f68 Mon Sep 17 00:00:00 2001
From: Bowei Du <bowei@google.com>
Date: Wed, 8 Feb 2017 00:19:18 -0800
Subject: [PATCH] Send only cluster domain queries to kube-dns

Note: all PTR request must still traverse kube-dns. We can restrict
this to just the clusterCIDR in the future to reduce the amount of
PTR traffic.
---
 cluster/addons/dns/kubedns-controller.yaml.base | 7 ++++---
 cluster/addons/dns/kubedns-controller.yaml.in   | 7 ++++---
 cluster/addons/dns/kubedns-controller.yaml.sed  | 7 ++++---
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/cluster/addons/dns/kubedns-controller.yaml.base b/cluster/addons/dns/kubedns-controller.yaml.base
index d4bcf57cfcc..2dcbdb92685 100644
--- a/cluster/addons/dns/kubedns-controller.yaml.base
+++ b/cluster/addons/dns/kubedns-controller.yaml.base
@@ -49,7 +49,7 @@ spec:
       - name: kube-dns-config
         configMap:
           name: kube-dns
-          optional: true    
+          optional: true
       containers:
       - name: kubedns
         image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.12.1
@@ -116,8 +116,9 @@ spec:
           failureThreshold: 5
         args:
         - --cache-size=1000
-        - --no-resolv
-        - --server=127.0.0.1#10053
+        - --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053
+        - --server=/in-addr.arpa/127.0.0.1#10053
+        - --server=/ip6.arpa/127.0.0.1#10053
         - --log-facility=-
         ports:
         - containerPort: 53
diff --git a/cluster/addons/dns/kubedns-controller.yaml.in b/cluster/addons/dns/kubedns-controller.yaml.in
index e97af613e72..136d2e9969a 100644
--- a/cluster/addons/dns/kubedns-controller.yaml.in
+++ b/cluster/addons/dns/kubedns-controller.yaml.in
@@ -49,7 +49,7 @@ spec:
       - name: kube-dns-config
         configMap:
           name: kube-dns
-          optional: true    
+          optional: true
       containers:
       - name: kubedns
         image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.12.1
@@ -116,8 +116,9 @@ spec:
           failureThreshold: 5
         args:
         - --cache-size=1000
-        - --no-resolv
-        - --server=127.0.0.1#10053
+        - --server=/{{ pillar['dns_domain'] }}/127.0.0.1#10053
+        - --server=/in-addr.arpa/127.0.0.1#10053
+        - --server=/ip6.arpa/127.0.0.1#10053
         - --log-facility=-
         ports:
         - containerPort: 53
diff --git a/cluster/addons/dns/kubedns-controller.yaml.sed b/cluster/addons/dns/kubedns-controller.yaml.sed
index c42512bfbf2..d4f01aded1f 100644
--- a/cluster/addons/dns/kubedns-controller.yaml.sed
+++ b/cluster/addons/dns/kubedns-controller.yaml.sed
@@ -49,7 +49,7 @@ spec:
       - name: kube-dns-config
         configMap:
           name: kube-dns
-          optional: true    
+          optional: true
       containers:
       - name: kubedns
         image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.12.1
@@ -115,8 +115,9 @@ spec:
           failureThreshold: 5
         args:
         - --cache-size=1000
-        - --no-resolv
-        - --server=127.0.0.1#10053
+        - --server=/$DNS_DOMAIN/127.0.0.1#10053
+        - --server=/in-addr.arpa/127.0.0.1#10053
+        - --server=/ip6.arpa/127.0.0.1#10053
         - --log-facility=-
         ports:
         - containerPort: 53