Skip to content

DNS Integrations

To integrate the .n2x.local domain with your existing DNS, configure it as a forward zone. For configuration examples with common DNS servers, see the following section.

Dnsmasq

Dnsmasq is a lightweight, open-source DNS (Domain Name System) forwarder and DHCP (Dynamic Host Configuration Protocol) server. It is designed to provide DNS and DHCP services for a small network or a single machine. Dnsmasq is commonly used in home routers, small networks, and as a local DNS resolver on individual computers.

If you want to resolve the .n2x.local domain from your network, you need to configure a new forward zone in your DNS servers:

  1. Edit the /etc/dnsmasq.conf file and add the following configuration snippet:

    #dont use hosts nameservers
    no-resolv
    #use following default nameservers
    server=1.1.1.1
    server=8.8.8.8
    strict-order
    #serve all *.n2x.local queries using a specific nameserver 
    server=/n2x.local/<NODE1-IP>#53535
    server=/n2x.local/<NODE2-IP>#53535
    

    Warning

    Replace the <NODE1-IP> and <NODE2-IP> with the actual IP addresses assigned to your n2x-nodes. These nodes should also be reachable by the server running Dnsmasq.

  2. Restarting dnsmasq service:

    sudo systemctl restart dnsmasq
    

Bind9

BIND 9 is the first, oldest, and most commonly deployed solution for DNS servers. It has evolved to be a very flexible, full-featured DNS system. More network engineers are already familiar with BIND 9 than with any other system.

If you want to resolve the .n2x.local domain from your infrastructure, you need to configure a new forward zone in your DNS servers:

  1. Edit the /etc/bind/named.conf.local file and add the following configuration snippet:

    zone "n2x.local" {
      type forward;
      forward only;
      forwarders { <NODE1-IP> port 53535; <NODE2-IP> port 53535; };
    };
    

    Warning

    Replace the <NODE1-IP> and <NODE2-IP> with the actual IP addresses assigned to your n2x-nodes. These nodes should also be reachable by the server running Bind.

  2. Run the following command to check the syntax of the named.conf* files:

    sudo named-checkconf
    
    3. Restarting BIND:

    sudo systemctl restart bind9
    

    Info

    If you have errors like no valid RRSIG resolving and broken trust chain resolving you should change the param dnssec-validation in /etc/bind/named.conf.options from auto to yes.

DNS Windows Server

In Windows Server 2016, DNS is a server role that you can install by using Server Manager or Windows PowerShell commands.

If you want to resolve the .n2x.local domain from your infrastructure, you need to configure a new forward zone in your DNS servers:

Using DNS Manager

First, you need to create the forward zone .n2x.local following these steps:

  1. Open the DNS Manager. You can do this by searching for dnsmgmt.ms in the Start menu.
  2. In the console tree, right-click on the forward lookup zone for your domain (usually named forward lookup zones or the name of your domain) and select New Zone...
  3. In the New Zone Wizard, select A delegated zone and click Next.
  4. In the Delegate to a DNS server option, choose Do not delegate this zone (standalone primary zone). Click Next.
  5. Enter n2x.local for the zone name and click Next.
  6. Select Primary zone and click Next.
  7. Review the summary and click Finish to create the zone.

Then, you can configure the zone properties:

  1. In the console tree, right-click on the newly created n2x.local zone and select Properties.
  2. Go to the Forwarders tab and click New... button to add a forwarder.
  3. Enter the IP address of your first DNS server (<NODE1-IP>) and port 53535. Click OK to add the forwarder.
  4. Repeat step 3 to add the IP address of your second DNS server (<NODE2-IP>) with port 53535.
  5. Click OK on the zone properties window to save the changes.

Using PowerShell (alternative)

Here's a PowerShell script to achieve the same configuration:

New-DnsZone -Name "n2x.local" -Primary -ZoneType Forwarder
Add-DnsServerForwarder -ZoneName "n2x.local" -Server "<NODE1-IP>" -Port 53535
Add-DnsServerForwarder -ZoneName "n2x.local" -Server "<NODE2-IP>" -Port 53535

Warning

Replace the <NODE1-IP> and <NODE2-IP> with the actual IP addresses assigned to your n2x-nodes. These nodes should also be reachable by the server running DNS Windows.

Kubernetes DNS

CoreDNS is a flexible and extensible DNS server that is used as the default DNS provider in Kubernetes clusters. It handles DNS resolution for services and pods within the cluster. CoreDNS can configure stub domains and upstream nameservers using the forward plugin.

If you want to resolve .n2x.local domain inside the pods, you need to customize CoreDNS:

  1. Get CoreDNS current configuration:

    kubectl -n kube-system get cm coredns -o yaml > coredns.yaml
    
    2. Customize CoreDNS configuration and add the .n2x.local zone to coredns.yaml:

    data:
      Corefile: |
    
        .:53 {
            errors
            health {
               lameduck 5s
            }
            ready
            kubernetes cluster.local in-addr.arpa ip6.arpa {
               pods insecure
               fallthrough in-addr.arpa ip6.arpa
               ttl 30
            }
            prometheus :9153
            forward . /etc/resolv.conf {
               max_concurrent 1000
            }
            cache 30
            loop
            reload
            loadbalance
        }
    
        ## Add .n2x.local zone
        n2x.local {
          forward . <NODE1-IP>:53535 <NODE1-IP>:53535 {
            policy sequential
          }
        }
    

    Warning

    Replace the <NODE1-IP> and <NODE2-IP> with the actual IP addresses assigned to your n2x-nodes. These nodes should also be reachable by CoreDNS pods.

  2. Apply the new changes in the cluster:

    kubectl rollout restart -n kube-system deployment/coredns
    
    4. Reload CoreDNS config:

    kubectl rollout restart -n kube-system deployment/coredns
    
    5. Finally, we need to connect coredns workload to the n2x.io network topology:

    n2xctl k8s workload connect
    

    You should select the tenant, network and subnet previously defined in your n2x.io private virtual topology.

    coredns-workload-connected