Breaking changes in ReWrite Plugin CoreDNS 1.8.4

[qpetraroia]

AKS is currently running CoreDNS 1.8.3 and upgrading to CoreDNS 1.8.4 in September. A breaking change with the rewrite plugin with CoreDNS 1.8.4 has been identified.

This is an example for 1.8.3

<domain to be rewritten>.com:53 {
        errors
        cache 30
        rewrite name substring <domain to be rewritten>.com default.svc.cluster.local
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
        }
        forward .  /etc/resolv.conf # you can redirect this to a specific DNS server such as 10.0.0.10, but that server must be able to resolve the rewritten domain name
    }

The below is an example for 1.8.4 that won't break, which requires customers to update there configuration.

  <domain to be rewritten>.com:53 {
  log
  errors
  rewrite stop {
    name regex (.*)\.<domain to be rewritten>.com {1}.default.svc.cluster.local
    answer name (.*)\.default\.svc\.cluster\.local {1}.<domain to be rewritten>.com
  }
  forward . /etc/resolv.conf # you can redirect this to a specific DNS server such as 10.0.0.10, but that server must be able to resolve the rewritten domain name

What happened: AKS is advising customers to update there rewrite plugin.

What you expected to happen: No breaking changes during patch version upgrades.

How to reproduce it (as minimally and precisely as possible): Apply a configuration in 1.8.3 and upgrade to 1.8.4.

Anything else we need to know?:

Environment:
Azure Kubernetes Service 1.20+

the version of CoreDNS: 1.8.4
Corefile:
logs, if applicable:
OS (e.g: cat /etc/os-release):
Others:

[Sathishkunisai]

should we update coredns_custom configmap in the Azure AKS? please advise

[Sathishkunisai]

Could you advise on the impact? as we are not using rewrite in our coredns_custom configmap

[0dragosh]

Is this rolling out to all AKS clusters or will the impact be limited to upgrades to an AKS patch version?

[ahmelsayed]

@qpetraroia It doesn't seem to be possible to do the equivalent of the original config that would work for both 1.8.3 and 1.8.4. i.e:

  rewrite stop {
    name regex (.*)\.<domain to be rewritten>\.com default.svc.cluster.local
    answer name default\.svc\.cluster\.local {1}.<domain to be rewritten>.com
  }

The alternative in 1.8.4 is

  rewrite stop {
    name regex (.*)\.<domain to be rewritten>\.com default.svc.cluster.local
    answer auto
  }

but that's invalid in 1.8.3.

[qpetraroia]

Hi folks,

We have reverted the CoreDNS 18.4 rollout. This breaking change is no longer relevant. The AKS team will be waiting for 1.8.5 and once that is out, we will provide a seamless transition from 1.8.3 to 1.8.5.

https://docs.microsoft.com/en-us/azure/aks/coredns-custom#rewrite-dns

Customer can customize their CoreDNS config by updating CoreDNS -custom configmap in the kube-system. We suggest them to always add "answer" property if they use "rewrite" plugin

specifically:

rewrite stop {

name regex (.*)\.<domain to be rewritten>.com {1}.default.svc.cluster.local

answer name (.*)\.default\.svc\.cluster\.local {1}.<domain to be rewritten>.com
}

Thanks,
Quentin