Configure resolvers like puppet (openforwarder view + forward zones) #226
Reference in New Issue
Block a user
Delete Branch "benvin/resolver-openforwarder"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Why
dig google.com @198.18.200.7was refused: the resolver never set allow-recursion, so BIND defaulted to localnets/localhost. This mirrors the puppet resolver (/etc/named/views.conf + acls.conf) exactly.Changes
openforwarderBindView:match-clients= the 4 internal ACLs, recursion yes, allow-recursion/allow-queryany(match-clients gates)Note
Forward-zone upstreams point at the puppet anycast servers (still authoritative during migration); flip to the in-cluster authoritative/externaldns LBs once zone data is migrated.
Validated
kustomize build (59 docs), kubeconform clean.