Hi Javier. am Dienstag, 06. Juni 2017 um 14:24 schrieben Sie:
>> De: Aleksandar Lazic [mailto:al...@me2digital.eu] >> >> You can add for example on master01 the following line in >> /etc/sysconfig/iptables. >> >> -A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 53 -j >> ACCEPT >> >> Then you only need to point the ns entry to the master01 and of course >> your clients must be able to reach master01 via udp 53. > That is for sure required, but seems not enough. That just allows to > gets name resolution when binding directly to the dnsmasq. > But what I want is not to add master01 to my node dnsserver list, but > let my standard dns to ask to master01 for anything below > cluster.local, as it does with any other query for non-local domains. > Let say, after opening 53/udp I can do (10.1.0.155 is the master01 addresses) > nslookup > registry-console-default.router.default.svc.cluster.local > registry-console-default.router.default.svc.cluster.local - 10.1.0.155 > but what I want is to succeed just with > nslookup > registry-console-default.router.default.svc.cluster.local > registry-console-default.router.default.svc.cluster.local For this you will need to add the cluster.local domain into the DNS Server which is configured in the client and forward the requests to dnsmasq. I think you need something like this called split horizon. https://serverfault.com/a/563397/391298 What I would do is the following. .) add cluster.local zone in your primary dns server .) point the ns entries for master01 .) reload/restart dns server .) flush dns cache on client > I can do that with a dnsmasq instance that I fully manage, but the > first step is to make it authoritative > (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAH), and > I cannot do with the openshift one which is by definition a forward only > instance. > Javier Palacios -- Best Regards Aleksandar Lazic - ME2Digital e. U. https://me2digital.online/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users