Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2133

Support CoreDNS forwarding DNS requests over TLS

XMLWordPrintable

    • False
    • False

      1. Proposed title of this feature request

      Support CoreDNS forwarding DNS requests over TLS

       

      2. What is the nature and description of the request?

      Telco partners and their customers require outbound DNS requests from CoreDNS to upstream DNS servers to be transported over TLS in order to provide privacy and data integrity protection. Requests from pods to CoreDNS will not be transported over TLS.

      The request flow required to be supported is:

      DNS client/stub resolver ==plain unencrypted DNS (port 53)==> CoreDNS ==DNS over TLS (port 853)==> Upstream/external DNS server/resolver

      It would appear that CoreDNS already supports forwarding of requests over TLS via its
      forward plugin, however it is not currently possible to configure forwarding over TLS via the OpenShift DNS Operator.

      This RFE is to provide DNS over TLS support for the scenario above. This RFE is related to RFE-1859 because this RFE is requesting a subset of the functionality covered by RFE-1859.

       

      3. Why does the customer need this? (List the business requirements here)

      To encrypt DNS transport outside of the cluster for privacy protection and data integrity.

       

      4. List any affected packages or components.

      DNS Operator, CoreDNS

              ddharwar@redhat.com Deepthi Dharwar
              bnivenje@redhat.com Ben Niven-Jenkins
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: