1. Proposed title of this feature request
Enable configuration of template plugin in CoreDNS
2. What is the nature and description of the request?
In ARO we currently use dnsmasq to serve the *.apps records. We don't have a requirement that customer custom DNS resolvers host this record, and additionally customers with custom DNS resolvers don't know what public IP the public load balancer will receive until the cluster has completed installation.
ARO wishes to stop using dnsmasq for hosting *.apps, so to preserve this functionality we need CoreDNS configured with template plugin blocks similar to:

.:5353 {
...
	template IN A apps.m71z3hze.eastus.aroapp.io {
		match “.*[.]apps[.]m71z3hze[.]eastus[.]aroapp.io$”
		answer “{{ .Name }} 60 IN A 52.168.90.194”
	}
	template ANY ANY apps.m71z3hze.eastus.aroapp.io {
		match “.*[.]apps[.]m71z3hze[.]eastus[.]aroapp.io$”
		rcode NOANSWER
	}
...
}

In addition, we wish to implement Azure-specific search domain limiting based on what AKS is doing. The first template limits search-domain expansion to only valid names for Azure-generated records. The second template handles the intentionally-not-working reddog search domain locally instead of sending it to the customer's custom DNS servers which may handle this domain incorrectly. See AKS documentation for more information: https://learn.microsoft.com/en-us/azure/aks/coredns-custom#invalid-search-domain-completions-for-internalcloudappnet-and-reddogmicrosoftcom

.:5353 {
...
	template ANY ANY internal.cloudapp.net {
		match "^(?:[^.]+\.){4,}internal\.cloudapp\.net\.$"
		rcode NXDOMAIN
		fallthrough
	}
	template ANY ANY reddog.microsoft.com {
		rcode NXDOMAIN
	}
...
}

3. Why does the customer need this? (List the business requirements here)
ARO needs this to remove our dependence on dnsmasq and move closer to vanilla OCP. ARO also needs this to remove the fork of the installer which is patched to add the dnsmasq functionality.

4. List any affected packages or components.
DNS Operator
Installer