Revert "fix(k8s-gateway): use DoT upstreams"

This reverts commit a393091ef7.
2026-03-22 02:39:49 +00:00 · 2025-01-02 23:56:08 +08:00
parent 812d1099e7
commit 31d8cfcec2
1 changed files with 18 additions and 36 deletions
--- a/kube/deploy/core/dns/internal/k8s-gateway/app/hr.yaml
+++ b/kube/deploy/core/dns/internal/k8s-gateway/app/hr.yaml
@@ -40,44 +40,26 @@ spec:
      # Serves a /metrics endpoint on :9153, required for serviceMonitor
      - name: prometheus
        parameters: 0.0.0.0:9153
-      - &router
+      - &forward
        name: forward
-        parameters: "${DNS_SHORT} tls://${IP_ROUTER_VLAN_K8S}"
-        configBlock: "next NXDOMAIN"
-      - &cfdot
-        name: forward
-        parameters: "${DNS_SHORT} tls://1.1.1.1 tls://1.0.0.1"
-        configBlock: "tls_servername one.one.one.one"
-      - <<: *router
-        parameters: "${DNS_MAIN} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_MAIN} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_VPN} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_VPN} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_STREAM} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_STREAM} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_ME} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_ME} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_HOME} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_HOME} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_INTERNAL} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_INTERNAL} tls://1.1.1.1 tls://1.0.0.1"
-      - <<: *router
-        parameters: "${DNS_FUNNY} tls://${IP_ROUTER_VLAN_K8S}"
-      - <<: *cfdot
-        parameters: "${DNS_FUNNY} tls://1.1.1.1 tls://1.0.0.1"
+        parameters: "${DNS_SHORT} ${UPSTREAM}"
+        configBlock: "policy sequential"
+      - <<: *forward
+        parameters: "${DNS_MAIN} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_VPN} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_STREAM} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_ME} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_HOME} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_INTERNAL} ${UPSTREAM}"
+      - <<: *forward
+        parameters: "${DNS_FUNNY} ${UPSTREAM}"
      - name: forward
-        parameters: ". tls://${IP_ROUTER_VLAN_K8S}"
+        parameters: ". /etc/resolv.conf"
      - name: loop
      - name: reload
      - name: loadbalance