[IBMCloud]IKS CoreDNS DNSクエリログ取得追加

目的

デフォルトでは、IKSのPODが使うCoreDNSのクエリログ取得設定がないため、
CoreDNSにクエリログを取得するための設定を記載する

設定

CoreDNSのPODの一覧を確認

下記の３台がCoreDNSとして動いているPOD

% kubectl get pods -n kube-system -l k8s-app=kube-dns

NAME                       READY   STATUS    RESTARTS   AGE
coredns-8484d57987-chphx   1/1     Running   0          6m50s
coredns-8484d57987-nt9ws   1/1     Running   0          6m50s
coredns-8484d57987-t2kv6   1/1     Running   0          6m47s

CoreDNSのログ確認

まだ設定していない状態かつ、DNSクエリも投げていないので特にログなし

% kubectl logs coredns-8484d57987-chphx -n kube-system
.:53
[INFO] plugin/reload: Running configuration SHA512 = bc43afc3db71c79fe7847d695e5d8f371c48384a72631b461a9966feea1ed899ac42f08f1889d76eb227ec26b9e83a9f53abb90a573ce1a8fb8f61b09692af70
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2

DNSクエリログの取得設定の追加

apiVersion: v1
data:
  Corefile: |
    # Add your CoreDNS customizations as import files.
    # Refer to https://cloud.ibm.com/docs/containers?topic=containers-cluster_dns for details.
    .:53 {
        errors
        log
        health {
            lameduck 10s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
            fallthrough in-addr.arpa ip6.arpa
            ttl 30
        }
        prometheus :9153
        hosts {
            192.168.1.1 aaa.bbb.com
            fallthrough
        }
        forward . /etc/resolv.conf {
            max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }

下記の部分にlogを追加するだけだが、記載フォーマットを正しくしないとエラーになる
TAB空白やスペースに注意が必要なので、errorsの行をコピペして書き換えるといい

before

    .:53 {
        errors
        health {
            lameduck 10s
        }

after

    .:53 {
        errors
        log
        health {
            lameduck 10s
        }

PODからDNS確認

設定後、DNSクエリログが見れるかを確認する

% kubectl run dnstest --rm --tty -i --image=busybox --restart=Never -- sh -c 'nslookup www.google.co.jp; echo $?;'
Server:		172.21.0.10
Address:	172.21.0.10:53

Non-authoritative answer:
Name:	www.google.co.jp
Address: 2404:6800:4004:808::2003

Non-authoritative answer:
Name:	www.google.co.jp
Address: 172.217.31.131

0
pod "dnstest" deleted

NodeからDNS確認

Nodeからはdebugコマンドで確認

% kubectl debug node/10.244.128.26 -it --image=alpine
Creating debugging pod node-debugger-10.244.128.26-9p9x5 with container debugger on node 10.244.128.26.
Warning: metadata.name: this is used in the Pod's hostname, which can result in surprising behavior; a DNS label is recommended: [must not contain dots]
If you don't see a command prompt, try pressing enter.
/ # nslookup www.google.co.jp
Server:		161.26.0.7
Address:	161.26.0.7:53

Non-authoritative answer:
Name:	www.google.co.jp
Address: 142.250.198.3

Non-authoritative answer:
Name:	www.google.co.jp
Address: 2404:6800:4004:825::2003

DNSクエリログの確認

"www.google.co.jp"へのDNSクエリログが記録される

% kubectl logs coredns-8484d57987-chphx -n kube-system
.:53
[INFO] plugin/reload: Running configuration SHA512 = bc43afc3db71c79fe7847d695e5d8f371c48384a72631b461a9966feea1ed899ac42f08f1889d76eb227ec26b9e83a9f53abb90a573ce1a8fb8f61b09692af70
CoreDNS-1.11.1
linux/amd64, go1.20.7, ae2bbc2
[INFO] 127.0.0.1:43470 - 40327 "HINFO IN 1690116050934827174.8928843498543836381. udp 57 false 512" NXDOMAIN qr,rd,ra 132 0.014535846s
[INFO] Reloading
[INFO] plugin/reload: Running configuration SHA512 = d9b5a41ca755541ae5b1b33f9bb633463ae7f28531f1d2ebcba90637c5096d87a6141ec3e4ab900fcac5df21f009cf40f02d1966297552521ce36753cb5b6a1b
[INFO] Reloading complete
[INFO] 172.17.49.92:49664 - 62115 "AAAA IN www.google.co.jp. udp 34 false 512" NOERROR qr,rd,ra 78 0.004490529s
[INFO] 172.17.49.92:49664 - 43436 "A IN www.google.co.jp. udp 34 false 512" NOERROR qr,rd,ra 66 0.052811139s