Configure conditional forwarding in coredns - Tanzu Kubernetes Clusters

So how do you conditionally forward dns requests from pods that are running in your Tanzu Kubernetes Clusters to specific DNS Servers?

1. Begin by editing the coredns configMap kubectl -n kube-system edit configmap coredns

root@debian:~# k -n kube-system edit configmap coredns
configmap/coredns edited

2. Add the following section to the coredns configmap. Replace domain-name and dns-server-ip with the domain name and dns server ip you want to conditionally forward to.
   domain-name:53 {
errors
cache 30
forward . dns-server-ip
reload
}

Example: I’m adding a conditional forward rule for my local domain gs.labs. The DNS Server IP is 172.16.1.254

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf {
           max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
    gs.labs:53 {
        errors
        cache 30
        forward . 172.16.1.254
        reload
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2021-11-01T10:46:49Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "3099717"
  uid: e04de79a-d49d

root@debian:~# kubectl -n kube-system edit configmap coredns
configmap/coredns edited

3. Restart the coredns deployment. The changes done to the configMap will not apply until the coredns pods are restarted.

root@debian:~# kubectl -n kube-system rollout restart deployment coredns
deployment.apps/coredns restarted

4. Test DNS name resolution using a test pod.

• Deploy a test pod

root@debian:~# kubectl run busybox --restart=Never --image=busybox:1.28 -- sleep 3600
pod/busybox created

• Test name resolution from within the test pod

root@debian:~# kubectl exec busybox -- nslookup vcenter.gs.labs
Server:    192.1.0.10
Address 1: 192.1.0.10 kube-dns.kube-system.svc.cluster.local

Name:      vcenter.gs.labs
Address 1: 172.16.1.20 vcenter.gs.labs

For information on configuring custom DNS records refer VMware KB 85658