# coredns增加全局解析

#### 设置域名不解析

我们经常使用FQDN设置完整主机名，导致k8s会将容器的搜索域会增加一个域，k8s进行自动后缀增加后匹配

`cat /etc/resolv.conf `


[![](https://iovhm.com/book/uploads/images/gallery/2025-09/scaled-1680-/26zhmTVtzGMZDhr8-image-1759026991625.png)](https://iovhm.com/book/uploads/images/gallery/2025-09/26zhmTVtzGMZDhr8-image-1759026991625.png)


然后有人刚好（恶意）注册了这个域名，且做了泛解析。就导致服务内部解析错误。需要修改coredns对这个域不做解析

#####  方法一

将主机的搜索域干掉

[![](https://iovhm.com/book/uploads/images/gallery/2025-11/scaled-1680-/obpo7hpwfuSGErRP-image-1763008726167.png)](https://iovhm.com/book/uploads/images/gallery/2025-11/obpo7hpwfuSGErRP-image-1763008726167.png)


#####  方法二



[![](https://iovhm.com/book/uploads/images/gallery/2025-11/scaled-1680-/zU5B3D5NqeZPSkii-image-1763042964991.png)](https://iovhm.com/book/uploads/images/gallery/2025-11/zU5B3D5NqeZPSkii-image-1763042964991.png)


```yaml

vpclub.io {
    template ANY A {
        match ^nfs-share\.vpclub\.io\.$
        answer "nfs-share.vpclub.io. 60 IN A 192.168.0.10"
    }
    template ANY ANY {
        match .*
        rcode NXDOMAIN
    }
}

```

#### 设置全局解析

有时候因为网络设置原因不允许回路，需要对一些域名进行全局解析到内网地址。



```
# kubectl edit cm coredns -n kube-system

    hosts {
      172.16.2.250 minio.wvpark.com
      fallthrough
    }

```


[![](https://iovhm.com/book/uploads/images/gallery/2024-03/scaled-1680-/cSulHY9oBN96Xwlf-image-1710726745822.png)](https://iovhm.com/book/uploads/images/gallery/2024-03/cSulHY9oBN96Xwlf-image-1710726745822.png)