From af6574a00690a087715a39813f45154ffb607686 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sun, 19 Apr 2026 15:18:43 +0000
Subject: [PATCH] =?UTF-8?q?[dns]=20Fix=20CoreDNS=20serve=5Fstale=20syntax?=
 =?UTF-8?q?=20=E2=80=94=2024h=20TTL,=20no=20refresh-mode=20arg?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CoreDNS refused to load the new Corefile with `serve_stale 3600s 86400s`:

  plugin/cache: invalid value for serve_stale refresh mode: 86400s

serve_stale takes one DURATION and an optional refresh_mode keyword
("immediate" or "verify"), not two durations. Simplified to
`serve_stale 86400s` (serve cached entries for up to 24h when upstream
is unreachable). The new CoreDNS pods were CrashLoopBackOff; the two
old pods kept serving traffic so there was no outage, but the partial
apply left the cluster wedged with the bad ConfigMap.

Also collapses the inline viktorbarzin.lan cache block.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 docs/architecture/dns.md                     | 4 ++--
 stacks/technitium/modules/technitium/main.tf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/architecture/dns.md b/docs/architecture/dns.md
index f73a8997..d0491ca0 100644
--- a/docs/architecture/dns.md
+++ b/docs/architecture/dns.md
@@ -269,7 +269,7 @@ CoreDNS is managed via Terraform in `stacks/technitium/modules/technitium/` —
   cache {
     success 10000 300 6
     denial 10000 300 60
-    serve_stale 3600s 86400s                        # resilience during upstream outage
+    serve_stale 86400s                        # resilience during upstream outage
   }
   loop / reload / loadbalance
 }
@@ -280,7 +280,7 @@ viktorbarzin.lan:53 {
     health_check 5s
     max_fails 2
   }
-  cache (success 10000 300, denial 10000 300, serve_stale 3600s 86400s)
+  cache (success 10000 300, denial 10000 300, serve_stale 86400s)
 }
 ```
 
diff --git a/stacks/technitium/modules/technitium/main.tf b/stacks/technitium/modules/technitium/main.tf
index 3ab61b68..7f5e4463 100644
--- a/stacks/technitium/modules/technitium/main.tf
+++ b/stacks/technitium/modules/technitium/main.tf
@@ -68,7 +68,7 @@ resource "kubernetes_config_map" "coredns" {
           cache {
             success 10000 300 6
             denial 10000 300 60
-            serve_stale 3600s 86400s
+            serve_stale 86400s
           }
           loop
           reload
@@ -89,7 +89,7 @@ resource "kubernetes_config_map" "coredns" {
         cache {
           success 10000 300 6
           denial 10000 300 60
-          serve_stale 3600s 86400s
+          serve_stale 86400s
         }
       }
     EOF