[ci skip] Fix .viktorbarzin.lan.viktorbarzin.lan duplicate DNS queries

Add CoreDNS catch-all block for viktorbarzin.lan.viktorbarzin.lan to return NXDOMAIN immediately, preventing search domain expansion junk queries from reaching Technitium. Add trailing dots to Prometheus scrape targets (idrac, ups, ha-sofia) to bypass ndots expansion.
2026-02-16 21:38:38 +00:00 · 2026-02-16 21:38:38 +00:00 · f06b3ac0e4
commit f06b3ac0e4
parent 800b5db3b3
2 changed files with 119 additions and 61 deletions
--- a/modules/kubernetes/technitium/main.tf
+++ b/modules/kubernetes/technitium/main.tf
@ -20,8 +20,9 @@ module "tls_secret" {

 # CoreDNS Corefile - manages cluster DNS resolution
 # The viktorbarzin.lan block forwards to Technitium via LoadBalancer.
-# The cluster.local.viktorbarzin.lan block short-circuits junk queries caused by
-# ndots:5 search domain expansion (e.g. redis.redis.svc.cluster.local.viktorbarzin.lan)
+# The cluster.local.viktorbarzin.lan and viktorbarzin.lan.viktorbarzin.lan blocks
+# short-circuit junk queries caused by ndots:5 search domain expansion
+# (e.g. redis.redis.svc.cluster.local.viktorbarzin.lan, idrac.viktorbarzin.lan.viktorbarzin.lan)
 # which would otherwise flood Technitium with NxDomain queries.
 resource "kubernetes_config_map" "coredns" {
  metadata {
@ -64,6 +65,15 @@ resource "kubernetes_config_map" "coredns" {
          denial 10000 3600
        }
      }
+      viktorbarzin.lan.viktorbarzin.lan:53 {
+        errors
+        template ANY ANY {
+          rcode NXDOMAIN
+        }
+        cache {
+          denial 10000 3600
+        }
+      }
      viktorbarzin.lan:53 {
        #log
        errors