Setting Up And Managing FQDNs

What is an FQDN?

A Fully Qualified Domain Name (FQDN) is the complete domain name that uniquely identifies a resource (like a server or website) on the internet. It includes both the hostname and all necessary domain levels, making it a full address that can be used to route requests accurately.

For example:

• FQDN: www.example.com
  • Host: www
  • Domain: example.com

The FQDN ensures that each internet request is directed to the right destination by specifying the exact path in a domain’s hierarchy. This prevents routing errors, which could otherwise occur in larger networks.

Configure CoreDNS for Access

Editing the CoreDNS ConfigMap

The CoreDNS configuration is stored in a ConfigMap within the kube-system namespace. To edit it, run:

kubectl edit configmap coredns -n kube-system

This command opens the CoreDNS Corefile in your default editor for modification.

Original Corefile

.:53 {
    errors
    health {
      lameduck 5s
    }
    ready
    log . {
      class error
    }
    kubernetes cluster.local in-addr.arpa ip6.arpa {
      pods insecure
      fallthrough in-addr.arpa ip6.arpa
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}

Required Modifications

1. Add the header Plugin

Insert the following snippet at the beginning of the Corefile:

header {
    response set ra
}

2. Add the hosts Plugin

Insert the snippet below above the forward . /etc/resolv.conf line:

hosts {
    192.168.1.201 idhub.sath.com
    fallthrough
}

Note: Replace 192.168.1.201 with your server's actual local IP address (determine it using the ip a command).

Final Corefile

.:53 {
    header {
      response set ra
    }
    errors
    health {
      lameduck 5s
    }
    ready## Configure FQDN
    log . {
      class error
    }
    kubernetes cluster.local in-addr.arpa ip6.arpa {
      pods insecure
      fallthrough in-addr.arpa ip6.arpa
    }
    prometheus :9153
    hosts {
      192.168.1.201 idhub.sath.com
      fallthrough
    }
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}

Restarting CoreDNS

After updating the Corefile, restart the CoreDNS pod to apply the changes:

kubectl delete pod -n kube-system -l k8s-app=kube-dns

Verify that the CoreDNS pod has restarted successfully:

kubectl get pods -n kube-system | grep coredns

Mapping Local IP to DNS

Map the server's local IP to your DNS for proper resolution:

• Linux/macOS:
  Add the following entry to /etc/hosts:

  echo "192.168.1.201 idhub.sath.com" | sudo tee -a /etc/hosts

• Windows:
  Edit C:\Windows\System32\drivers\etc\hosts with administrative privileges and add:

  192.168.1.201 idhub.sath.com

Verifying the Configuration

Validate DNS resolution by running:

nslookup idhub.sath.com

The output should resolve to 192.168.1.201.

Configure FQDN With Cloudflare

You can setup your FQDN with your DNS provider. Below, we have provided the detailed steps for setting up an FQDN with CloudFare.

note

If you don’t have a Cloudflare account, you can sign up for a trial to follow along.

Sign Up For a Cloudflare Account

1. Go to Cloudflare’s signup page.
2. Enter your email address and create a secure password.
3. Follow the instructions to confirm your account.

tip

A strong password is essential as your DNS configuration impacts the security of your domain.

Add Your Domain to Cloudflare

1. In the Cloudflare dashboard, click Add a Site.
2. Enter the domain you want to manage (e.g., example.com).
3. Cloudflare will scan for existing DNS records. Review these records to ensure they’re correct, as any mismatches may lead to misconfigured routing.

Configure DNS Records

DNS records define where and how traffic should reach your server. The following are the main record types you’ll typically configure:

• A Record: Maps your FQDN to a specific IPv4 address (e.g., 93.184.216.34).
  • Example: An A record for www.example.com pointing to 93.184.216.34 would direct requests to that IP.
• CNAME Record: Points your FQDN to another domain, serving as an alias.
  • Example: A CNAME record pointing blog.example.com to www.example.com allows requests for the blog to resolve to the same IP as www.example.com.
• MX Record: Used for routing email to your domain’s mail server.
  • Example: An MX record pointing example.com to mail.example.com.
• TXT Record: Used for domain ownership verification, security policies (like SPF and DKIM for email security), and other text-based information.
  • Example: A TXT record with SPF data to authorize email senders.

Adding a DNS Record in Cloudflare

1. In the DNS section of your Cloudflare dashboard, click Add Record.
2. Select the record type (e.g., A, CNAME).
3. Enter the name (hostname or subdomain) and content (target IP or domain).
4. Set the TTL (Time to Live) as needed (default values typically work well).
5. Click Save to apply the record.

info

Refer to Creating And Managing DNS records in Cloudfare for detailed instructions.

Enable Required Settings in Cloudflare for FQDN to Work

To ensure your FQDN functions securely and efficiently, configure SSL/TLS settings, caching, and WAF custom rules in Cloudflare.

1. SSL/TLS Configuration: SSL/TLS certificates help encrypt communication between your visitors and your server, protecting data in transit. Cloudflare provides several SSL options:
   • Flexible SSL: Encrypts traffic between Cloudflare and your visitors, but not between Cloudflare and your server.
   • Full SSL: Encrypts traffic between both Cloudflare and your visitors, and Cloudflare and your server. Your server must have an SSL certificate, which can be self-signed.
   • Full (Strict) SSL: Encrypts traffic similarly to Full SSL, but requires a valid SSL certificate on your server signed by a trusted certificate authority.

info

Refer to Configuring SSL/TLS Settings for detailed instructions.

2. Caching Settings: Caching improves load times and reduces server requests by storing copies of static resources, like images, JavaScript, and CSS files. Cloudflare’s caching options allow you to configure how long resources are cached and how aggressively caching is applied.
   • Enable Caching: Go to the Caching section in Cloudflare, where you can set the Time to Live (TTL) for specific resources.
   • Purge Cache: If you make updates to your site, you may need to purge cached files to ensure users receive the latest content.

info

Refer to Cloudflare Caching Overview for detailed instructions.

3. Web Application Firewall (WAF) Custom Rules: Cloudflare’s Web Application Firewall (WAF) custom rules allow you to secure your domain by filtering out malicious traffic. Custom WAF rules offer flexible, highly configurable protection for specific security needs, and they replace the previous Firewall rules functionality.
   • Creating WAF Custom Rules: In the Security section of your Cloudflare dashboard, go to WAF and select Custom Rules.
   • Configure Rules Based on Traffic Patterns: Set rules to block or allow specific IP addresses, user agents, or request methods to prevent unauthorized access or mitigate common security risks.
   • Set Rule Actions: Choose actions like Block, Challenge, or Log based on the behavior you want for each custom rule.

info

Refer to Using WAF Custom Rules in Cloudflare for detailed instructions.

Load Balancing and Failover

FQDNs play a vital role in load balancing and failover, ensuring that requests are distributed across multiple servers or rerouted in case of server failure.

• Load Balancing: Configures traffic distribution across multiple servers, helping reduce load on any single server and improve site responsiveness.
• Failover: If one server becomes unavailable, requests are redirected to a secondary server. This improves uptime and reliability.

Cloudflare’s Load Balancer improves reliability and performance by distributing traffic across multiple servers and providing automatic failover if one server becomes unavailable. This setup ensures that your FQDN remains accessible, even if one of your servers goes down.

info

Refer to Cloudfare Load Balancer for detailed instructions.

Troubleshooting and Best Practices

1. DNS Propagation Delays: DNS changes may take up to 24 hours to propagate across global DNS servers. Use a tool like DNS Checker to verify propagation.
2. Incorrect IP Mapping: Verify that the IP address in your A record is correct.
3. SSL Certificate Errors: Ensure SSL is properly configured in Cloudflare and on your server. Check that your server has an active SSL certificate if using Full or Full (Strict) SSL mode.
4. Periodically Review DNS Records: Remove any outdated records to improve security.
5. Implement Security Measures: Set up DNSSEC (Domain Name System Security Extensions) for added protection.
6. Document Changes: Keep a log of any updates or configuration changes for troubleshooting.