Run Your Own DNS Server with Flycast

“What? Why would I want to do that?”

Good question! Lots of you probably don’t, but for building a platform on fly it offers some powerful primitives. Here’s an example:

Once upon a time your friendly neighborhood public cloud was working on a managed kubernetes service. The way that it works is the API and CoreDNS servers live in a Fly.io managed org, and we expose it to users and their “pods” via a flycast IP address. But hark! There is an issue! Flycast works by sending traffic via the proxy, which does not support UDP, and UDP is the main way DNS works! Enter one of my favorite engineering strategies: fake it 'till you make it.

Introducing DNS_PROXY_CONFIG

If you set that env var to the base64 of some JSON like

{
  "forward_rules": {
    ".cluster-domain.example.": "the-ip-of-the-coredns-flycast:53"
  }
}

then magically, your machine will have a DNS server listening on [::]:53 which

  1. intercepts DNS queries for domains ending in .cluster-domain.example and forwards the requests to the-ip-of-the-coredns-flycast:53
  2. If the DNS query comes in via UDP we transparently turn it into TCP
  3. Otherwise we proxy the queries to the default resolver
  4. That’s it!

This is a small feature for a pretty specific use case, but if it’s helpful for us, I’m sure it’s helpful for some of you too!

13 Likes

This is now a real machine config option in the config of your machine:

"dns": {
        "dns_forward_rules": [
          {
            "basename": ".cluster-domain.example.",
            "addr": "the-ip-of-the-coredns-flycast:53"
          }
        ],
}
2 Likes