How can I protect myself against DNS spoofing attacks in a Kubernetes cluster?
For example. A customer creates a project on a node with a namespace called “com” and a service called “google”
As far as I have tested this, every DNS request within the cluster to google.com should go to the namespace mentioned above. That would be fatal.
Is there a central place where I can specify that the internal DNS (CoreDNS) is only used for internal DNS queries? The external DNS lookups should always be forwarded to the upstream DNS server.
Is there a policy or a config for this that can be used to get the problem under control?