Nodelocal DNS Cache setup

General Discussions
1

Hello,

We are using EKS version 1.23. Following on the current documentation to setup NodelocalDNS cache using latest stable image, it states that from version 1.16 there is no need to update the kubelet args in order to overwrite the ClusterDNS IP with the local one. Also, it was introduced in the configmap for bindings 2 IP addresses: local ip and cluster DNS IP.
On our tests the local IP that we setup was and will never be interrogated for name resolution as there is no known configuration on our apps to point to it. For our point of view this seems redundant. What we did was to leave as binding in configmap only the cluster DNS IP.
Question: What is the necessity of the local IP if is not going to be called? Is it wrong having only the cluster DNS IP as a bind? We also setup the health check on the cluster DNS IP

Thank you for your answers!

Cluster information:

Kubernetes version: EKS 1.23
Cloud being used: public cloud

in-addr.arpa:53 {
    errors
    cache 30
    reload
    loop
    bind 172.20.0.10
    forward . 172.20.130.130 {
            force_tcp
    }
    prometheus :9253
    }
ip6.arpa:53 {
    errors
    cache 30
    reload
    loop
    bind 172.20.0.10
    forward . 172.20.130.130 {
            force_tcp
    }
    prometheus :9253
    }
.:53 {
    errors
    cache 30
    reload
    loop
    bind 172.20.0.10
    forward . /etc/resolv.conf
    prometheus :9253
    }

    spec:
      containers:
        - args:
            - '-localip'
            - 172.20.0.10
            - '-conf'
            - /etc/Corefile
            - '-upstreamsvc'
            - kube-dns-upstream
          image: 'registry.k8s.io/dns/k8s-dns-node-cache:1.22.20'
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 3
            httpGet:
              host: 172.20.0.10
              path: /health
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 60
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 5
          name: nodelocaldns
          ports:
            - containerPort: 53
              hostPort: 53
              name: dns
              protocol: UDP
            - containerPort: 53
              hostPort: 53
              name: dns-tcp
              protocol: TCP
          resources:
            requests:
              cpu: 25m
              memory: 5Mi
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
            - mountPath: /run/xtables.lock
              name: xtables-lock
            - mountPath: /etc/coredns
              name: config-volume
            - mountPath: /etc/kube-dns
              name: kube-dns-config
      dnsPolicy: Default
      hostNetwork: true
      priorityClassName: first
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: nodelocaldns
      serviceAccountName: nodelocaldns
      terminationGracePeriodSeconds: 30