diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index 9d172b8329e32883414b372c9422acef0fe8303b..50d9724cceed3696870c9d10d73358356f91cf0f 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -50,6 +50,12 @@ is not set, a default resolver is chosen (depending on cloud provider or 8.8.8.8
DNS servers to be added *after* the cluster DNS. Used by all ``resolvconf_mode`` modes. These serve as backup
DNS servers in early cluster deployment when no cluster DNS is available yet.
+### dns_upstream_forward_extra_opts
+
+Whether or not upstream DNS servers come from `upstream_dns_servers` variable or /etc/resolv.conf, related forward block in coredns (and nodelocaldns) configuration can take options (see <https://coredns.io/plugins/forward/> for details).
+These are configurable in inventory in as a dictionary in the `dns_upstream_forward_extra_opts` variable.
+By default, no other option than the ones hardcoded (see `roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2` and `roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2`).
+
### coredns_external_zones
Array of optional external zones to coredns forward queries to. It's injected into
diff --git a/docs/vars.md b/docs/vars.md
index f75ff0069e2aa8fd6fc809a9925c5e11145a3096..b3f26945d77ba9d7aab2b2a18d022ac86c14f40e 100644
--- a/docs/vars.md
+++ b/docs/vars.md
@@ -169,6 +169,7 @@ variables to match your requirements.
* *searchdomains* - Array of up to 4 search domains
* *remove_default_searchdomains* - Boolean. If enabled, `searchdomains` variable can hold 6 search domains.
* *dns_etchosts* - Content of hosts file for coredns and nodelocaldns
+* *dns_upstream_forward_extra_opts* - Options to add in the forward section of coredns/nodelocaldns related to upstream DNS servers
For more information, see [DNS
Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.md).
diff --git a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
index 016fe781187d71ece2aa8fb6552538180a887a82..8b89781636e25b8f29761613f2a490968fb1dea9 100644
--- a/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml
@@ -205,6 +205,9 @@ enable_coredns_k8s_external: false
coredns_k8s_external_zone: k8s_external.local
# Enable endpoint_pod_names option for kubernetes plugin
enable_coredns_k8s_endpoint_pod_names: false
+# Set forward options for upstream DNS servers in coredns (and nodelocaldns) config
+# dns_upstream_forward_extra_opts:
+# policy: sequential
# Can be docker_dns, host_resolvconf or none
resolvconf_mode: host_resolvconf
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 83b07080fc98ebb10f6655c628e7bebc687fdac1..66b767341f99667dc705f91670822b67286419a7 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -14,6 +14,10 @@ coredns_deployment_nodeselector: "kubernetes.io/os: linux"
coredns_default_zone_cache_block: |
cache 30
+# dns_upstream_forward_extra_opts apply to coredns forward section as well as nodelocaldns upstream target forward section
+# dns_upstream_forward_extra_opts:
+# policy: sequential
+
# nodelocaldns
nodelocaldns_cpu_requests: 100m
nodelocaldns_memory_limit: 200Mi
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
index 1ee1601d46ed67d2e8120ebf31b0695f871957e7..44eea93bcd6a12dbbebcbb5b9e57235f00895b7e 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@@ -46,17 +46,15 @@ data:
{% endif %}
}
prometheus :9153
-{% if upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}
- forward . {{ upstream_dns_servers|join(' ') }} {
+ forward . {{ upstream_dns_servers|join(' ') if upstream_dns_servers is defined and upstream_dns_servers|length > 0 else '/etc/resolv.conf' }} {
prefer_udp
max_concurrent 1000
- }
-{% else %}
- forward . /etc/resolv.conf {
- prefer_udp
- max_concurrent 1000
- }
+{% if dns_upstream_forward_extra_opts is defined %}
+{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
+ {{ optname }} {{ optvalue }}
+{% endfor %}
{% endif %}
+ }
{% if enable_coredns_k8s_external %}
k8s_external {{ coredns_k8s_external_zone }}
{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
index 9ea695c480b2ed1143440dca559d267a0643b094..231c8bac1600e2ac77e42875239a97ce03ce3905 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
@@ -80,7 +80,12 @@ data:
reload
loop
bind {{ nodelocaldns_ip }}
- forward . {{ upstreamForwardTarget }}
+ forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
+{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
+ {{ optname }} {{ optvalue }}
+{% endfor %}
+ }{% endif %}
+
prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_prometheus_port }}
{% if dns_etchosts | default(None) %}
hosts /etc/coredns/hosts {
@@ -157,7 +162,12 @@ data:
reload
loop
bind {{ nodelocaldns_ip }}
- forward . {{ upstreamForwardTarget }}
+ forward . {{ upstreamForwardTarget }}{% if dns_upstream_forward_extra_opts is defined %} {
+{% for optname, optvalue in dns_upstream_forward_extra_opts.items() %}
+ {{ optname }} {{ optvalue }}
+{% endfor %}
+ }{% endif %}
+
prometheus {% if nodelocaldns_bind_metrics_host_ip %}{$MY_HOST_IP}{% endif %}:{{ nodelocaldns_secondary_prometheus_port }}
{% if dns_etchosts | default(None) %}
hosts /etc/coredns/hosts {