DoT not working anymore

[vlaborie]

Hello,

I use RKE2 Kubernetes clusters with a custom CoreDNS config using upstream server with DNS over TLS (DoT):

forward . tls://1.1.1.1:853 tls://1.0.0.1:853

I try to update my RKE2 clusters from version 1.25.16+rke2r2 which package docker.io/rancher/hardened-coredns version v1.10.1-build20230607 to a more recent version which package version v1.11.1-build20240123 but i got TLS resolution errors in CoreDNS logs:

[ERROR] plugin/errors: 2 github.io. AAAA: tls: failed to verify certificate: x509: certificate signed by unknown authority

I believe this issues is related to #33, i think scratch image do not contain CA certificates.

Could you please include CA certificates in the docker image ?

Thank's,

[manuelbuil]

Thanks for the report! Yes, you are right, moving to scratch was not a good idea for coredns. I'll prepare a new image