I pieced this technique together a while back and created a gist for it. I’m creating this post as a pointer to that gist so I have something that’s a bit easier to reference and refer others to.
And i want to test out the hugo shortcode for embedding a gist 😏.
The really short version:
- Create a dedicated interface that can only be accessed from the local system
- Bind the consul-agent’s DNS service to this local only interface
systemd-resolvedthat all hostnames with the
.consulTLD can be resolved via a DNS server on this local interface
No need to disable
resolved and replace it with dnsmasq 😄