Add new infra architecture 8

infrastructure/platform/networking/dns/unbound-helm/dev/values.yaml

@@ -33,4 +33,32 @@ probes:
   liveness:
     initialDelaySeconds: 30
     periodSeconds: 60
-    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"
+    command: "drill @127.0.0.1 -p 53 example.org || echo 'DNS query test'"
+
+# Custom Unbound forward records for Kubernetes DNS
+config:
+  enabled: true
+  # The mvance/unbound image includes forward-records.conf
+  # We need to add Kubernetes-specific forwarding zones
+  forwardRecords: |
+    # Forward all queries to Cloudflare with DNSSEC (catch-all)
+    forward-zone:
+        name: "."
+        forward-tls-upstream: yes
+        forward-addr: 1.1.1.1@853#cloudflare-dns.com
+        forward-addr: 1.0.0.1@853#cloudflare-dns.com
+
+  # Additional server config to mark cluster.local as insecure (no DNSSEC)
+  # and use stub zones for Kubernetes internal DNS (more reliable than forward)
+  serverConfig: |
+    domain-insecure: "cluster.local."
+    private-domain: "cluster.local."
+    local-zone: "10.in-addr.arpa." nodefault
+
+    stub-zone:
+        name: "cluster.local."
+        stub-addr: 10.96.0.10
+
+    stub-zone:
+        name: "10.in-addr.arpa."
+        stub-addr: 10.96.0.10