Starting from Kubernetes v1.6, kube-dns supports configuration for the custom dns zones (for example, .consul.local) with an external resolver, and for the external DNS servers for serving requests to the "other zones”.

To use this feature, two things should be configured properly:

1. Add the custom zones to kube-dns ConfigMap
2. Set the pod dnsPolicy to the ClusterFirst value
   (search for details in section "Pod’s DNS Policy" of the linked document)

With the dnsPolicy set to “ClusterFirst” a DNS query is first sent to the DNS caching layer in kube-dns. From here, the suffix of the request is examined and then forwarded to the appropriate DNS. In this case, names with the cluster suffix (e.g.; “.cluster.local”) are sent to kube-dns. Names with the stub domain suffix (e.g.; “.acme.local”) will be sent to the configured custom resolver. Finally, requests that do not match any of those suffixes will be forwarded to the upstream DNS.

Here is an example of adding custom map for zone .consul.local and custom upstream services.

apiVersion: v1
kind: ConfigMap
metadata:
  name: kube-dns
  namespace: kube-system
data:
  stubDomains: |
    {“consul.local”: [“10.150.0.1”]}
  upstreamNameservers: |
    ["8.8.8.8", "8.8.4.4"]

To apply this configuration, save it to file kube-dns-consul-stubdomain.yml and run the command (adjust the zone name and the server IP according to your needs):

kubectl create -f kube-dns-consul-stubdomain.yml

This is an example of pod configuration with dnsPolicy

apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    imagePullPolicy: IfNotPresent
    name: busybox
  restartPolicy: Always
  hostNetwork: true
  dnsPolicy: ClusterFirst

You can find these resources helpful to understand the details of Private DNS Zones feature:

• Kubernetes - Exposing External Services to Pods via Consul
• Customizing DNS Service
• consul-dns-for-kubernetes