I'm trying to register a new cluster-wide hosted zone, called foo-bar.local which points to the existing dns server. I figured for the host names to be resolved, I would be able to rewrite myservice.namespace.foo-bar.local to myservice.namespace.cluster.svc.local it would be able to resolve it. So I modified the coredns-custom configmap like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns-custom
  namespace: kube-system
data:
  my.server: |
    foo-bar.local:53 {
        errors
        rewrite name suffix .foo-bar.local. .svc.cluster.local.
        forward . /etc/resolv.conf
        cache 30
    }

In this case I'd expect the rewrite rule to happen before the request is forwarded to resolv.conf. I applied the config and deleted the coredns pods and verified it got picked up on the new instances, but when I try to do a nslookup myservice.namespace.foo-bar.local from a pod I get a NXDOMAIN: Name does not resolve error. Am I missing something? The reason I'm trying to create an "alias" suffix is so I can request TLS certificates matching a specific domain instead of .svc.cluster.local. Any help would be appreciated.

P.S. this is an AKS cluster, which doesn't seem to support configuring CoreDNS other than via the configmaps.