Ah, I had actually looked at having cluster CoreDNS forward queries - I had wanted to do it like you suggest (point 1 of my original post), where k8s CoreDNS would first try to resolve netmaker server's DNS (let's say it's 10.11.12.254) and then if that fails to resolve the k8's coredns would attempt go out to somewhere like 8.8.8.8. I don't think you can actually do that though, CoreDNS lets you specify multiple "upstreamNameservers" but you can't tell it that you want to resolve and fallback like that (https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/). If you give it two nameservers it just picks one at random (the default for forward plugin https://coredns.io/plugins/forward/). I guess I could actually modify the corefile running on kube-dns and set that forward default to "sequential" to get the behavior I want, but I use managed DOKS and i'm not sure if DO will come back and overwrite that with some cron job. Your suggestion of sending everything through netmaker first would also work though - basically all upstream DNS going outbound from k8s coredns is routed through netmaker server first, and then that netmaker server in its own conf passes it on to someplace like 8.8.8.8 if it can't resolve it. The downside obviously is that I have to send all of my external dns lookups through an extra hop