You can configure your core-dns kubectl -n kube-system edit configmap corednsand add to end of corefile:

. {    forward . tls://1.1.1.1 tls://1.0.0.1 {       tls_servername cloudflare-dns.com       health_check 5s    }    cache 30}

and than save new configuration and restart core-dns pods.

kubectl get pod -n kube-system | grep core-dns | cut -d " " -f1 - | xargs -n1 -P 10 kubectl delete pod -n kube-system

Azure AKS Only Answer

This is copied straight from Azure AKS releases.

With kube-dns, there was an undocumented feature where it supported two config maps allowing users to perform DNS overrides/stub domains, and other customizations. With the conversion to CoreDNS, this functionality was lost - CoreDNS only supports a single config map. With the hotfix above, AKS now has a work around to meet the same level of customization. Here is the equivalent ConfigMap for CoreDNS:

apiVersion: v1kind: ConfigMapmetadata:  name: coredns-custom  namespace: kube-systemdata:  azurestack.server: |    azurestack.local:53 {        forward . tls://1.1.1.1 tls://1.0.0.1 {          tls_servername cloudflare-dns.com          health_check 5s        }        cache 30    }

After create the config map, you will need to delete the CoreDNS deployment to force-load the new config.

kubectl -n kube-system delete po -l k8s-app=kube-dns