Kubernetes' Default CoreDNS Configuration Is *Insecure

Kubernetes' default CoreDNS configuration does not enforce TLS for DNS queries between pods and the DNS service, making it vulnerable to on-path attacks. The standard setup uses plain UDP for DNS resolution, which lacks encryption and authentication, potentially exposing traffic to interception or spoofing within the cluster.