Community Blog The Service Discovery Principle of DNS in Kubernetes Clusters

The Service Discovery Principle of DNS in Kubernetes Clusters

This article describes how DNS service discovery works in Kubernetes clusters.

By Boli


  1. Create a Kubernetes cluster through Alibaba Cloud Container Service for Kubernetes (ACK). Please refer to the following guide for more information: https://www.alibabacloud.com/help/doc-detail/95108.htm
  2. Connect the Kubernetes clusters through kubectl

DNS Service in Clusters

A set of DNS services is deployed in the Kubernetes clusters and exposed because of the kube-dns service name. Run the following command to check the kube-dns service details:

kubectl get SVC kube-dns -n kube-system

The output results:

NAME       TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   <none>        53/UDP,53/TCP,9153/TCP   27d

The service backend contains two Pods named coredns. The resolution principle of CoreDNS will be explained later. Run the following command to check the Pod details:

kubectl get deployment coredns -n kube- system

The output results:

coredns   2/2     2            2           27d

The Principle of Domain Name Resolution in Clusters

The kubelet on Kubernetes cluster nodes contains, --cluster-dns=${dns-service-ip} and --cluster-domain=${default-local-domain}. These two DNS-related parameters are used to set the IP address and primary domain suffix of the cluster DNS server.

Check the DNS configuration file, /etc/resolv.conf, of the Pod in dnsPolicy:ClusterFirst mode under the default cluster namespace. The dnsPolicy will be introduced later:

search default.svc.cluster.local SVC.cluster.local cluster.local
options ndots :5

Parameter descriptions:

  1. nameserver: It defines the IP address of the DNS server.
  2. search: It sets the rules for finding the suffixes of domain names; more suffixes result in more matching queries for DNS. The cluster matches up with three suffixes, namely default.svc.cluster.local, svc.cluster.local, and cluster.local. A maximum of eight queries, four each for IPV4 and IPV6, is performed to obtain the correct resolution result.
  3. option: It defines the configuration file option of DNS and supports multiple KV values. For example, if the parameter is configured as ndots:5 and its dots in the domain name string is more than 5, it is regarded to have a full domain name and is resolved directly. If it is less than 5, the search suffix is appended before the parameter is resolved.

According to the above file configuration, try to resolve it in the Pod:

  1. For services in the same namespace, such as Kubernetes: Add the search domain once and send kubernetes.default.svc.cluster.local. One IPV4 domain name resolution request is sent to for resolution.
  2. For services in different namespaces, such as kube-dns.kue-system: Add the search domain twice and send kube-dns.kue-system.default.svc.cluster.local. and kube-dns.kue-system.svc.cluster.local. Two IPV4 domain name resolution requests are sent to for the correct resolution result.
  3. For external services, such as aliyun.com: Add search domain three times and send aliyun.com.default.svc.cluster.local., aliyun.com.svc.cluster.local., aliyun.com.cluster.local., and aliyun.com. Four IPV4 domain name resolution requests are sent to for the correct resolution result.

Pod dnsPolicy

In the Kubernetes cluster, it’s supported to configure different DNS policies for each Pod through the dnsPolicy field. Four policies are currently available:

  1. ClusterFirst: Domain name is resolved by cluster DNS services. The DNS service address configured in the Pod /etc/resolv.conf file is the kube-DNS address of the cluster DNS service. This is the default DNS policy for cluster workloads.
  2. None: Cluster DNS policy is ignored. The dnsConfig field is required to specify the DNS configuration information.
  3. Default: POD directly inherits DNS configuration of cluster nodes. The /etc/resolv.conf file is directly used of nodes in the cluster.
  4. ClusterFirstWithHostNetwork: The ClusterFirst policy is enforced in hostNetWork mode. The Default policy is used by default.


CoreDNS is a standard service discovery component of Kubernetes.

  • A Pod in dnsPolicy: ClusterFirst mode uses CoreDNS to resolve the internal and external domain names of clusters.

In the kube-system namespace, the cluster has a configmap named coredns. The file configuration information of its Conrefile filed is listed below. CoreDNS provides services based on the Corefile plug-ins.

  Corefile: |
    .:53 {
        health {
           lameduck 5s
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          fallthrough in-addr.arpa ip6.arpa
          ttl 30
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30

Plug-in descriptions:

  1. errors: It outputs error information to the standard output.
  2. health: It generates the health check report of CoreDNS. The default listening port is 8080 for the health check. Please visit http://localhost:8080/health to view the report.
  3. ready: It generates the plug-in status report of CoreDNS. The default listening port is 8181 for readability check. Please visit http://localhost:8181/ready to view the readability. When all plug-ins are in the running state, the ready status is 200.
  4. Kubernetes: The CoreDNS Kubernetes plug-ins provide service resolution inside the clusters.
  5. prometheus: It is the metrics API of CoreDNS. Please visit http://localhost:9153/metrics to view the monitoring data in prometheus format.
  6. forward (or proxy): It forwards a domain name query request to a predefined DNS server. By default, when domain names are not within Kubernetes fields, queries are forwarded to the predefined resolver (/etc/resolv.conf). The default configuration is using the /etc/resolv.conf file on the host.
  7. cache: DNS cache
  8. loop: Loop detection – If a loop is detected, CoreDNS is suspended.
  9. reload: It allows automatic reloads of a changed Corefile. After the ConfigMap configuration, wait two minutes for the changes to take effect.
  10. loadbalance: It is a cyclic DNS load balancer that randomly records the order of A, AAAA, and MX records.
0 1 1
Share on

Alibaba Container Service

114 posts | 26 followers

You may also like


Alibaba Container Service

114 posts | 26 followers

Related Products

  • Function Compute

    Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.

    Learn More
  • Elastic High Performance Computing Solution

    High Performance Computing (HPC) and AI technology helps scientific research institutions to perform viral gene sequencing, conduct new drug research and development, and shorten the research and development cycle.

    Learn More
  • Quick Starts

    Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.

    Learn More
  • Super Computing Cluster

    Super Computing Service provides ultimate computing performance and parallel computing cluster services for high-performance computing through high-speed RDMA network and heterogeneous accelerators such as GPU.

    Learn More