All Products
Search

This Product

    Container Service for Kubernetes:Configure NodeLocal DNSCache for a hybrid cloud node pool

    Document Center

    Container Service for Kubernetes:Configure NodeLocal DNSCache for a hybrid cloud node pool

    Last Updated:Mar 26, 2026

    When nodes in a hybrid cloud node pool resolve domain names through the in-cluster CoreDNS service, frequent queries increase traffic on your leased line. An unstable leased line can also cause DNS resolution failures. NodeLocal DNSCache addresses both problems by caching DNS responses locally on each node.

    How it works

    NodeLocal DNSCache runs a DNS caching agent as a DaemonSet on each node. DNS requests from Pods on a node are handled by the local cache first. Only on a cache miss is the request forwarded over the leased line to the upstream CoreDNS service running in the cloud.

    This architecture provides two main benefits:

    • Reduced leased line traffic: Most DNS queries are resolved locally, keeping cross-cloud traffic low.

    • Improved resiliency: If the leased line goes down, Pods can still resolve domain names that are already in the local cache.

    image

    Limitations

    ScenarioImpact
    First-time resolution of a domain nameNodeLocal DNSCache must query the upstream CoreDNS server. If the leased line is unstable at that moment, DNS resolution fails.
    Leased line outageCached entries cannot be refreshed in real time. Only already-cached domain names remain resolvable.

    Prerequisites

    Before you begin, ensure that you have:

    • An ACK managed Pro cluster running Kubernetes 1.33 or later

    • A virtual private cloud (VPC) with cross-cloud network connectivity established

    • At least three Elastic Compute Service (ECS) nodes in the cluster to deploy ACK management add-ons and ensure high availability (HA)

    • The Terway Hybrid network plugin installed in the cluster

    Install and configure NodeLocal DNSCache

    Install the add-on

    1. Log on to the ACK console. In the left navigation pane, click Clusters.

    2. On the Clusters page, click the name of the target cluster. In the left-side pane, choose Operations > Add-ons.

    3. On the Networking tab, find the ACK NodeLocal DNSCache card and click Install. In the dialog box, click OK.

    Configure cache prefetching and stale serving

    After installation, update the node-local-dns ConfigMap in the kube-system namespace to enable two cache behaviors that improve DNS stability over an unstable leased line.

    Important

    If you upgrade the NodeLocal DNSCache add-on in the future, this configuration is overwritten and must be re-applied.

    1. In the left navigation pane, choose Configurations > ConfigMaps and select the kube-system namespace from the drop-down list.

    2. Find and edit the node-local-dns ConfigMap. Add the prefetch and serve_stale options to the cache section:

      apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        cache {
          ...
          prefetch 1 30s 10% # Enable cache prefetching
          serve_stale 1h immediate # Serve stale entries on cache miss
        }

        ...
    }
kind: ConfigMap
metadata:
...

      prefetch 1 30s 10%

      Enables background cache refresh for frequently requested entries. If an entry is requested more than once within 30 seconds, the cache refreshes it in the background when the remaining TTL drops below 10%.

      serve_stale 1h immediate

      Controls how the cache handles expired entries. For up to 1 hour after an entry expires, the cache returns the expired entry immediately while sending a refresh request to the upstream DNS server in the background. This is the immediate refresh mode.