All Products
Search

This Product

    Container Service for Kubernetes:Performance of managed CoreDNS

    Document Center

    Container Service for Kubernetes:Performance of managed CoreDNS

    Last Updated:Aug 26, 2025

    managed clusters in intelligent hosting mode and support the managed CoreDNS component. This topic describes the performance metrics of this component.

    QPS performance

    Important

    • The performance of managed CoreDNS is affected by factors such as the number of services and pods in the cluster, cache size configuration, and cache Time to Live (TTL). The following information is for reference only. By default, managed CoreDNS is deployed with two replicas and automatically scales based on the load.

    • The following information applies only to scenarios where the total number of services and pods in the cluster does not exceed 50,000.

    Resolving in-cluster domain names

    When resolving in-cluster domain names, a single replica can provide 5,000 queries per second (QPS). The two default replicas can provide 10,000 QPS.

    Resolving out-of-cluster domain names

    When resolving out-of-cluster domain names, CoreDNS performance is limited by external DNS services.

    Internal domain names in a VPC (hosted by PrivateZone)

    The default upstream DNS service for CoreDNS is PrivateZone for internal DNS resolution. The service addresses are 100.100.2.136 and 100.100.2.138. For internal domain names, the two default replicas of managed CoreDNS can provide 8,000 QPS.

    You can add frequently accessed domain names to the cache to increase their resolution speed in PrivateZone.

    The limits of PrivateZone also affect the maximum performance of CoreDNS. These limits include the following:

    • The DNS resolution request threshold for each IP address in a VPC is 5,000 QPS. If the number of requests exceeds this threshold, throttling may occur.

    • The external recursive resolution request threshold for each IP address in a VPC is 600 QPS. If the number of requests exceeds this threshold, throttling may occur.

    • All ECS instances in a VPC can send up to 5,000 recursive DNS requests to the Internet per second. If the upper limit is exceeded, throttling may be triggered.

    Internet domain names

    Performance for resolving Internet domain names depends on the public DNS service that you use. This performance is also subject to the limits of PrivateZone.

    You can add frequently accessed or critical domain names to the cache. This increases the resolution speed for Internet domain names in PrivateZone and ensures that cached results are returned if the authoritative DNS service fails.

    References

    You can use a DNS cache component to improve DNS performance. For more information, see Use the NodeLocal DNSCache component.