Managed CoreDNS runs on ACK managed clusters and ACK Serverless clusters in intelligent hosting mode. This topic describes its query-per-second (QPS) performance under default configuration.
Performance figures depend on the number of Services and pods in the cluster, cache size, and TTL (Time to Live) configuration. The data below is for reference only and applies only when the total number of Services and pods does not exceed 50,000. By default, managed CoreDNS runs two replicas and scales automatically based on load.
QPS performance
The following table summarizes the default QPS capacity by domain name type.
| Domain name type | Default replicas | QPS |
|---|---|---|
| In-cluster | 2 | 10,000 |
| Internal VPC (PrivateZone) | 2 | 8,000 |
| Internet | 2 | Depends on the public DNS service used |
In-cluster domain names
Each replica resolves up to 5,000 QPS of in-cluster domain names. With the default two replicas, the total throughput is 10,000 QPS.
Out-of-cluster domain names
Out-of-cluster DNS resolution is bounded by the upstream DNS service, not by CoreDNS itself.
Internal VPC domain names (PrivateZone)
The default upstream DNS service is PrivateZone, reachable at 100.100.2.136 and 100.100.2.138. With the default two replicas, managed CoreDNS supports 8,000 QPS for internal VPC domain names.
PrivateZone enforces the following per-IP limits, which cap the effective throughput of CoreDNS:
| Limit | Threshold |
|---|---|
| DNS resolution requests per IP in a VPC | 5,000 QPS |
| External recursive resolution requests per IP in a VPC | 600 QPS |
| Recursive DNS requests to the Internet from all ECS instances in a VPC | 5,000 QPS |
To reduce requests that reach PrivateZone, add frequently accessed domain names to the CoreDNS cache. Cached responses are returned locally, bypassing PrivateZone and improving resolution speed.
Internet domain names
Performance for Internet domain names depends on the public DNS service in use and is also subject to the PrivateZone limits listed above.
Add frequently accessed or critical Internet domain names to the cache. This improves resolution speed and ensures that cached results are returned if the authoritative DNS service becomes unavailable.
What's next
Use NodeLocal DNSCache to further reduce DNS latency and improve performance. For more information, see Use the NodeLocal DNSCache component.