All Products
Search

This Product

    Container Compute Service:DNS policies and domain name resolution

    Document Center

    Container Compute Service:DNS policies and domain name resolution

    Last Updated:Dec 12, 2024

    This topic describes how to use the dnsPolicy parameter to configure DNS policies for pods in an Container Compute Service (ACS) cluster.

    Background information

    For more information about how DNS resolution works in Kubernetes clusters, see DNS overview.

    CoreDNS in an ACS cluster is deployed on the cloud. The cluster uses the kube-dns Service to expose CoreDNS. DNS queries in the cluster are sent to the DNS server that is specified in the CoreDNS pod configuration. You can run the following command to query information about the kube-dns Service: 

    kubectl get svc kube-dns -n kube-system

    Use the dnsPolicy parameter to configure a DNS policy for a pod

    You can use the dnsPolicy parameter to configure a DNS policy for a pod. ACS clusters support the following DNS policies:

    • ClusterFirst: This policy indicates that a pod uses CoreDNS to resolve domain names. This is the default DNS policy. The /etc/resolv.conf file contains the address of the DNS server that is provided by CoreDNS, which is kube-dns.

    • None: This policy indicates that a pod ignores the DNS settings of the cluster. You must customize the DNS settings by using the dnsConfig parameter. Otherwise, the pod cannot resolve any domain name.

    • Default: This policy uses Alibaba Cloud DNS for DNS resolution.

    • ClusterFirstWithHostNet: Pods in ACS clusters do not support the host network. Therefore, the ClusterFirstWithHostNet policy is equivalent to the ClusterFirst policy. For more information, see Kubernetes application limits.

    You can use the preceding DNS policies to meet business requirements in various scenarios.

    Scenario 1: Use CoreDNS provided by ACS clusters to resolve domain names

    In this scenario, you must specify dnsPolicy: ClusterFirst for the DNS policy settings. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: alpine
  namespace: default
spec:
  containers:
  - image: alpine # The sample image is provided for reference only. Replace with the actual image that you use. 
    command:
      - sleep
      - "10000"
    imagePullPolicy: Always
    name: alpine
  dnsPolicy: ClusterFirst

    Scenario 2: Customize DNS settings for a pod

    To use a custom DNS configuration, specify dnsPolicy: None for the DNS policy setting and add the dnsConfig field. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: alpine
  namespace: default
spec:
  containers:
  - image: alpine # The sample image is provided for reference only. Replace with the actual image you use. 
    command:
      - sleep
      - "10000"
    imagePullPolicy: Always
    name: alpine
  dnsPolicy: None
  dnsConfig:
    nameservers: ["169.254.xxx.xxx"]
    searches:
    - default.svc.cluster.local
    - svc.cluster.local
    - cluster.local
    options:
    - name: ndots
      value: "2"

    The following table describes the parameters in the dnsConfig section.

    Parameter

    Description

    nameservers

    • A list of IP addresses of DNS servers for the pod. You can specify up to three IP addresses.

    • If you set dnsPolicy to None for a pod, you must specify at least one IP address. If you do not set dnsPolicy to None for a pod, this parameter is optional.

    • The listed DNS server IP addresses will be added to the nameserver parameter of the DNS configuration file that is generated based on the value of dnsPolicy. Duplicate IP addresses are removed.

    searches

    • A list of DNS search domains for hostname lookup in the pod. This parameter is optional.

    • The listed DNS search domains are added to the list of base search domains that are generated based on the specified DNS policy. Duplicate domain names are removed.

    • You can specify up to six search domains.

    options

    • A list of optional items. Each item can contain a name (required) and a value (optional).

    • The specified items will be added to the list of optional items that are generated based on the specified DNS policy. Duplicate items are removed.

    For more information, see DNS for Services and Pods.

    Scenario 3: Use Alibaba Cloud DNS for DNS resolution

    If your application pods do not need to access other Services deployed in the ACS cluster, you can specify dnsPolicy: Default for the DNS policy settings. In this scenario, DNS resolution is performed by Alibaba Cloud DNS and CoreDNS is not required. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: alpine
  namespace: default
spec:
  containers:
  - image: alpine # The sample image is provided for reference only. Replace with the actual image you use. 
    command:
      - sleep
      - "10000"
    imagePullPolicy: Always
    name: alpine
  dnsPolicy: Default

    References

    For more information about DNS resolution policies and caching policies, see DNS resolution policies and caching policies.