ACK CoreDNS DNSTAP Analyser captures and classifies DNS messages exchanged between clients and CoreDNS, and between CoreDNS and upstream DNS servers. Use this component to quickly identify the root causes of DNS resolution failures in your ACK cluster.
How it works
CoreDNS includes a built-in dnstap plugin that streams structured binary logs of all DNS queries and responses. ACK CoreDNS DNSTAP Analyser receives these dnstap messages, correlates them into sessions, and outputs a diagnostic summary for each session. Each summary includes:
Status-- Whether the resolution succeeded, failed, or experienced message lossBitMap-- Which legs of the DNS path were observed (client → CoreDNS → upstream)Messages-- The raw DNS query and response content in JSON format
Prerequisites
Before you begin, make sure you have:
An ACK Pro cluster. For more information, see Create an ACK Pro cluster
The kubeconfig file for the cluster, with kubectl connected. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster
Step 1: Install ACK CoreDNS DNSTAP Analyser
Log on to the ACK console.
In the left-side navigation pane, choose Marketplace > Marketplace.
On the App Catalog page, search for
ack-coredns-dnstap-analyserand click it in the results.Click Deploy.
Select a cluster and namespace, then click Next. Configure the parameters based on your requirements and click OK.
Step 2: Configure the dnstap plugin in CoreDNS
After you install ACK CoreDNS DNSTAP Analyser, configure CoreDNS to forward dnstap messages to it.
Get the ClusterIP of the ACK CoreDNS DNSTAP Analyser service: Note the
CLUSTER-IPvalue. The following steps use172.21.0.10as an example.kubectl -n kube-system get svc dnstap-analyserEdit the CoreDNS ConfigMap:
kubectl -n kube-system edit cm coredns -o yamlAdd the
dnstapdirective to the Corefile. Place it after thereadydirective and before thekubernetesblock: Thefullparameter captures the complete wire-format DNS message. Port6000is the default listening port for ACK CoreDNS DNSTAP Analyser.Corefile: | .:53 { # ... existing directives ... ready # Forward dnstap messages to ACK CoreDNS DNSTAP Analyser. # Replace 172.21.0.10 with the actual ClusterIP from Step 1. dnstap tcp://172.21.0.10:6000 full kubernetes cluster.local in-addr.arpa ip6.arpa { # ... existing configuration ... } # ... existing directives ... reload loadbalance }Verify that CoreDNS reloads successfully. First, list the CoreDNS pods: Expected output:
kubectl -n kube-system get pod | grep corednscoredns-7d56l 1/1 Running 0 30m coredns-s7m2t 1/1 Running 0 30mCheck the logs of a CoreDNS pod. Replace
<coredns-pod>with a pod name from the previous output: Wait approximately one minute. If the following output appears with no errors, the configuration change is active:kubectl -n kube-system logs -f --tail=500 <coredns-pod>[INFO] Reloading complete
Step 3: View ACK CoreDNS DNSTAP Analyser logs
List the ACK CoreDNS DNSTAP Analyser pods: Expected output:
kubectl -n kube-system get pod | grep dnstap-analyserdnstap-analyser-bbdf879-g**** 1/1 Running 0 30mView the analyser logs. Replace
<analyser-pod>with the pod name from the previous output:kubectl -n kube-system logs -f <analyser-pod>
Step 4: Interpret the diagnostic output
Each line in the ACK CoreDNS DNSTAP Analyser log represents one DNS session -- the full set of requests and responses exchanged among a client, CoreDNS, and an upstream DNS server for a single query.
Status field
| Status | Meaning |
|---|---|
Succeeded | The domain name was resolved. The response contains an NXDOMAIN or NOERROR response code. |
Failed | Resolution failed. The response contains an error code, or the upstream DNS server connection timed out. |
SampleLoss | CoreDNS or ACK CoreDNS DNSTAP Analyser is overloaded and dropped dnstap messages. Scale up the CoreDNS or analyser pods to improve diagnostic accuracy. |
BitMap field
The BitMap value indicates which dnstap messages were captured during the session. Use it to identify where in the DNS path the issue occurred.
| BitMap | Meaning |
|---|---|
1 | CoreDNS received a query from the client but did not return a response. |
3 | Internal resolution. The query hit the CoreDNS local cache or a Kubernetes cluster DNS record and the result was returned to the client. |
5 | Upstream failure. CoreDNS forwarded the query to the upstream DNS server, but the server did not respond. |
15 | External resolution. The full round trip completed: client → CoreDNS → upstream DNS server → CoreDNS → client. |
Messages field
The Messages field contains the original DNS query and response in JSON format. Analyze the content using the IANA DNS parameters registry.
Step 5: (Optional) Uninstall ACK CoreDNS DNSTAP Analyser
After you identify the root cause, uninstall ACK CoreDNS DNSTAP Analyser to avoid unnecessary costs.
Remove the dnstap directive from CoreDNS
Edit the CoreDNS ConfigMap:
kubectl -n kube-system edit cm coredns -o yamlDelete the
dnstapline that you added in Step 2:Corefile: | .:53 { # ... existing directives ... ready # Delete the following line. dnstap tcp://172.21.0.10:6000 full kubernetes cluster.local in-addr.arpa ip6.arpa { # ... existing configuration ... } # ... existing directives ... reload loadbalance }Verify that CoreDNS reloads. List the CoreDNS pods: Expected output:
kubectl -n kube-system get pod | grep corednscoredns-7d56l 1/1 Running 0 30m coredns-s7m2t 1/1 Running 0 30mCheck the CoreDNS logs. Replace
<coredns-pod>with a pod name from the previous output: Wait approximately one minute. If the following output appears with no errors, the change is active:kubectl -n kube-system logs -f --tail=500 <coredns-pod>[INFO] Reloading complete
Uninstall the Helm release
Log on to the ACK console.
In the left-side navigation pane, click Clusters.
Click the name of your cluster, then choose Applications > Helm in the left-side navigation pane.
On the Helm page, find
ack-coredns-dnstap-analyserand click Delete in the Actions column. Follow the prompts to complete the deletion.