Home PageContainer Service for KubernetesACK Managed and Dedicated ClustersUser GuideNetworkDNS-based service discovery
Search for Help Content

DNS overview

Updated at: 2025-03-26 02:35
Product
Community

Pods in a Kubernetes cluster use domain names to access Services in the cluster or services outside the cluster. A domain name is resolved to an IP address. Domain Name System (DNS) is used to maintain mappings between domain names and IP addresses. This topic describes the basics of DNS, introduces the components that Container Service for Kubernetes (ACK) provides to implement DNS, and describes how to configure DNS resolution for an ACK cluster.

How DNS resolution works in ACK clusters

Devices connected to the Internet use IP addresses to communicate with each other. However, IP addresses are difficult to remember. Domain names contain semantic information. Compared with IP addresses, domain names are easy to remember. In most cases, clients send requests to domain names. The following figure shows the DNS resolution procedure for the example.com domain name when it receives a request from a client.

image

  1. The destination server registers its domain name and IP address with the DNS server.

  2. The client queries the DNS server for the IP address of the example.com domain name.

  3. The DNS server checks the DNS records on the server and returns the IP address to the client.

  4. The client connects to the IP address to communicate with the destination server.

Components that ACK provides to implement DNS

CoreDNS and NodeLocal DNSCache are used to implement DNS in ACK managed clusters. Before you get started with CoreDNS and NodeLocal DNSCache, we recommend that you read the following content to learn about the basics of DNS in Kubernetes.

In most cases, a Service has a short name. During a DNS lookup, a Service is represented by a full domain name in the <servicename>.<namespace>.svc.<ClusterDomain> format. <ClusterDomain> refers to the domain name of the cluster. The default domain name of a Kubernetes cluster is cluster.local. You can specify a custom domain name For example, the full domain name of the database-svc Service in the default namespace is database-svc.default.svc.cluster.local.

During pod creation, the kubelet on a node configures the /etc/resolv.conf file for the pod. The pod sends DNS queries based on the configurations in this file.

CoreDNS

CoreDNS is a DNS resolver provided by Kubernetes. CoreDNS can resolve custom internal domain names and external domain names. CoreDNS is hosted by Cloud Native Computing Foundation (CNCF). For more information about CoreDNS, see CoreDNS: DNS and Service Discovery.

ACK uses CoreDNS as the default DNS server for ACK clusters. CoreDNS is deployed as a Deployment in the kube-system namespace. CoreDNS is exposed within the cluster by using the kube-dns Service, which is a ClusterIP Service. For more information about how to configure CoreDNS, see Configure CoreDNS.

Use kubectl to query the resources deployed for CoreDNS

  1. Run the following command to query the CoreDNS Deployment:

    kubectl get deployment -l k8s-app=kube-dns -n kube-system

    Expected output:

    NAME      READY   UP-TO-DATE   AVAILABLE   AGE
coredns   2/2     2            2           1h

  2. Run the following command to query the CoreDNS Service:

    kubectl get service -n kube-system kube-dns

    Expected output:

    NAME       TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   172.**.**.**   <none>        53/UDP,53/TCP,9153/TCP   1h

The following figure shows the DNS resolution procedure when a pod in the default namespace attempts to access the database-svc Service.

image

  1. The pod checks the /etc/resolv.conf file to obtain the DNS server IP address (172.0.XX.X), which is the cluster IP address of the kube-dns Service.

  2. The pod sends a DNS query to the kube-dns Service. The domain name is appended with the suffixes that are specified by the search parameter in sequence before the domain name is resolved.

    1. database-svc.default.svc.cluster.local: a Service in the same namespace as the pod.

    2. database-svc.svc.cluster.local: a Service in another namespace.

    3. database-svc.cluster.local: an internal domain name in the cluster.

    4. database-svc: an external domain name.

  3. The CoreDNS pod returns 172.4.XX.X.

  4. The pod connects to the IP address to communicate with the database-svc Service.

NodeLocal DNSCache

NodeLocal DNSCache runs a DNS caching agent on each worker node to reduce the workloads of CoreDNS. This helps you improve the stability and availability of DNS resolution in the cluster. To improve DNS resolution stability, we recommend that you install NodeLocal DNSCache in your cluster. For more information about how to install and use NodeLocal DNSCache, see Configure NodeLocal DNSCache.

The following figure shows the DNS resolution procedure in a cluster when a pod in the default namespace attempts to access the database-svc Service. NodeLocal DNSCache is installed in the cluster and the node-local-dns-injection: "enabled" label is added to the default namespace.

image

  1. The pod first queries the DNS cache on the node.

  2. The resolution proceeds based on whether a cache hit occurs:

    1. If a record for the database-svc Service is found in the cache, a cache hit occurs. In this case, the IP address recorded in the cache is returned. The pod connects to the IP address.

    2. If no record for the database-svc Service is found in the cache, a cache miss occurs. In this case, the pod sends a DNS query to CoreDNS. The result returned by CoreDNS will be synchronized to the DNS cache on the node.

Configure DNS resolution for an ACK cluster

You can configure DNS resolution for an ACK cluster from the following perspectives:

Configure DNS resolution from the cluster perspective

The kubelet configurations of a node contain the ClusterDomain parameter. You must ensure that the ClusterDomain parameter in the kubelet configurations of each node in the cluster is set to the same value. Otherwise, network errors may occur in the cluster.

  • ClusterDomain

    The ClusterDomain parameter specifies the top-level domain name used by all Services in the cluster. Default value: cluster.local. If a domain name is suffixed with the value of the ClusterDomain parameter, it is an internal domain name. If a domain name is not suffixed with the value of the ClusterDomain parameter, it is an external domain name. You can specify the ClusterDomain parameter during cluster creation. Make sure that the value of the ClusterDomain parameter does not overlap with the external domain names you use.

    image.png

Configure DNS resolution from the node perspective

  • resolveConf

    The resolveConf parameter in the kubelet configurations of a node specifies the path of the DNS configuration file on the node. If you set the dnsPolicy parameter in the pod configurations to Default, the kubelet copies the content in the file (/etc/resolv.conf by default) specified by the resolveConf parameter of the kubelet to the /etc/resolv.conf file in the pod.

Configure DNS resolution from the pod perspective

  • The configurations of a pod contain the dnsPolicy and dnsConfig parameters, which can be used to configure a custom DNS policy for the pod. The dnsPolicy specifies the DNS resolution policy of the pod. The dnsConfig parameter specifies the DNS servers and DNS search domains for DNS resolution in the pod. For more information about how to configure the dnsPolicy and dnsConfig parameters in different scenarios, see DNS policies and domain name resolution.

Previous: Ingress FAQNext: DNS policies and domain name resolution
  • On this page (1, M)
  • How DNS resolution works in ACK clusters
  • Components that ACK provides to implement DNS
  • CoreDNS
  • NodeLocal DNSCache
  • Configure DNS resolution for an ACK cluster
  • Configure DNS resolution from the cluster perspective
  • Configure DNS resolution from the node perspective
  • Configure DNS resolution from the pod perspective
  • References
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare