All Products
Search

This Product

    :Configure DNS resolution

    Document Center

    :Configure DNS resolution

    Last Updated:Aug 23, 2024

    This topic introduces how Domain Name System (DNS) resolution works in Alibaba Cloud Container Compute Service (ACS) clusters, and describes how to configure DNS policies to meet different business requirements in various scenarios.

    Background information

    By default, ACS clusters do not provide DNS resolution services. To enable DNS resolution for an ACS cluster, you must select CoreDNS when you create the cluster. A Service named kube-dns is deployed in an ACS cluster to provide DNS resolution services. You can run the following command to query information about the kube-dns Service: For more information about how to create an ACS cluster, see Create an ACS cluster. 

    kubectl get svc kube-dns -n kube-system

    Expected output:

    NAME       TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   172.24.0.10   <none>        53/UDP,53/TCP,9153/TCP   27d

    How DNS resolution works in ACS clusters

    The startup parameters of the kubelet in an ACS cluster include --cluster-dns=<dns-service-ip> and --cluster-domain=<default-local-domain>. These parameters specify the IP address of the DNS server for the cluster and the suffix of the base domain name for the DNS server.

    The DNS configuration file in a pod is /etc/resolv.conf. The file contains the following content: 

    nameserver xx.xx.0.10
search kube-system.svc.cluster.local svc.cluster.local cluster.local
options ndots:5

    Parameter

    Description

    nameserver

    The IP address of the DNS server.

    search

    The suffixes that are used for DNS queries. More suffixes indicate more DNS queries. For ACS clusters, the suffixes kube-system.svc.cluster.local, svc.cluster.local, and cluster.local. Therefore, up to four queries are generated for a request sent to an ACS cluster.

    options

    The options for the DNS configuration file. You can specify multiple key-value pairs. For example, if you set the parameter to ndots:5, a domain name is a fully qualified domain name and is directly resolved if the number of dots in the domain name string is greater than the value of ndots. If the number of dots in the domain name string is less than the value of ndots, the domain name is appended with the suffixes specified by the search parameter before it is resolved.

    Based on the preceding settings, DNS queries of internal domain names and external domain names are sent to the DNS server of an ACS cluster for DNS resolution.

    Use dnsPolicy to configure DNS policies for an ACS cluster in different scenarios

    You can use the dnsPolicy parameter to specify different DNS policies for a pod. ACS clusters support the following policies:

    • ClusterFirst: This policy indicates that a pod uses CoreDNS to resolve domain names. The /etc/resolv.conf file contains the address of the DNS server that is provided by CoreDNS, which is kube-dns. This is the default DNS policy for workloads in an ACS cluster.

    • None: This policy indicates that a pod ignores the DNS settings of the ACS cluster. You must customize the DNS settings by using the dnsConfig field.

    • Default: This policy indicates that a pod inherits the DNS resolution settings from the node on which the pod is deployed. In an ACS cluster, nodes are created based on Elastic Compute Service (ECS) instances. Therefore, a pod directly uses the /etc/resolv.conf file of the ECS instance-based node on which the pod is deployed. This file contains the address of a DNS server that is provided by Alibaba Cloud DNS.

    You can use the preceding DNS policies to meet different business requirements in various scenarios.

    Scenario 1: Use CoreDNS provided by ACS clusters to resolve domain names

    In this scenario, you must specify dnsPolicy: ClusterFirst for the DNS policy settings. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: alpine
  namespace: default
spec:
  containers:
  - image: alpine
    command:
      - sleep
      - "10000"
    imagePullPolicy: Always
    name: alpine
  dnsPolicy: ClusterFirst

    Scenario 2: Customize DNS settings for a pod

    To customize DNS settings for a Deployment, you must specify dnsPolicy: None for the DNS policy settings. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: alpine
  namespace: default
spec:
  containers:
  - image: alpine
    command:
      - sleep
      - "10000"
    imagePullPolicy: Always
    name: alpine
  dnsPolicy: None
  dnsConfig:
    nameservers: ["169.254.xx.xx"]
    searches:
    - default.svc.cluster.local
    - svc.cluster.local
    - cluster.local
    options:
    - name: ndots
      value: "2"

    The following table describes the parameters in the dnsConfig section.

    Parameter

    Description

    nameservers

    A list of IP addresses of DNS servers for the pod. You can specify up to three IP addresses. If you set dnsPolicy to None for a pod, you must specify at least one IP address. If you do not set dnsPolicy to None for a pod, this parameter is optional. The listed DNS server IP addresses are added to the nameserver parameter of the DNS configuration file that is generated based on the value of dnsPolicy. Duplicate IP addresses are removed.

    searches

    A list of DNS search domains for hostname lookup in the pod. This parameter is optional. The listed DNS search domains are added to the list of base search domains that are generated based on the specified DNS policy. Duplicate domain names are removed. You can specify up to six search domains.

    options

    A list of optional items. Each item can contain a name (required) and a value (optional). The specified items are added to the list of optional items that are generated based on the specified DNS policy. Duplicate items are removed.

    Scenario 3: Use the DNS settings of an ECS instance that is provided by Alibaba Cloud

    If your application pods do not need to access other Services deployed in the ACS cluster, you can specify dnsPolicy: Default for the DNS policy settings. In this scenario, DNS resolution is performed by Alibaba Cloud DNS and CoreDNS is not required. Example:

    apiVersion: v1
kind: Pod
metadata:
 name: alpine
 namespace: default
spec:
 containers:
 - image: alpine
 command:
 - sleep
 - "10000"
 imagePullPolicy: Always
 name: alpine
 dnsPolicy: Default

    Use the hostAliases parameter to configure the /etc/hosts file in a pod

    If you want to map a specified domain name to a static IP address for DNS resolution within all pods, you can enable the hosts plug-in of CoreDNS. For more information, see Configure CoreDNS extensions.

    If you want to map a specified domain name to a static IP address for DNS resolutions within a specified pod, you can add the hostAliases parameter to the /etc/hosts file of the pod. Example:

    apiVersion: v1
kind: Pod
metadata:
  name: hostaliases-pod
spec:
  hostAliases:
  - ip: "127.0.**.**"
    hostnames:
    - "foo.local"
    - "bar.local"
  - ip: "10.1.**.**"
    hostnames:
    - "foo.remote"
  containers:
  - name: cat-hosts
    image: busybox:1.28
    command:
    - cat
    args:
    - "/etc/hosts"

    The following code block shows the content of the initialized /etc/hosts file after you add the hostAliases parameter to the spec section of the pod configurations: 

    # Kubernetes-managed hosts file.
127.0.**.**	localhost
10.200.**.**	hostaliases-pod

# Entries added by HostAliases.
127.0.**.**	foo.local	bar.local
10.1.**.**	foo.remote	bar.remote

    The preceding content shows that the foo.local, bar.local, and foo.remote domain names are mapped to static IP addresses.