Kubernetes DNS (CoreDNS, Custom DNS Configurations, Debugging DNS Failures) – A Deep Dive

DNS is a critical component in Kubernetes, enabling service discovery, internal networking, and external name resolution. If DNS fails, pod-to-pod communication and external API connections can break, causing downtime and service disruptions.

Ever wondered:

?? How does Kubernetes resolve pod and service names?

?? How does CoreDNS manage internal DNS resolution?

?? How to configure custom DNS settings for your applications?

?? How to troubleshoot DNS failures in Kubernetes?

This guide deep dives into Kubernetes DNS, covering architecture, configuration, real-world scenarios, and debugging techniques to ensure reliable service discovery in your clusters.

?? What is Kubernetes DNS?

Kubernetes automatically assigns DNS names to services and pods, eliminating the need for manual IP management. DNS ensures:

? Pods communicate using service names instead of dynamic IPs.

? Automated DNS resolution for services, endpoints, and external domains.

? Custom DNS configurations for external service discovery.

How DNS Works in Kubernetes

1?? A pod makes a DNS query for a service (e.g., backend-service.default.svc.cluster.local).

2?? CoreDNS intercepts the request and checks if it matches an internal service.

3?? If matched, CoreDNS returns the ClusterIP for the service.

4?? If not matched, the query is forwarded to an external DNS server (if configured).

?? DNS eliminates the need to hardcode IP addresses, enabling dynamic service discovery in Kubernetes.

?? CoreDNS – The Default DNS Server in Kubernetes

What is CoreDNS?

CoreDNS is the default DNS service for Kubernetes, handling all name resolution for pods and services.

How CoreDNS Works in Kubernetes?

? CoreDNS runs as a Deployment inside the kube-system namespace.

? It provides service discovery and internal DNS resolution.

? Uses a ConfigMap for managing custom DNS settings.

Check CoreDNS Status in Your Cluster

kubectl get pods -n kube-system -l k8s-app=kube-dns        

Expected Output:

Inspect the CoreDNS ConfigMap

kubectl get configmap coredns -n kube-system -o yaml        

?? Scenario 1: How Kubernetes Resolves Internal DNS Queries

?? Overview

Let’s test how a frontend pod communicates with a backend service using Kubernetes DNS.

?? Use Case:

? Demonstrates DNS-based service discovery inside a cluster.

? Verifies internal DNS resolution using CoreDNS.

Step 1: Deploy Backend and Frontend Applications

Create Backend Deployment (backend-deployment.yaml)

vi backend-deployment.yaml        

apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
spec:
  replicas: 2
  selector:
    matchLabels:
      app: backend
  template:
    metadata:
      labels:
        app: backend
    spec:
      containers:
      - name: backend
        image: nginx
        ports:
        - containerPort: 80        

The above yaml file will create a deployment called backend. In that deployment it will create a containers with 3 replicas called backend and deploy the image called nginx and expose the port 80.

Apply it:

kubectl apply -f backend-deployment.yaml        

Step 2: Create a Service for Backend Pods

Backend Service (backend-service.yaml)

vi backend-service.yaml        

apiVersion: v1
kind: Service
metadata:
  name: backend-service
spec:
  selector:
    app: backend
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP        

Apply it:

kubectl apply -f backend-service.yaml        

Check the service:

kubectl get svc backend-service        

Expected Output:

Step 3: Test DNS Resolution Inside a Frontend Pod

Deploy Frontend Pod (frontend-pod.yaml)

vi frontend-pod.yaml        

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: alpine
    image: alpine
    command: ["sleep", "3600"]        

Apply it:

kubectl apply -f frontend-pod.yaml        

Exec into the frontend pod:

kubectl exec -it frontend -- sh        

Test DNS resolution:

nslookup backend-service        

Expected Output:

? Success! Kubernetes resolved backend-service to its ClusterIP using CoreDNS.

?? Scenario 2: Customizing DNS in Kubernetes

Sometimes, applications require custom DNS configurations (e.g., using a company-wide DNS server).

Step 1: Configure custom DNS in the ConfigMap

Modify CoreDNS ConfigMap to Use an External DNS Server

kubectl edit configmap coredns -n kube-system        

Modify the CoreDNS ConfigMap to add an external resolver:

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward 8.8.8.8 {
           max_concurrent 1000
        }
        cache 30
        loop
        reload
        loadbalance
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2025-02-17T10:40:06Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "272"
  uid: 988d65b7-af69-40cd-adad-0489f2c0d63b        

Save the changes and restart CoreDNS:

kubectl rollout restart deployment coredns -n kube-system        

? Now, external DNS queries will be forwarded to Google DNS (8.8.8.8).

Step 2: Test Custom DNS Resolution Inside a Frontend Pod

3?? Debug DNS Queries From a Kubernetes Pod

Since Kubernetes workloads rely on CoreDNS for DNS resolution, deploy a temporary pod to test:

kubectl run debug --rm -it --image=alpine -- sh        

Once inside the pod, test the DNS resolution:

Check Google's IP Address

nslookup google.com        

? If the response contains valid IP addresses, CoreDNS is correctly forwarding queries.

? If it fails or times out, CoreDNS may not be correctly forwarding queries.

?? Scenario 3: Debugging DNS Failures in Kubernetes

Common DNS Issues & Fixes

Issue Possible Cause Solution DNS queries fail inside pods CoreDNS is down Restart CoreDNS (kubectl rollout restart deployment coredns -n kube-system) Service name not resolving Missing service Check services (kubectl get svc) External DNS resolution fails Incorrect forwarding Modify CoreDNS ConfigMap to use 8.8.8.8

Test DNS Resolution in a Pod

kubectl exec -it frontend -- nslookup google.com        

? If this fails, check CoreDNS logs:

kubectl logs -l k8s-app=kube-dns -n kube-system        

?? Key Takeaways

• CoreDNS is the default DNS service in Kubernetes, enabling internal name resolution.
• Custom DNS settings can be configured using the CoreDNS ConfigMap.
• Use nslookup inside pods to test DNS resolution.
• Restart CoreDNS if name resolution fails (kubectl rollout restart deployment coredns -n kube-system).
• Check CoreDNS logs for debugging (kubectl logs -l k8s-app=kube-dns -n kube-system).

?? Let’s Discuss!

Have you faced DNS failures in Kubernetes? What troubleshooting steps helped you resolve them? Let’s discuss in the comments!

Follow Bavithran M for more DevOps, Kubernetes, and cloud-native insights.

Found this useful? Share it with your network!