Before Kubernetes version 1.11, the Kubernetes DNS service was based on kube-dns. Version 1.11 introduced CoreDNS to address some security and stability concerns with kube-dns.

Regardless of the software handling the actual DNS records, both implementations work in a similar manner:

  • A service named kube-dns and one or more pods are created.
  • The kube-dns service listens for service and endpoint events from the Kubernetes API and updates its DNS records as needed. These events are triggered when you create, update or delete Kubernetes services and their associated pods.
  • kubelet sets each new pod’s /etc/resolv.conf nameserver option to the cluster IP of the kube-dns service, with appropriate search options to allow for shorter hostnames to be used:
  • Applications running in containers can then resolve hostnames such as example-service.namespace into the correct cluster IP addresses.

Kubernetes DNS Records

  • SVC


  • POD

addressing a service in the same namespace

nslookup other-svc

addressing a service in a different namespace

nslookup other-svc.other-ns

Pod’s dnsPolicy

Note: “Default” is not the default DNS policy. If dnsPolicy is not explicitly specified, then “ClusterFirst” is used.

“ClusterFirst“: Any DNS query that does not match the configured cluster domain suffix, such as “www.kubernetes.io”, is forwarded to the upstream nameserver inherited from the node. Cluster administrators may have extra stub-domain and upstream DNS servers configured. See related discussion for details on how DNS queries are handled in those cases.

customize pod dns with dnsConfig

busybox has bug on nslookup of k8s svc addressing,

use alpine instead

[email protected]:~/wubigo.github.io$ kubectl run -it --image curl:v1 curl  --restart=Never --rm -- sh
If you don't see a command prompt, try pressing enter.
/ # nslookup kubernetes
Name:      kubernetes
Address 1: kubernetes.default.svc.cluster.local
/ # nslookup nginx
Name:      nginx
Address 1: web-0.nginx.default.svc.cluster.local

coredns CM

kubectl -n kube-system get configmap coredns -o yaml

kubectl -n kube-system edit configmap coredns

  Corefile: |
    .:53 {
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
        prometheus :9153
        proxy . /etc/resolv.conf
        cache 30
kind: ConfigMap
  creationTimestamp: "2019-02-19T06:54:07Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "561721"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: 2732a277-3413-11e9-86cc-08002775f493