Kube-DNS: The Essential Service for Kubernetes Clusters

Discover why DNS is particularly important when dealing with large-scale, complex environments, like those based on Kubernetes. Get a breakdown of how DNS works in Kubernetes and gain some key tips and tricks on how to get the most out of Kubernetes DNS.

Udi Rot

Founding Engineer

February 15, 2023

4 min read

Udi Rot,

Founding Engineer,

February 15, 2023

4 min read

Can you recite your best friend's phone number from memory? Chances are that you can't – and it's not because you're a bad friend (at least not for that reason). It's that most people don't have to remember phone numbers anymore because smartphones do that hard work for us. When we want to call someone, we type their name in, and the phone automatically looks up and dials their number for us.

Computers do essentially the same thing, thanks to DNS, which makes it possible to map the names of applications, servers, services and basically any other entity that has a network identity onto IP addresses. It also assists in processes like service discovery, which enables entities on the network to find each other. DNS is important on virtually any type of network. But it's especially critical when you're dealing with large-scale, complex environments, like those based on Kubernetes. Indeed, without DNS, the life of Kubernetes admins would be considerably more tedious.

Keep reading for a breakdown of how DNS works in Kubernetes, along with tips on how to get the most out of Kubernetes DNS.

What is DNS?

Before diving into the particulars of DNS in Kubernetes, let's talk about what DNS means in general.

DNS – short for Domain Name Service – is a type of service that translates (or resolves, to use the technical term) human-readable names to network IP addresses. For example, DNS is how your computer figures out which IP address to connect to when you want to open google.com in your browser, or when you want to send a job to a local network printer.

DNS is, in other words, akin to a phonebook for the Internet. DNS servers store records of which human-readable network address names correspond to which IP addresses, and make that information available upon request to devices, applications or services that want it.

In general, applications and services that need to resolve network names using DNS have logic built into them for connecting to DNS servers. But you can also make DNS requests manually using tools like host, a CLI utility for Unix-like operating systems. For example, if you want to see the IP addresses of the server that hosts google.com, you could type:

It would return:

You can also use dig if you want to pull DNS records from a specific DNS server (rather than whichever one your computer is configured to use by default). For example, to run a DNS request on the server with IP address 8.8.8.8 (which happens to be a DNS server managed by Google), you'd do:

DNS and service discovery

In addition to mapping network names to IP addresses, DNS plays a role in service discovery, which is the process by which different resources on the network find out about each other.

By default, applications and servers don't usually know which other applications or servers exist on the network, unless they've been preconfigured with that information. Service discovery allows entities to poll the network, figure out what else is out there and determine its IP address.

It's kind of like walking down the street and yelling "HI THERE! WHAT'S YOUR NAME AND PHONE NUMBER?" at strangers as you pass them by, except in a less awkward and more systematic way.

DNS and large-scale environments

DNS is useful in any context, just as being able to save your friends' phone numbers is valuable no matter how many friends you have. But the importance of automatically mapping identities to numbers is especially critical when you’re dealing with lots of resources – or friends, as the case may be.

If you’re a loner with just three friends, you might be able to remember their phone numbers on your own, just as you could probably keep track of the IP addresses of just a handful of servers manually. But if you're super-duper cool with hundreds of friends, there's no way you can commit all of their numbers to memory. You need an automated system to track those numbers for you.

Kubernetes's need for DNS

A Kubernetes environment is like a person with lots of friends: There are dozens, hundreds or potentially even thousands of entities with unique network identities inside a Kubernetes cluster, and keeping track of the IP addresses of all of them by hand just doesn't work.

Think about it: A Kubernetes cluster is home to a large number of self-contained entities, which are constantly interacting with each other over a variety of internal networks. In addition, any cluster that hosts public-facing applications needs to manage requests from the Internet, which in most cases means it needs to know the IP addresses of even more endpoints.

If you wanted to hate your life, you could try to keep track of the IP addresses for the various resources inside Kubernetes manually. But that would be a nightmare because you'd not only have to spend hours and hours configuring IP addresses initially, but you'd also have to update your IP address lists constantly, since many IP addresses in Kubernetes are dynamically assigned and subject to constant change. The IP address of a Pod or node could change when the Pod or node restarts, for example.

By translating the service names of the various resources inside Kubernetes into IP addresses and keeping track of changes to IP addresses automatically, DNS services in Kubernetes make life much, much simpler for admins. They also help to ensure that the many moving parts inside Kubernetes can talk to each other smoothly – and that ingoing and outgoing requests associated with external networks are properly routed – even as the network configuration constantly changes.

To be clear, DNS is only one ingredient in a full-fledged Kubernetes networking stack. DNS doesn't handle other important network-related tasks, such as load-balancing or the enforcement of security rules via network policies. You'd need other tools (like service meshes and ingress controllers) to do that work. But DNS does handle one of the most important tasks required to operate a Kubernetes cluster at scale.

How Kubernetes DNS is implemented

Today, most Kubernetes clusters rely on CoreDNS, an open source DNS server written in Go, to provide DNS services across the environment. Earlier versions of Kubernetes used SkyDNS, but the Kubernetes developers switched to CoreDNS because the latter is designed specifically for cloud-native environments.

CoreDNS is deployed in a simple way: It runs as a cluster-level Pod and handles DNS queries within the cluster from there. By default, the service is named kube-dns.

Kubernetes external DNS

The CoreDNS DNS server is available in Kubernetes by default, so you don't need to do anything special to get it running. However, if you also need to resolve the names of external services, you might want to install an additional DNS server designed for external requests, such as the aptly named ExternalDNS.

Configuring and troubleshooting kube-DNS

Of course, just because Kubernetes provides an internal DNS server by default doesn't mean it always works the way it's supposed to. If you're experiencing issues like the failure of nodes, Pods or Services to communicate with each other, there's a chance it could be due to problems with your Kubernetes DNS server, so you should troubleshoot it and assess your DNS health.

The first step in doing so is making sure the kube-dns service is actually running. You can do this with kubectl:

Or, if you are GUI-inclined rather than CLI-inclined, you can search the groundcover UI under the Workloads tab to see if kube-dns is running.

Assuming kube-dns is running, your next step is to view the kube-dns logs and look for errors. You can pull these with kubectl:

Or, check the Logs tab in the groundcover UI to view the kube-dns logs.

You can also check whether you can manually resolve domain names from inside a Pod (you have to do this with kubectl, alas):

Advanced kube-dns features and customization options

Beyond basic configuration and troubleshooting, kube-dns also offers a number of advanced features and customization options, such as:

• The ability to add custom plugins and configurations.
• Support for custom resource records.
• Implementation of advanced network topologies.

We won't go into the details of these advanced Kubernetes DNS features here, but if you have special requirements or need fine-grained control over how DNS requests are managed, they're worth looking into. As with most components of Kubernetes, there is a nearly endless amount of flexibility and configurability that you can unlock with regard to DNS management, provided you have the time and will necessary to take advantage of them.

Best practices for using kube-dns in production environments

The ideal setup for your Kubernetes DNS configuration depends on your goals and priorities. But in general, practices like the following will help you get the most out of Kubernetes DNS:

• Ensure that DNS records are configured correctly: If your DNS records are inaccurate, they may as well not exist at all, because your DNS server will provide bad information. Properly configure DNS records for all services in the cluster to ensure that requests for services reach the desired endpoints.

• Monitor the health of kube-dns: Monitor the health of kube-dns by regularly checking its performance and functionality. The kube-dns troubleshooting strategies we outlined above can help with this purpose.

• Configure a separate DNS zone for each environment: By configuring separate DNS zones for each environment, such as production and staging, you can better protect critical services from malicious attacks.

• Use a resolver for external domains: For external domains, use a reliable DNS resolver to prevent potential outages. This can also help in some ways to keep the cluster secure by protecting it against malicious attacks.

Take advantage of kube-dns

Technically speaking, you don't need to use DNS with Kubernetes – just like you also don't need to save your friends' phone numbers in your address book. You could try to remember all of the service name-IP address mappings manually. But unless you’re Cam Jensen, that's not a good way to live your life.

Instead, take advantage of kube-dns. Whether you have just a few resources running in your cluster or several thousand, and whether you're just experimenting with Kubernetes or operating in production, understanding how to leverage kube-dns – and how to troubleshoot DNS health issues in Kubernetes – is a fundamental skill.

February 15, 2023

4 min read

Explore related posts

Kubernetes

Monitoring

Incomprehensible Performance Issues unraveled with Kubernetes Tracing Tools

Explore the role of tracing in Kubernetes and how it can help you monitor the health and performance of your cloud-native applications.

Kubernetes

Monitoring

Kubernetes Logging: How to Optimize your Logs for Efficiency

Get to know which log files are available in Kubernetes, which data they reveal, and how to analyze that data, in order to gain critical visibility into what's happening with your applications and troubleshoot problems effectively when they arise.

Istio

Kubernetes

Istio Architecture for Kubernetes: The Good, the Bad & the Ugly

Find out what Istio is, how the Istio architecture works, which benefits Istio offers to Kubernetes and what to watch out for when getting started with Istio virtual services in a Kubernetes cluster.