DEV Community

Manish Pillai
Manish Pillai

Posted on

How Kubernetes Resolves Service DNS

#kubernetes #cloud #networking #opensource

When you create a Service in Kubernetes, you get a stable ClusterIP. But let’s be honest—nobody wants to hardcode 10.96.0.10 into their application code. We want to use names, like auth-service or payment-api.

How does Kubernetes know that payment-api actually means 10.96.0.10? That’s where CoreDNS comes in.

What is CoreDNS?

CoreDNS is a flexible, extensible DNS server that sits inside your cluster as a standard Deployment. It usually has two or more replicas for high availability.

Its job is simple: Watch and Cache.

  • It watches the Kubernetes API for any new Services or EndpointSlices.
  • Whenever you create/update a Service, CoreDNS updates its internal memory cache almost instantly.

How your Pods "Know" to ask CoreDNS

When a Pod is created, the Kubelet injects a specific configuration into the Pod's /etc/resolv.conf file.

If you exec into any Pod and run cat /etc/resolv.conf, you’ll see something like:

nameserver 10.96.0.10  # This is the IP of the CoreDNS Service
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
Enter fullscreen mode Exit fullscreen mode

Because of this file, every time your app tries to connect to a URL, it doesn't go to the public internet first—it asks CoreDNS inside the cluster.

Scenarios

Scenario A: Internal Query
You call http://my-service. CoreDNS looks at its cache, finds the ClusterIP, and hands it back. Done.

Scenario B: External Query (e.g., www.google.com)
CoreDNS checks its cache and says, "I don't know who that is." Instead of giving up, it forwards the request to the upstream DNS (the default DNS configured on the worker node).

The Corefile (Configuration)

The behavior of CoreDNS is defined in a ConfigMap called the Corefile. It’s mounted directly into the CoreDNS pods. It looks something like this:

.:53 {
    errors
    health {
       lameduck 5s
    }
    ready
    kubernetes cluster.local in-addr.arpa ip6.arpa {
       pods insecure
       fallthrough in-addr.arpa ip6.arpa
       ttl 30
    }
    prometheus :9153
    forward . /etc/resolv.conf
    cache 30
    loop
    reload
    loadbalance
}
Enter fullscreen mode Exit fullscreen mode

Key parts of this config:

  • kubernetes: This plugin tells CoreDNS to answer DNS queries based on IP addresses of Kubernetes pods and services.
  • forward . /etc/resolv.conf: This is the "What if?" logic. If it's not a K8s service, send it to the node's DNS.
  • cache: Keeps things fast so we don't hit the API server for every single request.

Summary

Kubelet : It writes the CoreDNS IP into every Pod's /etc/resolv.conf so they know where to ask.

CoreDNS : It watches the K8s API to map Service names to IPs and forwards everything else to the Node's DNS.

Top comments (0)