debugbashkubernetesModerate
CoreDNS: service discovery and DNS resolution inside the cluster
Viewed 0 times
corednsdnsservice discoverynslookupresolv.confcluster.localsearch domaincross namespacekube-dns
Error Messages
Problem
A pod cannot resolve the DNS name of another service in the cluster.
getaddrinfo fails or the connection is refused when using the service name.Solution
Kubernetes services are resolvable via DNS at
Short DNS names work within the same namespace:
<service>.<namespace>.svc.cluster.local. Debug DNS resolution:# Test DNS from inside a pod
kubectl run dns-test --image=busybox --rm -it -- sh
# Inside the container:
nslookup kubernetes.default
nslookup myservice.production.svc.cluster.local
# Check CoreDNS pods
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns
# Check CoreDNS ConfigMap for misconfig
kubectl get configmap coredns -n kube-system -o yamlShort DNS names work within the same namespace:
myservice resolves to myservice.<current-namespace>.svc.cluster.local via the search path in /etc/resolv.conf.Why
CoreDNS is the cluster DNS server. Each pod's
/etc/resolv.conf points to the CoreDNS ClusterIP and includes search domains like default.svc.cluster.local and svc.cluster.local. This allows short-name DNS resolution within the namespace.Gotchas
- Cross-namespace service calls require at minimum
service.namespace— justserviceonly resolves within the same namespace - ndots:5 in resolv.conf means names with fewer than 5 dots are tried with search domains first — can cause slow lookups for external domains
- If CoreDNS is crashing, check for DNS amplification issues and tune the cache/limits plugin
- Custom domains and external DNS can be configured in the CoreDNS Corefile ConfigMap
- StatefulSet pods have DNS: pod-0.service.namespace.svc.cluster.local
Context
Service-to-service communication within a Kubernetes cluster
Revisions (0)
No revisions yet.