A Brief Look at CoreDNS

The Cloud Native Computing Foundation doesn’t just preside over Kubernetes - there are quite a few projects currently being incubated and we’re going to take a look at one of the projects that was featured in the Keynote - CoreDNS in this blog post.

CoreDNS is a extensible DNS server that supports standard DNS, the standard (but not widely adopted) DNS over TLS and the non-standard DNS over gRPC protocols. Its main feature is the plugin system, which allows you to do anything in response to a DNS query that you can code up in Go. CoreDNS is under rapid development; they currently release every 3-4 weeks. Importantly for a DNS server, the code was just recently security audited by Cure53 and was found to be mostly bug free!

The plugin-based architecture means that the DNS serving core of CoreDNS can remain rock solid stable, while functionality is added through plugins. As a user, you define a Server by configuring zones to serve on a particular port. Each Server will then pass requests it receives through a plugin chain, which determines the response to send (or not send.) In general, each plugin can decide to process a query, pass it along the chain, or start processing but fall through to the next plugin.

There are a number of built in plugins that let you easily serve DNS queries, for example from RFC 1035-style zone files, or ETCD databases. Other plugins enable metrics, logging, forwarding, reverse DNS, DNSSEC, TLS, caching and all the features you would expect from a fully featured DNS server. Currently on the roadmap are better support for ETCD3 and SQL database support for record storage.

You may be thinking, “how does this relate to Kubernetes?” In most current deployments of Kubernetes, none of your pods would have DNS resolution without the Kube-DNS cluster addon. This is currently a deployment of dnsmasq with a kubernetes-aware sidecar, so that in addition to being able to resolve external services, your pods can also resolve services via servicename.namespace.svc.. In Kubernetes 1.11 (hopefully!), CoreDNS and its accompanying Kubernetes plugin will hit general availability - meaning it will be a strong contender for being the default DNS provider for your Kubernetes clusters.

At the most recent CNCF+KubeCon, Miek Gieben from Google (the creator of the most-used Go DNS library and CoreDNS) gave an intro to CoreDNS talk that inspired this post. In addition to introducing the project, he shows how anyone can easily and quickly add a feature to CoreDNS by writing a plugin - in this case implementing a domain override function commonly used in dnsmasq. It’s definitely worth a watch, and it might be a good idea to familiarise yourself with CoreDNS before the release of Kubernetes 1.11!