Kubernetes DNS: How Service Discovery Works
Understand Kubernetes DNS resolution with CoreDNS. Service discovery, pod DNS, headless services, custom DNS policies, and troubleshooting DNS failures.
π‘ Quick Answer: Understand Kubernetes DNS resolution with CoreDNS. Service discovery, pod DNS, headless services, custom DNS policies, and troubleshooting DNS failures.
The Problem
This is one of the most searched Kubernetes topics. Having a comprehensive, well-structured guide helps both beginners and experienced users quickly find what they need.
The Solution
DNS Resolution Format
<service>.<namespace>.svc.cluster.local
# Examples:
postgres.default.svc.cluster.local # Service in default namespace
redis.cache.svc.cluster.local # Service in cache namespace
my-pod.my-service.default.svc.cluster.local # Pod via headless serviceHow It Works
# Every pod gets DNS configured automatically
kubectl exec my-pod -- cat /etc/resolv.conf
# nameserver 10.96.0.10 β CoreDNS ClusterIP
# search default.svc.cluster.local svc.cluster.local cluster.local
# ndots:5
# Because of search domains, you can use short names:
# "postgres" β postgres.default.svc.cluster.local
# "redis.cache" β redis.cache.svc.cluster.localDNS for Service Types
| Service Type | DNS Record | Returns |
|---|---|---|
| ClusterIP | A record | ClusterIP (virtual IP) |
| Headless (clusterIP: None) | A record | All pod IPs |
| ExternalName | CNAME | External hostname |
| NodePort/LoadBalancer | A record | ClusterIP |
Troubleshoot DNS
# Test DNS resolution
kubectl run dns-debug --rm -it --image=nicolaka/netshoot -- bash
# dig my-service.default.svc.cluster.local
# nslookup my-service
# Check CoreDNS pods
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns
# Check CoreDNS configmap
kubectl get configmap coredns -n kube-system -o yamlCustom DNS Policy
spec:
dnsPolicy: None
dnsConfig:
nameservers:
- 8.8.8.8
- 8.8.4.4
searches:
- my.custom.domain
options:
- name: ndots
value: "2" # Reduce DNS queries (default 5 causes extra lookups)graph LR
A[Pod: curl postgres] --> B[/etc/resolv.conf]
B -->|Search: default.svc.cluster.local| C[CoreDNS]
C -->|postgres.default.svc.cluster.local| D[Return ClusterIP 10.96.5.10]
D --> E[Pod connects to ClusterIP]
E --> F[kube-proxy routes to backend pod]Frequently Asked Questions
Why does DNS resolution take 5 seconds?
Usually ndots:5 causing unnecessary lookups. If your service name has fewer than 5 dots, Kubernetes appends each search domain before trying the absolute name. Set ndots:2 in your podβs dnsConfig for external lookups.
Can pods in different namespaces reach each other via DNS?
Yes β use the full name: service.other-namespace.svc.cluster.local or short: service.other-namespace.
Best Practices
- Start simple β use the basic form first, add complexity as needed
- Be consistent β follow naming conventions across your cluster
- Document your choices β add annotations explaining why, not just what
- Monitor and iterate β review configurations regularly
Key Takeaways
- This is fundamental Kubernetes knowledge every engineer needs
- Start with the simplest approach that solves your problem
- Use
kubectl explainandkubectl describewhen unsure - Practice in a test cluster before applying to production
Recommended
Kubernetes Recipes β The Complete Book100+ production-ready patterns with detailed explanations, best practices, and copy-paste YAML. Everything in one place.
Get the Book βLearn by Doing
CopyPasteLearn β Hands-on Cloud & DevOps CoursesMaster Kubernetes, Ansible, Terraform, and MLOps with interactive, copy-paste-run lessons. Start free.
Browse Courses β
π Deepen Your Skills β Hands-on Courses
Courses by CopyPasteLearn.com β Learn IT by Doing
Want More Kubernetes Recipes?
This recipe is from Kubernetes Recipes, our 750-page practical guide with hundreds of production-ready patterns.