CoreDNS Plugins, Configuration, and Stub-Domain Setup

* [kubernetes](https://coredns.io/plugins/kubernetes/): CoreDNS will reply to DNS queries based on IP of the Services and Pods. You can find [more details](https://coredns.io/plugins/kubernetes/) about this plugin on the CoreDNS website. - `ttl` allows you to set a custom TTL for responses. The default is 5 seconds. The minimum TTL allowed is 0 seconds, and the maximum is capped at 3600 seconds. Setting TTL to 0 will prevent records from being cached. - The `pods insecure` option is provided for backward compatibility with `kube-dns`. - You can use the `pods verified` option, which returns an A record only if there exists a pod in the same namespace with a matching IP. - The `pods disabled` option can be used if you don't use pod records. * [prometheus](https://coredns.io/plugins/metrics/): Metrics of CoreDNS are available at `http://localhost:9153/metrics` in the [Prometheus](https://prometheus.io/) format (also known as OpenMetrics). * [forward](https://coredns.io/plugins/forward/): Any queries that are not within the Kubernetes cluster domain are forwarded to predefined resolvers (/etc/resolv.conf). * [cache](https://coredns.io/plugins/cache/): This enables a frontend cache. * [loop](https://coredns.io/plugins/loop/): Detects simple forwarding loops and halts the CoreDNS process if a loop is found. * [reload](https://coredns.io/plugins/reload): Allows automatic reload of a changed Corefile. After you edit the ConfigMap configuration, allow two minutes for your changes to take effect. * [loadbalance](https://coredns.io/plugins/loadbalance): This is a round-robin DNS loadbalancer that randomizes the order of A, AAAA, and MX records in the answer. You can modify the default CoreDNS behavior by modifying the ConfigMap. ### Configuration of Stub-domain and upstream nameserver using CoreDNS CoreDNS has the ability to configure stub-domains and upstream nameservers using the [forward plugin](https://coredns.io/plugins/forward/). #### Example If a cluster operator has a [Consul](https://www.consul.io/) domain server located at "10.150.0.1", and all Consul names have the suffix ".consul.local". To configure it in CoreDNS, the cluster administrator creates the following stanza in the CoreDNS ConfigMap. ``` consul.local:53 { errors cache 30 forward . 10.150.0.1 } ``` To explicitly force all non-cluster DNS lookups to go through a specific nameserver at 172.16.0.1, point the `forward` to the nameserver instead of `/etc/resolv.conf` ``` forward . 172.16.0.1 ``` The final ConfigMap along with the default `Corefile` configuration looks like: ```yaml apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . 172.16.0.1 cache 30 loop reload loadbalance } consul.local:53 { errors cache 30 forward . 10.150.0.1 } ``` {{< note >}} CoreDNS does not support FQDNs for stub-domains and nameservers (eg: "ns.foo.com"). During translation, all FQDN nameservers will be omitted from the CoreDNS config. {{< /note >}} ## {{% heading "whatsnext" %}} - Read [Debugging DNS Resolution](/docs/tasks/administer-cluster/dns-debugging-resolution/)

This section details the CoreDNS plugins like 'forward', 'cache', 'loop', 'reload', and 'loadbalance'. It explains how to modify the CoreDNS ConfigMap to customize its behavior, including setting up stub-domains and upstream nameservers using the forward plugin. It also provides examples of configuring CoreDNS for Consul domain servers and forcing non-cluster DNS lookups through a specific nameserver. The note highlights that CoreDNS doesn't support FQDNs for stub-domains and nameservers.