BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News DNS Solution CoreDNS Graduates from the Cloud Native Computing Foundation

DNS Solution CoreDNS Graduates from the Cloud Native Computing Foundation

CoreDNS, a cloud-native DNS server commonly used for dynamic DNS-based service discovery, has become the first Cloud Native Computing Foundation (CNCF) project to graduate in 2019.

As per the CNCF guidelines, projects that graduate have reached a level a maturity that includes broad adoption, a system of governance, and a commitment to community sustainability. CoreDNS has seen broader adoption following backing from the CNCF in 2017 and the decision by the Kubernetes team to transition from their internal Kube DNS solution to CoreDNS.

Kubernetes, the popular container orchestration framework that is also a graduated CNCF project, made CoreDNS available as a cluster DNS add-on in version 1.11, and it became the default DNS server in version 1.13.

The Kubernetes team determined that implementing CoreDNS as the default DNS server within the platform would solve reliability and security issues with the original implementation, Kube-DNS, specifically around vulnerabilities in dnsmasq. The use of CoreDNS avoided these issues and also brought greater flexibility through several key implementation differences:

  • CoreDNS runs as a single container. Kube DNS ran as several containers within a single pod, which included: kubedns, dnsmasq, and a sidecar.
  • CoreDNS is a Go process that replicates and enhances the functionality of Kube-DNS.
  • CoreDNS is designed to be a general purpose DNS server that is backwards compatible with Kubernetes, and its extendable plugins can do more than is provided in the Kubernetes DNS specification.

Originally created by Miek Gieben in 2016, CoreDNS is an open source Go project that uses a chain of plugins to create a flexible implementation in order to provide DNS features such as Kubernetes service discovery, etcd backends, and Prometheus metrics. According to Gieben, the project started as a fork of the Caddy web server, whose simple design was a leading inspiration for the project. CoreDNS was intended to be a successor to SkyDNS that could be used for traditional DNS, as well as service discovery. This is achieved through the use of extendable middleware and plugins. Key features that distinguish CoreDNS include:

  • Encrypted DNS over TLS, gRPC, or HTTPS
  • In-cluster Kubernetes DNS service discovery
  • Dynamic DNS-based service discover backed by etcd

Once installed and configured, CoreDNS runs a set of servers that are each defined by the DNS zone and port they serve. Each of these servers has its own plugin chain. Queries that hit the server are routed to the most specific zone and then passed to the plugin chain. As per the CoreDNS documentation, plugins fall into one of the following groups:

  • Query is processed: The plugin returns a response to the client and processing stops.
  • Query is not processed: The plugin decides not to process the query and passes it to the next plugin in the chain.
  • Query is processed with fallthrough: The plugin handles the query, but based on the response, decided to pass the query to other plugins for further processing.
  • Query is processed with a hint: The plugin processes the query and always passes it to the next plugin with a hint that allows it to see the response to the client.

CoreDNS Architecture.

How queries are processed in CoreDNS. [Image from the CoreDNS website]

The extendable nature of CoreDNS has also led to its adoption outside of the Kubernetes community. It's actively supported by Infoblox, which includes it in their SaaS DNS offering. SoundCloud uses CoreDNS as internal cache and proxy within their Kubernetes clusters in order to handle hundreds of thousands of DNS service discovery requests per second. Tradeshift also uses CoreDNS to look up company identifiers across multiple shards/regions/zones.

The CoreDNS community is iterating around performance, new plugins, and improvements to protocols including the not yet standardized DNS over gRPC. As maintainer Michael Grosser noted in an email exchange with InfoQ:

We would love people to join the CoreDNS community to give us more insight into specific use cases, issues and additional testing possibilities for these experimental ideas. This brings us to one of the main challenges. Iterating on more experimental efforts needs additional user involvement and companies willing to test in real world scenarios.

Further information on CoreDNS and contributing to the project can be found on the CoreDNS website.

Rate this Article

Adoption
Style

BT