DOKS uses CoreDNS for cluster DNS management. In this architecture, pods reach out to the CoreDNS service for DNS queries which are translated to an endpoint. When you do a lot of DNS queries, you may run into issues related to DNS quotas and noticeable UDP packet drop. NodeLocal DNSCache enables you to run a DNS caching agent on every cluster node to cache DNS results. When a pod makes a DNS request, it first reaches out to the DNS caching agent on the same node. Doing so avoids DNAT rules and connection tracking, which reduces the average DNS lookup time and improves the cluster DNS resolution performance. If the record is not present, then the caching agent queries the CoreDNS service. For more information, see Using NodeLocal DNSCache in Kubernetes Clusters in the Kubernetes documentation.
To enable NodeLocal DNSCache, create a
nodelocaldns.yaml manifest and specify your values, as described in the Configuration section of the Kubernetes documentation.
Additionally, you need to customize the DNS settings of your workloads to use the
<node-local-address> of the NodeLocal DNSCache. This is required because DOKS-specific iptables rules prevent the DNS cache instances from serving requests in the default NodeLocal DNSCache configuration.
<node-local-address> of 169.254.0.5, a pod’s manifest looks similar to the following:
- name: client
searches: ["kube-system.svc.cluster.local", "svc.cluster.local", "cluster.local"]
nameservers value must be set to the
<node-local-address> configured into NodeLocal DNSCache. Additionally, the
dnsPolicy value must be set to
none to prevent merging in the default CoreDNS name server from the Kubernetes environment. Consequently, other default
resolv.conf settings, such as
options must also be explicitly defined as shown above.
For more information on how to specify the
dnsConfig field of the pod, see Pod’s DNS Config in the Kubernetes documentation.