1. You can override EKS's default DNS behavior by configuring conditional forwarding in CoreDNS.
2. Google Public DNS (
8.8.8.8) can be used for custom DNS resolution when a third-party domain fails to resolve via the default EKS DNS (10.100.0.10).3. The CoreDNS
ConfigMap must be modified with a new block targeting your domain and forwarding it to a custom DNS server.4. After changes, verify resolution using
nslookup via a test pod like BusyBox.5. This approach is helpful when DNS issues impact external API calls or service integrations.
One of our third-party API URLs was failing to resolve, so we figured out the solution to route through Google Public DNS, thus changing the routing of a particular domain from EKS Default DNS ( 10.100.0.10 ) to resolve using Google Public DNS.
We used 8.8.8.8, the primary DNS server for Google DNS, in order to function it correctly.
Configure Conditional Forwarder with CoreDNS in an Amazon EKS cluster
What is CoreDNS?
- CoreDNS is a DNS server that is modular and pluggable, and each plugin adds new functionality to CoreDNS. This can be configured by maintaining a Corefile, which is the CoreDNS configuration file.
- As a cluster administrator, you can modify the ConfigMap for the CoreDNS Corefile to change how DNS service discovery behaves for that cluster.
- CoreDNS uses negative caching whereas kube-dns does not (this means CoreDNS can cache failed DNS queries as well as successful ones, which overall should equal better speed in name resolution).
You can use CoreDNS to configure conditional forwarding for DNS queries that are sent to the domains resolved by a customized DNS server(like Google DNS Server).
How does Amazon EKS use CoreDNS?
Pods running inside the Amazon EKS cluster use the CoreDNS service’s cluster IP as the default name server for querying internal and external DNS records.
You can follow the mentioned steps to modify the CoreDNS ConfigMap and add the conditional forwarder configuration.
1. Run the following command:
$ kubectl -n kube-system edit configmap coredns
Output of the command should be:
apiVersion: v1
kind: ConfigMap
metadata:
annotations:
labels:
eks.amazonaws.com/component: coredns
k8s-app: kube-dns
name: coredns
namespace: kube-system
data: Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
proxy . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
domain-name:53 {
errors
cache 30
forward . custom-dns-server
reload
}Note: We have customized the above configMap with the domain-name “plapi.ecomexpress.in. Replace it with your domain name.
The custom-DNS-server IP address for Google DNS is used, that is (8.8.8.8). Replace the custom DNS server IP address with your custom DNS server IP address.
2. The final CoreDNS ConfigMap will look like:
apiVersion: v1
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
plapi.ecomexpress.in:53 {
errors
cache 30
forward . 8.8.8.8
reload
}
kind: ConfigMapprod@ip-192-168-X-XXX:/home/devtron$ kubectl exec busybox -- nslookup domain-name.in
Note: Replace the domain-name with your domain name.
The output before updating the custom route for CoreDNS:
prod@ip-192-168-X-XXX:/home/devtron$ kubectl exec busybox -- nslookup plapi.ecomexpress.in
Server: 10.100.0.10
Address 1: 10.100.0.10 kube-dns.kube-system.svc.cluster.local
Name: plapi.ecomexpress.in
Address 1: 172.20.92.37 ip-172-20-92-37.ap-south-1.compute.internal
Address 2: 172.20.54.52 ip-172-20-54-52.ap-south-1.compute.internal
The output after updating the custom route for CoreDNS:
prod@ip-192-168-X-XXX:/home/devtron$ kubectl exec busybox -- nslookup plapi.ecomexpress.in
Server: 10.100.0.10
Address 1: 10.100.0.10 kube-dns.kube-system.svc.cluster.local
Name: plapi.ecomexpress.in
Address 1: 35.154.40.19 ec2-35-154-40-19.ap-south-1.compute.amazonaws.com
Address 2: 3.6.218.14 ec2-3-6-218-14.ap-south-1.compute.amazonaws.comConclusion
Routing domain-specific traffic through Google Public DNS inside your EKS cluster is a reliable way to handle DNS resolution failures for third-party APIs. With CoreDNS’s flexibility, you can easily define conditional forwarding rules in your EKS setup, improving both reliability and control.
FAQ
What is conditional forwarding in CoreDNS?
Conditional forwarding allows CoreDNS to forward DNS queries for specific domains to custom DNS servers, instead of using the default resolver.
Why would I need to configure conditional forwarding in EKS?
You may want to resolve certain domains using public DNS servers like Google DNS (8.8.8.8) instead of the EKS internal DNS, especially if internal resolution fails.
What is the default DNS in Amazon EKS?
By default, pods in EKS use the CoreDNS service's cluster IP (usually 10.100.0.10) for DNS resolution.
How do I update CoreDNS in EKS?
You can modify the CoreDNS ConfigMap in the kube-system namespace using kubectl edit configmap coredns.
Can I use other public DNS providers like Cloudflare instead of Google DNS?
Yes, you can replace 8.8.8.8 with other public DNS servers like Cloudflare’s 1.1.1.1 or any custom DNS IP.
