CoreDNS in Kubernetes: Hands‑On DNS Resolution and Packet Capture Guide

Fully Qualified Domain Name (FQDN)

A Fully Qualified Domain Name (FQDN) is the complete domain name for a host on the Internet, composed of the hostname, domain name, and top‑level domain (e.g.,

www.ayunw.cn.

, where the trailing dot represents the root domain).

Classless Inter‑Domain Routing (CIDR)

CIDR notation such as

192.168.1.0/24

defines IP address ranges; the article mentions it briefly without detailed discussion.

Preparing the Test Environment

Inside a test pod the

/etc/resolv.conf

file shows the DNS server and search domains:

<code>root@demo-hello-perf-dev-v0-5-0-f9f9cd5c9-r27cw:/# cat /etc/resolv.conf
nameserver 10.10.0.2
search paas.svc.cluster.local svc.cluster.local cluster.local
options ndots:5</code>

After installing

dnsutils

, the pod can run

nslookup

against a custom domain (e.g.,

www.ayunw.cn

).

Finding the CoreDNS Pod and Entering Its Network Namespace

The CoreDNS pod is located with:

<code># kubectl get po -n kube-system -o wide | grep coredns
coredns-69d9b6c494-4nrxt   1/1   Running   0   96d   10.20.246.18   node2.core   <none>   <none></code>

The pod’s container ID is inspected to obtain its PID, then

nsenter

is used to enter the pod’s network namespace for packet capture.

Resolving an Internal Service Name

Resolving the built‑in

kubernetes

service:

<code># kubectl get svc kubernetes
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.10.0.1    <none>        443/TCP   57d
# nslookup kubernetes.default
Server:  10.10.0.2
Address: 10.10.0.2#53
Name: kubernetes.default.svc.cluster.local
Address: 10.10.0.1</code>

Packet capture of the DNS query:

<code># tcpdump -i eth0 port 53 | grep "kubernetes"
16:44:42.712421 IP 10.20.105.252.60020 > qing-core-kube-node-srv2.domain: 7282+ A? kubernetes.default.svc.cluster.local. (54)
...</code>

The capture shows that when the number of dots in the query name is less than the

ndots

value, the resolver appends the search domains in order until a response is obtained.

Resolving an External Domain (www.ayunw.cn)

Running

nslookup www.ayunw.cn

returns the external A record (e.g.,

134.175.123.64

). The packet capture filtered for "ayunw" shows multiple attempts with different search suffixes before the final successful query:

<code># tcpdump -i eth0 port 53 | grep "ayunw"
14:38:07.350640 IP 10.20.105.252.47767 > qing-core-kube-node-srv2.domain: 13102+ A? www.ayunw.cn.cluster.local. (44)
14:38:19.111441 IP 10.20.105.252.56968 > qing-core-kube-node-srv2.domain: 62838+ A? www.ayunw.cn. (30)
...</code>

Because the query name has only two dots (

www.ayunw.cn

) which is fewer than

ndots:5

, the resolver first tries the configured search domains (

paas.svc.cluster.local

,

svc.cluster.local

,

cluster.local

) and finally falls back to the bare name, obtaining the A record.

Resolving a Domain with Dot Count Equal to ndots

Testing a domain with five dots (

x.y.z.v.ayunw.cn

) shows that the resolver sends a single query without appending any search suffixes, confirming that when the dot count equals

ndots

the name is considered fully qualified.

<code># nslookup x.y.z.v.ayunw.cn
Name: x.y.z.v.ayunw.cn
Address: 134.175.123.64</code>

Conclusion

If the number of dots in a query name is less than the

ndots

value, the resolver appends each search domain in order until a response is received; if none match, it queries the name itself. When the dot count equals or exceeds

ndots

, the name is queried directly. To reduce unnecessary DNS lookups, design domain names so that their dot count matches the

ndots

setting (e.g.,

kubernetes.paas.svc.cluster.local

), or use fully qualified names within the same namespace.