• Cloud Container Engine

  1. Help Center
  2. Cloud Container Engine
  3. User Guide 2.0
  4. Add-on Management
  5. coredns


The coredns add-on is a DNS server that chains plug-ins and provides domain name resolution services for Kubernetes clusters. Only clusters of Kubernetes 1.11 and later support this add-on.

Introduction to the Add-on

coredns is a Cloud Native Computing Foundation (CNCF) incubating project for DNS and service discovery in a cloud-native environment. coredns chains add-ons to achieve agility and flexibility. coredns can automatically discover services in a Kubernetes cluster and provide domain name resolution for these services. In addition, by connecting to the DNS server of cloud, coredns can resolve external domain names for applications in a cluster. Currently, coredns is the recommended DNS server for clusters in Kubernetes 1.11 and later.

Application Scenarios

The coredns add-on is installed by default in clusters of which the version is 1.11. When an add-on upgrade or bug fix is available, you only need to install or upgrade the coredns add-on. Upgrading or re-creating the cluster is not required.

Configuring the Stub Domain for coredns

Cluster administrators can modify the ConfigMap for the coredns Corefile to change how service discovery works. coredns has the ability to configure stub domains using the proxy plugin.

Assume that a cluster operator has a Consul DNS server located at and all Consul names have the suffix .consul.local. To configure Consul in coredns, the cluster administrator creates the following information in the coredns ConfigMap:

consul.local:5353 {
        cache 30
        proxy .

ConfigMap after modification:

apiVersion: v1
  Corefile: |-
    .:5353 {
        cache 30
        kubernetes cluster.local in-addr.arpa ip6.arpa {
          pods insecure
          upstream /etc/resolv.conf
          fallthrough in-addr.arpa ip6.arpa
        loadbalance round_robin
        proxy . /etc/resolv.conf

    consul.local:5353 {
        cache 30
        proxy .
kind: ConfigMap
  name: coredns
  namespace: kube-system

How Does Domain Name Resolution Work in Kubernetes?

DNS policies can be set on a per-pod basis. Currently, Kubernetes supports the following pod-specific DNS policies: Default, ClusterFirst, ClusterFirstWithHostNet, and None. For more details, see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/. These policies are specified in the dnsPolicy field of a pod Spec.

  • Kubernetes 1.10 and later support all four types of DNS policies. Kubernetes earlier than v1.10 supports only three types of policies, that is, Default, ClusterFirst, and ClusterFirstWithHostNet.
  • Default is not the default DNS policy. If dnsPolicy is not explicitly specified, ClusterFirst is used.

Without custom configurations: Any query that does not match the configured cluster domain suffix, such as "www.kubernetes.io", is forwarded to the upstream DNS server inherited from the node.

With custom configurations: If stub domains and upstream DNS servers are configured, DNS queries are routed according to the following flow:

  1. The query is first sent to the DNS caching layer in kube-dns.
  2. From the caching layer, the suffix of the request is examined and then forwarded to the appropriate DNS, based on the following cases:
    • Names with the cluster suffix, for example ".cluster.local": The request is sent to kube-dns.
    • Names with the stub domain suffix, for example ".acme.local": The request is sent to the configured custom DNS resolver, listening for example at
    • Names without a matching suffix, for example "widget.com": The request is forwarded to the upstream DNS server, for example Google public DNS server at and
    Figure 1 Routing

Installing the Add-on

By default, coredns is installed in clusters of Kubernetes v1.11 and later. Note that only clusters of Kubernetes v1.11 and later support coredns.

Upgrading the Add-on

  1. Log in to the CCE console. In the navigation pane, choose Add-on Management. On the Add-on Instances tab page, click Upgrade under coredns. If the upgrade button is unavailable, the current add-on version is up-to-date and no upgrade is required. The coredns add-on will be upgraded in rolling upgrade mode to ensure that the domain name resolution service is not interrupted.
  2. On the Basic Information page, select the add-on version, and click Next.
  3. Select instance specifications, and click Upgrade.

Uninstalling the Add-on

  1. Log in to the CCE console. In the navigation pane, choose Add-on Management. On the Add-on Instances tab page, click Uninstall under coredns.
  2. In the dialog box that is displayed, click OK to uninstall the add-on.