Help Center> Cloud Container Engine> FAQ> DNS FAQs> How Do I Configure a DNS Policy for a Container?
View PDF

How Do I Configure a DNS Policy for a Container?

CCE uses dnsPolicy to identify different DNS policies for each pod. The value of dnsPolicy can be either of the following:

  • None: No DNS policy is configured. In this mode, you can customize the DNS configuration, and dnsPolicy needs to be used together with dnsConfig to customize the DNS.
  • Default: Some say that the default mode is using the host machine, which is not accurate.

    In this mode, kubelet determines the DNS policy to be used. By default, kubelet uses the /etc/resolv.conf file of the host. However, kubelet can flexibly configure which file to be used for DNS policies. You can use the kubelet parameter –resolv-conf=/etc/resolv.conf to determine the address of the DNS resolution file.

  • ClusterFirst: In this mode, the DNS in the pod uses the DNS service configured in the cluster. That is, the kube-dns or CoreDNS service in the Kubernetes is used for domain name resolution. If the resolution fails, the DNS configuration of the host machine is used for resolution.

If the type of dnsPolicy is not specified, ClusterFirst is used by default.

  • If the type of dnsPolicy is set to Default, the name resolution configuration is inherited from the worker node where the pod is running.
  • If the type of dnsPolicy is set to ClusterFirst, DNS queries will be sent to the kube-dns service.

    The kube-dns service responds to queries on the domains that use the configured cluster domain suffix as the root. All other queries (for example, www.kubernetes.io) are forwarded to the upstream name server inherited from the node. Before this feature was supported, stub domains were typically introduced by a custom resolver, instead of the upstream DNS. However, this causes the custom resolver itself to be the key path to DNS resolution, where scalability and availability issues can make the DNS functions unavailable to the cluster. This feature allows you to introduce custom resolvers without taking over the entire resolution path.

If a workload does not need to use CoreDNS in the cluster, you can use kubectl or call the APIs to set the dnsPolicy to Default.

Parent topic: DNS FAQs