Help Center/ Cloud Container Engine/ User Guide/ Old Console/ Networking/ DNS/ Using NodeLocal DNSCache to Improve DNS Performance

Updated on 2024-11-11 GMT+08:00

View PDF

Using NodeLocal DNSCache to Improve DNS Performance

Challenges

During DNS resolution, if there are a large number of requests, CoreDNS will be under pressure, which has the following impacts:

The query becomes slow, affecting service performance.
CoreDNS requires higher specifications.

Solutions

NodeLocal DNSCache improves cluster DNS performance by running DNS cache proxies on cluster nodes.

After NodeLocal DNSCache is enabled, a DNS query goes through the path as shown below.

Figure 1 NodeLocal DNSCache query path
Click to enlarge

Installing the Add-on

CCE provides add-on node-local-dns for you to install NodeLocal DNSCache.

The node-local-dns add-on supports only clusters of v1.19 and later.
NodeLocal DNSCache serves as a transparent caching proxy for CoreDNS and does not provide plug-ins such as hosts or rewrite. If you want to enable these plug-ins, modify the CoreDNS configurations.
Pods cannot be automatically injected into the kube-system namespace.

(Optional) Modify the CoreDNS configuration so that the CoreDNS preferentially uses UDP to communicate with the upstream DNS server.

The NodeLocal DNSCache uses TCP to communicate with the CoreDNS. The CoreDNS communicates with the upstream DNS server based on the protocol used by the request source. However, the cloud server does not support TCP. To use NodeLocal DNSCache, you need to modify the CoreDNS configuration so that UDP is preferentially used to communicate with the upstream DNS server, preventing resolution exceptions.

Run the following command:

kubectl edit configmap coredns -nkube-system

In the forword plug-in, specify perfer_udp as the protocol used by requests. After the modification, CoreDNS preferentially uses UDP to communicate with the upstream system.
```
forward . /etc/resolv.conf { prefer_udp }
```
Log in to the CCE console and access the cluster details page. Choose Add-ons in the navigation pane, locate node-local-dns on the right, and click Install.
On the Install Add-on page, select the add-on specifications and set related parameters.

enable_dnsconfig_admission: whether to automatically inject DNSConfig to the newly created pods. Defaults to false. The value true enables auto injection, preventing the injection of manually configured pod YAML files.
After the preceding configurations are complete, click Install.

Using NodeLocal DNSCache

You can use NodeLocal DNSCache in either of the following ways:

Auto injection: Automatically configure the dnsConfig field of the pod when creating the pod. (Pods cannot be automatically injected into the kube-system namespace.)
Manual configuration: Manually configure the dnsConfig field of the pod.

Auto injection

The following conditions must be met:

enable_dnsconfig_admission has been set to true for the add-on.
The node-local-dns-injection=enabled label has been added to the namespace.
kubectl label namespace default node-local-dns-injection=enabled
The new pod does not run in the kube-system or kube-public namespace.
The node-local-dns-injection=disabled label for disabling DNS injection is not added to the new pod.
The new pod uses the host network and DNSPolicy is ClusterFirstWithHostNet. Alternatively, the pod does not use the host network and DNSPolicy is ClusterFirst.

After auto injection is enabled, the following dnsConfig settings are automatically added to the created pod. In addition to the NodeLocal DNSCache address 169.254.20.10, the CoreDNS address 10.247.3.10 is added to nameservers, ensuring high availability of the service DNS server.

  dnsConfig:
    nameservers:
      - 169.254.20.10
      - 10.247.3.10
    searches:
      - default.svc.cluster.local
      - svc.cluster.local
      - cluster.local
    options:
      - name: timeout
        value: ''
      - name: ndots
        value: '5'
      - name: single-request-reopen

Manual configuration

Manually add the dnsConfig settings to the pod.

Create a pod and set dnsConfig to 169.254.20.10.

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - image: nginx:alpine
    name: container-0
  dnsConfig:
    nameservers:
    - 169.254.20.10
    searches:
    - default.svc.cluster.local
    - svc.cluster.local
    - cluster.local
    options:
    - name: ndots
      value: '2'
  imagePullSecrets:
  - name: default-secret