Using unbound for private DNS resolution in kubernetes

Originally published at

Workloads running in kubernetes pods commonly need access to services outside the cluster. In heterogeneous architectures where some services run in kubernetes and others are implemented on cloud VMs this often means resolving private DNS names that point to either specific hosts or to internal load balancers that provide ingress to groups of hosts.

In kubernetes the standard DNS resolver is kube-dns, which is a pod in the kube-system namespace that runs a dnsmasq container as well as a container with some custom golang glue that interfaces between the dns server and the rest of the cluster control plane. The kube-dns service cluster IP is injected into pods via /etc/resolv.conf as we can see here:

$ kubectl get svc kube-dns -n kube-system
kube-dns <none>      53/UDP,53/TCP 153d
$ kubectl exec some-pod — cat /etc/resolv.conf
search default.svc.cluster.local svc.cluster.local cluster.local options ndots:5
Continue reading