Table of Contents
Preface vii
1 Introduction 1
What Is CoreDNS? 1
CoreDNS, Containers, and Microservices 2
CoreDNS Limitations 3
CoreDNS, Kubernetes, and the Cloud Native Computing Foundation 4
2 A DNS Refresher 5
What Is the Domain Name System? 5
Domain Names and the Namespace 6
Domains, Delegation, and Zones 7
Resource Records 9
DNS Servers and Authority 10
Resolvers 11
Resolution and Recursion 12
Caching 13
Resource Records 15
NAME 16
TTL 16
CLASS 17
Resource Record Types 17
The A Record 17
The AAAA Record 18
The CNAME Record 18
The MX Record 19
The NS Record 20
The SRV Record 21
The PTR Record 23
The SOA Record 24
An Annotated Zone Data File 26
3 Configuring CoreDNS 29
Getting CoreDNS 29
CoreDNS Command-Line Options 31
Corefile Syntax 32
Environment Variables 34
Reusable Snippets 35
Import 35
Server Blocks 35
Query Processing 37
Plug-ins 38
Root 39
File 39
Secondary 40
Forward 42
Cache 44
Errors 45
Log 47
Common Configuration Options 50
Fallthrough 50
Tls 50
Transfer to 51
Sample DNS Server Configurations 51
Caching-Only DNS Server 51
Primary DNS Server 52
Secondary DNS Server 52
4 Managing Zone Data 55
The file Plug-in 55
The auto Plug-in 58
Using the auto Plug-in with Git 59
The hosts Plug-in 60
The route53 plug-in 62
5 Service Discovery 65
Introduction to Service Discovery 65
Solving the Service Discovery Problem 66
Service Discovery with CoreDNS and etcd 68
The etcd Plug-in 69
Other Service Discovery Options 74
Service Discovery and Container Orchestration 75
6 Kubernetes 77
Basic Concepts 77
Kubernetes Networking 79
Cluster IP Services 80
Headless Services 81
Kubernetes DNS Specification 82
CoreDNS Integration 91
Default Configuration 93
Stub Domains and Federations 96
Cluster DNS Deployment Resources 98
Role-Based Access Control 98
Service 100
Deployment 101
Autoscaling 105
A Better Configuration 106
The kubernetes Plug-in 109
CoreDNS Extensions 111
Pod Options 111
Wildcard Queries 112
Autopath and the Dreaded ndots:5 113
Zone Transfer Support 115
Exposing Services Externally 116
Modifying the Available Records 117
7 Manipulating Queries and Responses 121
The template Plug-in 121
The rewrite Plug-in 124
Using the rewrite Plug-in for EDNS0 Options 127
Multiple rewrite Rules 128
The metadata Plug-in 129
Signing Responses with the DNS Security Extensions 130
Managing a DNSSEC-Signed Primary Zone 131
On-the-Fly DNSSEC Signing with the dnssec Plug-in 136
Case Study: Infoblox's BloxOne Threat Defense 137
Identifying Users 138
Applying Policy 139
8 Monitoring and Troubleshooting 141
The prometheus Plug-in 141
The log Plug-in 143
The dnstap Plug-in 147
The errors Plug-in 150
The trace Plug-in 151
The debug Plug-in 154
9 Building a Custom Server 157
Compiling CoreDNS with an External Plug-in 157
Building Using Docker 158
Building on Your Workstation 159
Modifying plugin.cfg 161
Replacing main 164
Writing a Custom Plug-in 170
There Can Be Only One 173
Integrating with Metrics, Trace, and Metadata 178
Index 181