High‑Availability DNS Solutions on Tencent Cloud: BIND and CoreDNS with ETCD

This article, originally from the Tencent Cloud Developer Community, presents two high‑availability DNS solutions for enterprises running on Tencent Cloud: a BIND‑based intelligent DNS and a CoreDNS + ETCD cluster.

It first reviews DNS fundamentals, including the hierarchical namespace, root and top‑level domains, and common record types (A, NS, CNAME, MX).

Then it describes the BIND solution: set hostnames, configure /etc/hosts , install BIND, edit /etc/named.conf with ACLs, listeners, forwarders, zones, and start the service. Example commands:

hostnamectl set-hostname node4.rocky.com

hostnamectl set-hostname node5.rocky.com

cat /etc/hosts

yum -y install bind

cat /etc/named.conf

The article also shows how to create forward and reverse zone files and verify resolution with nslookup .

Next, it introduces the CoreDNS solution that stores DNS records in an ETCD cluster. It explains ETCD installation, cluster configuration on three nodes, and health‑check commands.

yum -y install etcd

systemctl enable etcd; systemctl start etcd

etcdctl member list

etcdctl cluster-health

CoreDNS is installed, a Corefile is created to enable the etcd plugin, caching, load‑balancing and forwarding to upstream DNS servers. Sample Corefile excerpt:

. { etcd node1.rocky.com node2.rocky.com node3.rocky.com 10.in-addr.arpa { stubzones path /skydns endpoint http://10.0.2.4:2379 http://10.0.2.8:2379 http://10.0.2.15:2379 upstream 183.60.83.19:53 183.60.82.98:53 } cache 600 loadbalance forward . 183.60.82.98:53 183.60.83.19:53 }

A systemd unit file for CoreDNS is provided and enabled.

[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=~
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target

DNS records are added to ETCD with etcdctl put commands, and resolution is verified using dig and nslookup .

etcdctl put /skydns/com/rocky/node1 '{"host":"10.0.2.4","ttl":10}'

dig @node1 www.tam3.com

Both solutions achieve internal and external name resolution, support multi‑AZ deployment, and keep the DNS service inside the private network. The article concludes with a summary, an appendix of common DNS tools, and author information.