BestHub
Sign in
Cloud Native 6 min read

How CoreDNS and kubelet Configure /etc/resolv.conf in Kubernetes Pods

This article explains how CoreDNS runs on a Caddy‑based HTTP/2 server in Kubernetes, how kubelet injects the cluster DNS IP into each container’s /etc/resolv.conf, and how different dnsPolicy settings (Default, ClusterFirst, ClusterFirstWithHostNet, None) affect the resolv.conf configuration, including key options and examples.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How CoreDNS and kubelet Configure /etc/resolv.conf in Kubernetes Pods

CoreDNS Overview

In a Kubernetes cluster, container workloads resolve domain names via the CoreDNS service. CoreDNS is built on the Caddy framework, running as a Go‑written HTTP/2 web server. It uses a plugin‑chain architecture configured through a ConfigMap, executing plugins in order and exposing DNS over TCP, UDP, gRPC, and HTTPS.

How kubelet modifies /etc/resolv.conf

CoreDNS communicates with the kube‑apiserver to obtain the mapping between Service names and their ClusterIP. CoreDNS itself is reachable at its ClusterIP (for example, 10.247.3.10). Since the operating system resolver reads the nameserver field from /etc/resolv.conf, kubelet injects the CoreDNS ClusterIP into each container’s /etc/resolv.conf.

The injection is performed by kubelet when it starts a pod; the --cluster-dns flag supplies the CoreDNS ClusterIP, and kubelet writes this value into the pod’s resolv.conf according to the pod’s dnsPolicy setting.

Effect of different dnsPolicy values

Default : The pod inherits the node’s /etc/resolv.conf nameserver entries.

# Node /etc/resolv.conf
nameserver X.X.X.X
nameserver X.X.X.Y
options ndots:5 timeout:2 single-request-reopen

ClusterFirst : The pod’s /etc/resolv.conf is populated with the CoreDNS service IP and a standard search list.

nameserver 10.247.3.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5 timeout:2 single-request-reopen

ClusterFirstWithHostNet : For pods using hostNetwork, the DNS policy must be explicitly set to ClusterFirstWithHostNet; otherwise the combination behaves like Default.

nameserver 10.247.3.10
search default.svc.cluster.local svc.cluster.local cluster.local
options ndots:5 timeout:2 single-request-reopen

None : Allows full customisation of the pod’s /etc/resolv.conf via the dnsConfig field, bypassing Kubernetes defaults.

/etc/resolv.conf fields explained

nameserver: IP address of the DNS server used for name resolution.
search: List of domain suffixes appended during lookup, e.g., svcname.default.svc.cluster.local → svcname.svc.cluster.local → svcname.cluster.local.
options:
  - ndots:n   Treat a name as fully qualified if it contains at least n dots.
  - timeout:s   Seconds to wait for a DNS response before retrying.
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

KuberneteskubeletCoreDNSdnsPolicyresolv.conf
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment