CoreDNS — Flexible DNS Server Written in Go

Introduction

CoreDNS was created as a modern successor to SkyDNS and quickly replaced kube-dns as the Kubernetes cluster DNS default. Its killer idea is plugin composition: a small core plus a linkable chain of plugins (cache, forward, kubernetes, file, etcd, hosts, rewrite, acl, metrics, health) described in a Caddy-style Corefile.

What CoreDNS Does

• Serves authoritative DNS from zone files, etcd, Kubernetes, or S3.
• Caches responses with configurable TTL floors/ceilings and pre-fetching.
• Forwards to upstream resolvers with health checks and policy-based selection.
• Resolves Kubernetes Service and Pod DNS records via the kubernetes plugin.
• Exports Prometheus metrics, OpenTelemetry traces, and structured logs.

Architecture Overview

CoreDNS is a single Go binary built around the dns.Handler chain. Each plugin is a Go package that implements ServeDNS and optionally Setup; compiling CoreDNS with a different plugin.cfg produces a custom binary with only the plugins you need. The Corefile is parsed at start-up into server blocks, each with its own listen address, zones, and plugin chain, giving you per-zone DNS views without extra processes.

Self-Hosting & Configuration

• Binary releases for Linux, macOS, Windows, FreeBSD, ARM64; Docker image coredns/coredns.
• Drive configuration with a single Corefile — edit and SIGUSR1 to reload without dropping queries.
• Use the kubernetes plugin for cluster DNS: point at the API and watch Services and Endpoints.
• Turn on DNSSEC via the dnssec plugin for signed outbound responses.
• Deploy multiple instances behind a VIP (keepalived, MetalLB, kube-proxy) for HA.

Key Features

• Kubernetes-native: authoritative for cluster.local with fast label selectors and EndpointSlice support.
• Rich plugin ecosystem (60+) covering caching, security, rewriting, filtering, and service discovery.
• Zero-downtime reload of zones and Corefile changes.
• Prometheus metrics out of the box for QPS, cache hit rate, upstream latency, and errors.
• Small footprint — single static binary, <20 MB memory baseline.

Comparison with Similar Tools

• BIND9 — venerable and feature-rich but more complex to operate and less cloud-native.
• Unbound — recursive-focused, great caching resolver; CoreDNS additionally serves authoritative zones and K8s.
• PowerDNS — excellent authoritative + recursor split with many backends; CoreDNS trades SQL backends for plugin composability.
• dnsmasq — light and simple for home/lab; CoreDNS scales further with observability and Kubernetes integration.
• Route53 / Cloud DNS — managed services; CoreDNS lets you keep control and run anywhere.

FAQ

Q: Can I run CoreDNS outside Kubernetes? A: Yes — it works equally well as a standalone DNS server, caching resolver, or authoritative nameserver.

Q: How do I add a custom plugin? A: Add the plugin to plugin.cfg in the source tree and make — CoreDNS uses external-plugin pattern via Caddy.

Q: Does it support DNS-over-TLS / HTTPS? A: Yes, the tls directive enables DoT; the grpc and forward https://... options cover DoH upstreams.

Q: How do I debug slow queries? A: Enable the log and trace plugins, scrape Prometheus latency histograms, and ship spans to Jaeger or Tempo.

Sources

• https://github.com/coredns/coredns
• https://coredns.io