How can I reduce latency and improve the performace of a cluster's DNS resolution?
DOKS uses CoreDNS for cluster DNS management. In this architecture, pods reach out to the CoreDNS service for DNS queries which are translated to an endpoint. When you do a lot of DNS queries, you may run into issues related to DNS quotas and noticeable UDP packet drop. NodeLocal DNSCache enables you to run a DNS caching agent on every cluster node to cache DNS results. When a pod makes a DNS request, it first reaches out to the DNS caching agent on the same node. Doing so avoids DNAT rules and connection tracking, which reduces the average DNS lookup time and improves the cluster DNS resolution performance. If the record is not present, then the caching agent queries the CoreDNS service. For more information, see Using NodeLocal DNSCache in Kubernetes Clusters in the Kubernetes documentation.
To enable NodeLocal DNSCache, create a nodelocaldns.yaml manifest and specify your values, as described in the Configuration section of the Kubernetes documentation.
Additionally, you need to customize the DNS settings of your workloads to use the <node-local-address> of the NodeLocal DNSCache. This is required because DOKS-specific iptables rules prevent the DNS cache instances from serving requests in the default NodeLocal DNSCache configuration.
Assuming a <node-local-address> of 169.254.0.5, a pod’s manifest looks similar to the following:
The nameservers value must be set to the <node-local-address> configured into NodeLocal DNSCache. Additionally, the dnsPolicy value must be set to none to prevent merging in the default CoreDNS name server from the Kubernetes environment. Consequently, other default resolv.conf settings, such as searches and options must also be explicitly defined as shown above.
For more information on how to specify the dnsConfig field of the pod, see Pod’s DNS Config in the Kubernetes documentation.
