The DNS Operator deploys and manages CoreDNS to provide a name resolution service to pods, enabling DNS-based Kubernetes Service discovery in OpenShift.

DNS Operator

The DNS Operator implements the dns API from the API group. The operator deploys CoreDNS using a DaemonSet, creates a Service for the DaemonSet, and configures the kubelet to instruct pods to use the CoreDNS Service IP for name resolution.

View the default DNS

Every new OpenShift Dedicated installation has a dns.operator named default.

  1. Use the oc describe command to view the default dns:

    $ oc describe dns.operator/default
    Example output
    Name:         default
    Labels:       <none>
    Annotations:  <none>
    API Version:
    Kind:         DNS
      Cluster Domain:  cluster.local (1)
      Cluster IP: (2)
    1 The Cluster Domain field is the base DNS domain used to construct fully qualified Pod and Service domain names.
    2 The Cluster IP is the address pods query for name resolution. The IP is defined as the 10th address in the Service CIDR range.

Using DNS forwarding

You can use DNS forwarding to override the forwarding configuration identified in etc/resolv.conf on a per-zone basis by specifying which name server should be used for a given zone.

  1. Modify the DNS Operator object named default:

    $ oc edit dns.operator/default

    This allows the Operator to create and update the ConfigMap named dns-default with additional server configuration blocks based on Server. If none of the servers has a zone that matches the query, then name resolution falls back to the name servers that are specified in /etc/resolv.conf.

    Sample DNS
    kind: DNS
      name: default
      - name: foo-server (1)
        zones: (2)
          upstreams: (3)
      - name: bar-server
    1 name must comply with the rfc6335 service name syntax.
    2 zones must conform to the definition of a subdomain in rfc1123. The cluster domain, cluster.local, is an invalid subdomain for zones.
    3 A maximum of 15 upstreams is allowed per forwardPlugin.

    If servers is undefined or invalid, the ConfigMap only contains the default server.

  2. View the ConfigMap:

    $ oc get configmap/dns-default -n openshift-dns -o yaml
    Sample DNS ConfigMap based on previous sample DNS
    apiVersion: v1
      Corefile: | {
            forward .
        } {
            forward . (1)
        .:5353 {
            kubernetes cluster.local {
                pods insecure
            prometheus :9153
            forward . /etc/resolv.conf {
                policy sequential
            cache 30
    kind: ConfigMap
      labels: default
      name: dns-default
      namespace: openshift-dns
    1 Changes to the forwardPlugin triggers a rolling update of the CoreDNS DaemonSet.
Additional resources