CoreDNS is a DNS and service discovery server that chains plugins to provide features like Kubernetes service discovery, metrics, and policy controls. It is widely used in cloud-native and container environments due to its flexible, modular design. As a graduated project under the Cloud Native Computing Foundation (CNCF), CoreDNS is trusted by organizations like GitHub, Slack, and Twitter.
- Current stable: CoreDNS 1.14.2 (2026-03-06)
- Latest features: New
proxyproto plugin for Proxy Protocol support, stronger randomness for loop detection, ACL bypass prevention
- Security notes: Fixes CVE-2026-26017 (ACL bypass), CVE-2026-26018 (loop detection randomness), and Go runtime CVEs (CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-25679, CVE-2026-27142). Also includes fixes for CVE-2025-68151 (DoS via unbounded connections, fixed in 1.14.0) and Go runtime CVEs from 1.14.1
- Kubernetes and cloud-native service discovery
- Lightweight DNS services that are easy to extend with plugins
- Environments that need DNS plus observability features like metrics
- Modern infrastructure requiring support for DoH, DoT, and DoQ protocols
- Organizations needing flexible DNS routing and load balancing
- Plugin-based architecture for DNS functionality - chain plugins to customize behavior
- Support for multiple protocols: UDP/TCP, TLS (DoT), DNS over HTTP/2 (DoH), DNS over HTTP/3 (DoH3), DNS over QUIC (DoQ), and gRPC
- Service discovery integrations (including Kubernetes, etcd, cloud providers)
- Built-in metrics and health checks via plugins
- Zone serving from files with DNSSEC support
- Advanced features like load balancing, caching, and query rewriting
- On-the-fly DNS signing and secondary server functionality
- Language: Go
- Architecture: Plugin-based, modular design
- Protocols: UDP/TCP, DoT, DoH, DoH3, DoQ, gRPC
- Self-hosted deployment
- CNCF graduated project
- Actively maintained with regular releases
- Kubernetes default: Default DNS server for Kubernetes clusters
- Plugin chain: Plugins execute in order defined in Corefile
- Not traditional: Different paradigm than traditional DNS servers
- Service discovery: Beyond DNS - service discovery and load balancing
- Cloud-native: Designed for container and cloud environments
- CNCF project: Graduated Cloud Native Computing Foundation project