CoreDNS uses a Corefile for configuration, which defines how DNS requests are processed through a series of plugins. The configuration is organized in zones, with each zone containing a chain of plugins that process requests in order.
The Corefile consists of server blocks that define how CoreDNS handles DNS requests:
zone:port {
plugin [optional parameters]
plugin [optional parameters]
...
}
Enables query logging to standard output:
log
Enables error logging:
errors
Provides a health check endpoint at /health on port 8080:
health
Provides a readiness check endpoint:
ready
Exposes metrics for Prometheus at the default port 9153:
prometheus :9153
Forwards DNS queries to upstream resolvers:
forward . 8.8.8.8 8.8.4.4
More advanced forwarding with options:
forward . 1.1.1.1 8.8.8.8 {
max_fails 3
expire 10s
except localhost
health_check 0.5s
}
Caches DNS responses to improve performance:
cache 30
Advanced caching configuration:
cache {
success 30
denial 10
prefetch 1 1m
}
Integrates with Kubernetes for service discovery:
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
upstream
fallthrough in-addr.arpa ip6.arpa
}
Provides service discovery from etcd:
etcd example.org {
path /skydns
endpoint http://localhost:2379
}
Serves zone data from RFC 1035-style master files:
file db.example.org example.org
Serves zone data from /etc/hosts style files:
hosts /etc/hosts {
reload 1s
fallthrough
}
Controls access based on source IP:
acl {
allow net 10.0.0.0/8
allow net 192.168.0.0/16
block
}
Enables on-the-fly DNSSEC signing:
dnssec
Performs internal message rewriting:
rewrite name substring www.api.old.com api.new.com
Randomizes order of A, AAAA and MX records:
loadbalance
Detects forwarding loops:
loop
Here’s a Corefile for a production DNS server:
.:53 {
# Logging and monitoring
errors
log
health
ready
prometheus :9153
# Prevent loops
loop
# Load balancing for responses
loadbalance
# Forward to upstream resolvers
forward . 1.1.1.1 8.8.8.8 1.0.0.1 {
max_fails 3
expire 10s
health_check 0.5s
}
# Cache responses for performance
cache 30 {
success 30
denial 10
}
# Block specific domains if needed
# hosts /etc/blocklist {
# fallthrough
# }
}
# Example for internal zone
internal.company.local {
file /etc/coredns/zones/db.internal
cache 60
log
errors
}
Before applying changes, validate your Corefile:
coredns -check-config -conf /etc/coredns/Corefile
CoreDNS supports hot reloading of configuration changes:
# Send SIGHUP to reload configuration
sudo kill -HUP $(pgrep coredns)
# Or if using systemd
sudo systemctl reload coredns
CoreDNS can use environment variables in the Corefile:
.:53 {
forward . ${UPSTREAM_DNS:-8.8.8.8 8.8.4.4}
cache ${CACHE_TTL:-30}
}
errors and log plugins for debugginghealth and ready plugins for containerized deploymentsloop plugin to detect forwarding loopscache appropriately to improve performanceprometheus for monitoringCommon configuration issues and solutions: