CoreDNS is commonly deployed via container or as a standalone binary. Below are multiple installation methods for different environments.
⚠️ Important Version Warning: Distribution packages often contain significantly older CoreDNS versions (1.8.x-1.11.x) that may lack critical security fixes and modern protocol support (DoH3, DoQ). Use package manager installation only for testing. For production, use the binary or container installation methods below to ensure you have the latest security patches.
CoreDNS may be available in your distribution repositories, though it’s typically an older version:
# Update package index
sudo apt update
# Install CoreDNS (likely an older version - check with 'coredns -version')
sudo apt install coredns
For the latest version with security fixes, use the binary or container installation methods below.
# For Fedora
sudo dnf install coredns
# For RHEL/CentOS with EPEL
sudo dnf install epel-release
sudo dnf install coredns
🔒 Security Note: CoreDNS 1.14.2 includes critical security fixes:
- CVE-2026-26017 (ACL bypass)
- CVE-2026-26018 (stronger randomness for loop detection)
- 5 Go runtime CVEs (CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-25679, CVE-2026-27142)
- CVE-2025-68151 (DoS via unbounded connections, fixed in 1.14.0)
- Always use the latest version for production deployments
Download the latest CoreDNS release (adjust for your architecture):
# Check for the latest version at https://github.com/coredns/coredns/releases
curl -LO https://github.com/coredns/coredns/releases/download/v1.14.2/coredns_1.14.2_linux_amd64.tgz
Extract and install:
tar -xzf coredns_1.14.2_linux_amd64.tgz
sudo install -m 0755 coredns /usr/local/bin/coredns
Create a basic config file:
sudo mkdir -p /etc/coredns
sudo tee /etc/coredns/Corefile > /dev/null <<'EOF'
.:53 {
errors
log
health
ready
# Forward queries to upstream resolvers
forward . 1.1.1.1 8.8.8.8 {
max_fails 3
expire 10s
except localhost
}
# Cache responses for performance
cache 30
# Prevent loops
loop
# Load balancing for responses
loadbalance
}
EOF
4. Create a systemd service file:
```bash
sudo tee /etc/systemd/system/coredns.service > /dev/null <<'EOF'
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target
[Service]
User=coredns
Group=coredns
PermissionsStartOnly=true
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
RestartSec=10
WorkingDirectory=/etc/coredns
[Install]
WantedBy=multi-user.target
EOF
sudo useradd -rs /bin/false coredns
sudo chown -R coredns:coredns /etc/coredns
sudo systemctl daemon-reload
sudo systemctl enable --now coredns
sudo systemctl status coredns
Follow the same steps as Debian/Ubuntu to install the CoreDNS binary and create a Corefile.
# Create a directory for configuration
mkdir -p /opt/coredns/config
# Create a basic Corefile
cat <<'EOF' > /opt/coredns/config/Corefile
.:53 {
errors
log
health
ready
forward . 1.1.1.1 8.8.8.8
cache 30
loop
loadbalance
}
EOF
# Run CoreDNS container
docker run -d \
--name coredns \
--restart=unless-stopped \
-p 53:53/udp \
-p 53:53/tcp \
-v /opt/coredns/config:/etc/coredns:ro \
coredns/coredns:1.14.2 -conf /etc/coredns/Corefile
# Run CoreDNS container with Podman
podman run -d \
--name coredns \
--restart=always \
-p 53:53/udp \
-p 53:53/tcp \
-v /opt/coredns/config:/etc/coredns:ro \
--cap-add=NET_BIND_SERVICE \
coredns/coredns:1.14.1 -conf /etc/coredns/Corefile
Create a docker-compose.yml file:
version: '3.8'
services:
coredns:
image: coredns/coredns:1.14.1
container_name: coredns
restart: unless-stopped
ports:
- "53:53/udp"
- "53:53/tcp"
volumes:
- ./config:/etc/coredns:ro
command: -conf /etc/coredns/Corefile
networks:
- dns-net
networks:
dns-net:
driver: bridge
Then run:
docker-compose up -d
Test your CoreDNS installation:
# Test with dig
dig @127.0.0.1 google.com
# Or with nslookup
nslookup google.com 127.0.0.1
# Check service status
sudo systemctl status coredns # For systemd installations
Prefer automation? See the following Ansible playbooks:
Prefer containers? See the following Docker guides:
See CoreDNS Configuration for configuration guidance.
See CoreDNS Security for hardening guidance.
Need professional assistance with your DNS infrastructure? Our team provides:
Get in touch: office@linux-server-admin.com | Contact Page