Preface

Why a New DNS Server?

Upon seeing this book, the first question that might occur to you is, “Why does the world need another DNS server?” There are, after all, lots of implementations of DNS servers to choose from. For starters, there’s BIND, for Berkeley Internet Name Domain, the granddaddy of DNS servers. BIND has been around in some incarnation since the 1980s and supports just about every DNS standard written. There’s Microsoft’s DNS Server,1 which is widely used in Active Directory environments. NSD from NLnet Labs and Knot are excellent authoritative DNS servers, and Unbound, also from NLnet Labs, is a fast, lean recursive DNS server. So what does CoreDNS offer that these others don’t?

To begin with, CoreDNS is written in Go, and Go is a memory-safe programming language. Why is that important?  Well, if you’ve ever run a BIND-based DNS infrastructure and had to upgrade 100 DNS servers ASAP because of a buffer overrun, you know. A healthy proportion of vulnerabilities in DNS servers of all stripes (at least those written in C and C++) stem from buffer overflows or overruns and dangling pointers. Written in memory-safe Go, CoreDNS isn’t subject to these.

Programs written in Go can also support concurrency, or parallel execution. This can be useful in wringing more performance out of multiprocessing or multitasking systems. BIND’s performance somewhat notoriously doesn’t scale well on multiprocessor systems, whereas CoreDNS’s performance scales nicely the more processors it has to work with.

Improving performance can be important because Go tends to run somewhat more slowly than C or C++,2 partly thanks to the overhead imposed by its many features. In most cases, however, this isn’t an issue: What’s important is that CoreDNS performs well enough to handle the workload you offer it, and in the vast majority of cases, it does, Go or no Go.

Probably the most significant capability CoreDNS offers, though, is its ability to communicate with container infrastructure and orchestration systems such as etcd and Kubernetes.

Who Needs CoreDNS?

The short answer: basically anyone running Kubernetes, and most folks running containerized applications.

The function CoreDNS fulfills in a containerized environment is that of a service directory, which we talk about in detail in this book. A service directory helps containers determine the IP address or IP addresses where the containers that offer a particular service are running. For example, a container might look up a domain name that represents the database service for a specified application in order to retrieve some data. The service directory function is critical because, in the world of containers and microservices, applications are usually decomposed into many small services (hence, “microservices”!), and each service might be offered by several containers, each running at a different IP address.

But CoreDNS’s utility isn’t limited to containerized environments. CoreDNS’s plug-ins support advanced DNS functionality that even the big boys like BIND don’t support. You can rewrite queries and responses on the fly, for example. You can automatically load zone data from GitHub or Amazon Route 53. And because CoreDNS itself is small and usually runs in a container, it’s suitable for use in scenarios in which a big DNS server such as BIND would not be.

Who This Book Is For

This book is aimed at the following audiences:

  • Administrators of containerized environments that need DNS-based service discovery, particularly when those environments are managed by Kubernetes.
  • DNS administrators looking for a small, flexible DNS server that can run in a container.
  • DNS administrators looking for a DNS server that
    • Integrates with Route 53
    • Supports flexible rewriting of queries and responses
    • Supports DNS over Transport Layer Security (TLS) and general-purpose Remote Procedure Call (gRPC)
  • Developers looking to implement custom DNS functionality by writing their own CoreDNS plug-ins.

What You Will Learn

Readers of this book will learn:

  • What distinguishes CoreDNS from other DNS servers
  • Basic DNS theory, including the DNS namespace, domain names, zones, resource records, recursion, caching, and forwarding
  • Basic CoreDNS configuration, including configuring common DNS servers such as primaries and secondaries and caching DNS servers
  • CoreDNS’s options for managing zone data, including advanced options such as loading from Git and Route 53
  • How DNS-based service discovery works, and how to configure CoreDNS service discovery with etcd and Kubernetes
  • How to rewrite queries and responses
  • How to monitor and troubleshoot CoreDNS
  • How to build custom versions of CoreDNS and write new plug-ins

Conventions Used in This Book

The following typographical conventions are used in this book:

Italic

Indicates new terms, URLs, email addresses, filenames, and file extensions.

Constant width

Used for program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords.

Note

This element signifies a general note.

Warning

This element indicates a warning or caution.

Using Code Examples

This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.

We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Learning CoreDNS by John Belamaric and Cricket Liu (O’Reilly). Copyright 2019 John Belamaric and Cricket Liu, 978-1-492-04796-4.”

If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at .

O’Reilly Online Learning

Note

For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed.

Our unique network of experts and innovators share their knowledge and expertise through books, articles, conferences, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, please visit http://oreilly.com.

How to Contact Us

Please address comments and questions concerning this book to the publisher:

  • O’Reilly Media, Inc.
  • 1005 Gravenstein Highway North
  • Sebastopol, CA 95472
  • 800-998-9938 (in the United States or Canada)
  • 707-829-0515 (international or local)
  • 707-829-0104 (fax)

We have a web page for this book, where we list errata, examples, and any additional information: https://oreil.ly/learning-coreDNS.

To comment or ask technical questions about this book, please send an email to .

For more information about our books, courses, conferences, and news, see our website at http://www.oreilly.com.

Find us on Facebook: http://facebook.com/oreilly

Follow us on Twitter: http://twitter.com/oreillymedia

Watch us on YouTube: http://www.youtube.com/oreillymedia

Acknowledgments

The authors would like to thank their able reviewers Miek Gieben, François Tur, and Michael Grosser for catching errors both subtle and egregious. They would also like to thank all the other members of the CoreDNS community for creating such an incredible product.

John would like to thank his amazing wife, Robin, for her support, encouragement, and assistance. He couldn’t have done it without her. He also would like to acknowledge the support of his son, Owen, and daughter, Audrey, who have put up with all the nonsense that goes along with their dad writing a book. He gives thanks to Tim Hockin, Bowei Du, and the rest of the Kubernetes SIG-Network team for helping guide CoreDNS into Kubernetes, and to his former colleagues at Infoblox, particularly Chris O’Haver and Sandeep Rajan, who worked hard to make CoreDNS the right choice for Kubernetes. Finally, he would like to thank his former colleague Alan Conley, without whose support, CoreDNS would not be what it is today.

Cricket would like to acknowledge his friends and colleagues at Infoblox, particularly his boss, Alan Conley. Without Alan’s regular harassment, this book would never have gotten off the ground. And he sends his love and thanks to Kristin, for her steadfast support; to his kids, Walt (née Walter B) and Greta (née Baby G), sources of amusement and amazement and no small amount of eye-rolling; and, finally, to Charlie and Jessie, who provided sisterly canine companionship through much of this project but, sadly, didn’t make it to see the end.

1 Which wins the award for most prosaic name, hands-down.

2 Meaning that the same algorithm implemented the same way in Go, C, and C++ will probably run slightly faster in C and C++.

Get Learning CoreDNS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial