Kubernetes DNS Explained¶
Introduction¶
This guide explains kubernetes dns explained with practical kubectl commands, realistic output, and production-focused checks. Kubernetes networking issues usually involve selectors, endpoints, ports, DNS, ingress rules, CNI behavior, or NetworkPolicy.
When You Need This¶
Use this guide when pods are running but traffic does not reach them, DNS names do not resolve, ingress returns errors, or service endpoints are missing.
Example Configuration¶
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: app
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: nginx:1.27
ports:
- containerPort: 80
Step-by-Step Checks¶
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system deployment/coredns
kubectl run dns-test --rm -it --image=busybox:1.36 --restart=Never -- nslookup kubernetes.default
kubectl get events -n app --sort-by=.lastTimestamp
kubectl get events -n app --sort-by=.lastTimestamp
Expected output:
NAME READY STATUS RESTARTS AGE
coredns-7db6d8ff4d-abcde 1/1 Running 0 3d
Verification¶
kubectl get endpoints web -n app
kubectl run curl --rm -it --image=curlimages/curl --restart=Never -- curl -I http://web.app.svc.cluster.local
Troubleshooting¶
Verify that service selectors match pod labels, targetPort matches the container port, endpoints exist, DNS resolves, and NetworkPolicy allows the traffic path.
Common Mistakes¶
- Creating a Service whose selector does not match any pod labels.
- Confusing port, targetPort, nodePort, and containerPort.
- Testing ingress before confirming the service works inside the cluster.
Quick Checklist¶
- Check pod labels.
- Check service selector and endpoints.
- Test DNS inside the cluster.
- Test service before ingress.
- Review NetworkPolicy and ingress-controller logs.
Related Guides¶
- Troubleshoot Service Not Working
- Troubleshoot Kubernetes DNS
- Network Policy Explained
- kubectl Port Forward
Summary¶
Kubernetes networking is easier when you test inside out: pod, service endpoint, DNS, policy, ingress, then external traffic.