Miek Gieben released #CoreDNS version 1.12.2. https://coredns.io/
#coredns
Как service discovery ломается в Kubernetes (и почему DNS не всегда помогает)
Привет, Хабр! В этой статье рассмотрим, как и почему в Kubernetes может сломаться service discovery — даже когда DNS вроде бы работает.
🆕 Update on my CoreDNS GSLB plugin project!
It's now officially listed on the CoreDNS website as an external plugin 🎉
🔗 https://coredns.io/explugins/
The plugin adds Global Server Load Balancing (GSLB) support to CoreDNS — enabling multi-site DNS routing, active/passive failover, and more 🌍🛠️
👉 I'm actively looking for contributors!
If you're into DNS, CoreDNS, or distributed infrastructure, feel free to jump in!
Как я перестал страдать и полюбил CoreDNS: три истории
Всем привет! Я Саша Краснов, CTO контейнерной платформы «Штурвал». В апреле прошла юбилейная DevOpsConf 2025, на которой мне посчастливилось выступать с докладом. Рассказывал я про хаки, которые позволяют автоматизировать использование DNS. Эта статья построена на базе моего доклада и трех реальных историй: — управление DNS из git; — собственный nip.io ; — как и зачем писать плагины для CoreDNS. Приходите под кат, там интересно :) Попасть под кат
https://habr.com/ru/companies/chislitellab/articles/913946/
#coredns #dns #kubernetes #k8s #nipio #git #github #плагины #штурвал #devops
Hmmm, it seems like my websites appearing as down in Kener (or is it kener.ing ?) is because my coredns instance cannot solve the DNS request ?
But I'm thinking, Longhorn has also shown, for a long time, dropped requests when rebuilding big volumes...
Could it be, my wireguard under the hood dropping packages ? Hmmmmmm...
#homelab #selfhosted #longhorn #wireguard #kener #dns #coredns #k3s #kubernetes #k8s
Miek Gieben released #CoreDNS version 1.12.1. https://coredns.io/
Why doesn't CoreDNS have an official plugin for Docker container discovery?
I found https://github.com/kevinjqiu/coredns-dockerdiscovery, but it's not listed at https://coredns.io/plugins/
🐇 One of those rabbit-holes I kept evading: Improving my local k3d setup. Trusted certificates, easier FQDNs. And automating all of it using Taskfile.
#kubernetes #k3d #cert-manager #coredns
https://www.tibobeijen.nl/2025/03/24/east-west-north-south-fix-local-cluster-routes/
Not using a programming language in any capacity, but being proficient in another, allows for quickly grasping any other code - that is, if it's not too esoteric.
In that case: I can't #Python, but I can trace a rabbit hole:
https://github.com/jmcollin78/versatile_thermostat/discussions/953#discussioncomment-12570810
Also: I can't #GoLang #Go, but apply rules visible in the same source tree allows for deducing how a programming language works: https://github.com/coredns/alternate/pull/48/files
#CoreDNS, can you merge the PR please?
CoreDNS + Kubernetes question:
CoreDNS, in its stock configuration, assumes/uses the default service created for the Kubernetes API.
However, this gets a ClusterIP from the cluster's Service IP range as part of normal IPAM.
This IP is not known to the operating system or during cluster setup, so isn't in the IP SANs for the TLS certificate. This causes CoreDNS to error out trusting the Kubernetes API when trying to watch services.
The the default Kubernetes service is roughly well-known as it's the bottom of the service IP range + 1 but that still feels... odd.
I looked into automatic in-cluster certificate management and rotation but that seems more about Kubelet client certificates for the API server, and none of the actual TLS certificates. Which kinda makes sense cause otherwise cyclic dependencies.
My new project: A plugin for managing Global Server Load Balancing (GSLB) functionality in CoreDNS.
I currently use #NextDNS and #CoreDNS for my DNS needs. I set up CoreDNS to log out somewhere so I can see DNS queries, set it up so prometheus can pull stats on it, and make sure I feel dope about it! I never looked at that shit once. Just set up dns forwarding to #nextdns on this router and it's working just fine with a couple of A records for internal shit..
I just shut down my #coredns stuff.. All the times I create just to delete later.
新卒が挑む、数万 QPS をさばく広告配信サーバのリクエスト制御
https://developers.cyberagent.co.jp/blog/archives/54190/
#developers #エンジニア #AJA #AWS #CoreDNS #kubernetes #SSP #アドテク
Niche DNS/Kubernetes tip: if for some bizarre reason you don't have access to nslookup but do have dig (?!) and are troubleshooting weird dns resolution problems - try this handy tip: Use +search option to get dig to use /etc/resolv.conf's search/domain list. This explains a lot of why I got unexpected results when trying to use dig in place of nslookup when I used to be a sysadmin.
🏷️ #dig #nslookup #itsalwaysdns #kubernetes #til #clusterdns #coredns
So I was able to accomplish split-dns with #nextdns and #coredns . If you are on the tailnet you use nextdns which points you to the tailnet ip's if you are internal you use #coredns that points you to stuff internally.
Technitium handled this easier.. It just lends it's self really heavy to webui stuff.
#BSI WID-SEC-2024-2177: [NEU] [hoch] #CoreDNS: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in CoreDNS ausnutzen, um einen Denial of Service Angriff durchzuführen oder ein DNS-Cache-Poisoning durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2177
@davidfield
My #TechStack:
VPN - #Tailscale (was Wireguard)
DNS - #AdGuard using #DoH and authoritative local #CoreDNS
HTTPS - #Traefik
Logging/Monitoring - #Grafana #Loki
Alarming - #KumaUptime #Healthchecks.io
Alerts - #Gotify or #Pushover
Containers - #Docker #Swarm 3-node cluster
Mail - Paid hosted at a local company I trust
File Sync - #Nextcloud and #Syncthing
Git - #Forgejo & Forgejo Actions
VMs - #Unraid
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst