This in practice means that DNS name present in the mesh will "shadow" equivalent names that exist outside the mesh.
.png "rcode nxdomain")
iptable rules that will redirect the original DNS traffic to the local CoreDNS instanceĪs the DNS requests are sent to the Envoy DNS filter first, any DNS name that exists inside the mesh will always resolve to the mesh address.a CoreDNS instance launched by kuma-dp that sends requests between the Envoy DNS filter and the original host DNS.an Envoy DNS filter provides responses from the mesh for DNS records.This approach allows for more robust handling of name resolution.įor example, when the control plane is down, a data plane proxy can still resolve DNS. Once a new VIP is allocated or an old VIP is freed, the control plane configures the data plane proxy with this change.Īll name lookups are handled locally by the data plane proxy, not by the control plane. Virtual IPs are stable (replicated) between instances of the control plane and data plane proxies. When a service is removed, its VIP is also freed, and Kuma DNS does not respond for it with A and AAAA DNS record. The virtual IPs are allocated by the control plane from the configured CIDR (by default 240.0.0.0/4), by constantly scanning the services available in all Kuma meshes. Kuma DNS server responds to type A and AAAA DNS requests, and answers with A or AAAAA records, for example sh.
The usage of Kuma DNS is only relevant when transparent proxying is used.
Kuma ships with DNS resolver to provide service naming - a mapping of hostname to Virtual IPs (VIPs) of services registered in Kuma.
0 kommentar(er)
