Last modified October 30, 2018

Advanced CoreDNS Configuration

The CoreDNS addon running inside your cluster has additional configuration options and features that can be customized.

You can customize two of these configuration options on a per cluster basis through a ConfigMap inside your clusters. The ConfigMap is named coredns-user-values and is located in the kube-system namespace.

Note: This feature is only available in more recent cluster versions. To check if your cluster version supports customization through the ConfigMap, you can check if the above-mentioned ConfigMap is present.

$ kubectl -n kube-system get cm coredns-user-values
NAME                                   DATA      AGE
coredns-user-values                    0         11m

On cluster creation the ConfigMap is empty and below-mentioned defaults will be applied to the final CoreDNS deployment. To customize any of the configuration options, you just need to add the respective line(s) in the data field of the user ConfigMap.

Warning: Please do not edit any of the other CoreDNS related resources. Only the user ConfigMap is safe to edit.

Cache settings

By default we set the cache TTL for CoreDNS to 30 seconds. You can customize the cache settings of CoreDNS by setting the value of the cache field in the user ConfigMap like following.

  cache: 60

Above setting increases the TTL to 60 seconds.

The cache plugin also supports much more detailed configuration which is documented in the upstream documentation.

Additional proxies

The default proxy entry we set in CoreDNS is

proxy . /etc/resolv.conf

You can add additional proxy entries by adding a each as a line to the proxy field of the user ConfigMap.

For a single entry you can use the same line.


For multplie entries you add a string with a proxy entry per line.

  proxy: |

Above example would result in following additional proxy entries in the CoreDNS configuration:


This setting would proxy all requests within to which is Cloudflare’s DNS and all requests within to which is Google Public DNS. All other requests will be resolved by the default DNS provider set for your cluster.

The proxy plugin also supports much more detailed configuration which is documented in the upstream documentation.

Advanced configuration

In case you need to use an additional plugin or an existing plugin but with a special configuration, you can use the custom block in the configmap. It will be parsed directly into the Corefile.

  custom: |
    proxy {
      policy least_conn
    cache 200 {
      denial 1024 10

Warning: Please make sure you test the final Corefile carefully. We do not take responsibility for incorrect custom configuration that could break workload communication.

Further reading