Get the latest tech news

Understanding DNS Resolution on Linux and Kubernetes

I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted.

the systemd-resolved.service unit will be running; in/etc/nsswitch.conf, on the hosts: line, the module resolve will be mentioned, indicating that host name resolution will use systemd-resolved over DBUS instead of “traditional” DNS queries over UDP or TCP;/etc/resolv.conf will be a symlink to/run/systemd/resolve/stub-resolv.conf and contain the line nameserver 127.0.0.53; systemd-resolved will expose a legacy resolver on 127.0.0.53, for applications that wouldn’t use the name service switch (for instance, applications linked with Alpine, or using Go native network libraries); DNS configuration will be done through systemd configuration files and/or with the resolvectl tool instead of editing/etc/resolv.conf;/run/systemd/resolve/resolv.conf will contain a compatibility configuration file listing the uplink DNS servers, to be used by applications requiring a “classic” resolv.conf file. These systems might receive a couple of DNS servers on each interface, and it looks like systemd-resolved will just happily aggregate all of them, causing kubelet to show us that warning. While this post didn’t give us a way to easily and reliably get rid of that error message, we hope that it gave you lots of insightful details about how DNS works - on Kubernetes, but on modern Linux systems in general as well!

Get the Android app