Docs / DNS & Domains / CoreDNS: Flexible DNS Server for Modern Infrastructure

CoreDNS: Flexible DNS Server for Modern Infrastructure

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 348 views · 2 min read

CoreDNS is a modern, plugin-based DNS server written in Go that serves as the default DNS provider in Kubernetes and is increasingly used as a general-purpose DNS server. Its plugin architecture makes it extremely flexible — you can chain plugins to serve zones from files, databases, cloud APIs, or service discovery systems. This guide covers deploying CoreDNS for various use cases.

Installation

# Download latest release
COREDNS_VERSION=1.11.3
wget https://github.com/coredns/coredns/releases/download/v${COREDNS_VERSION}/coredns_${COREDNS_VERSION}_linux_amd64.tgz
tar xzf coredns_${COREDNS_VERSION}_linux_amd64.tgz
sudo mv coredns /usr/local/bin/

Basic Configuration (Corefile)

# /etc/coredns/Corefile

# Authoritative zone from file
example.com {
    file /etc/coredns/zones/example.com.zone
    log
    errors
}

# Forward all other queries to upstream DNS
. {
    forward . 1.1.1.1 8.8.8.8 {
        tls_servername cloudflare-dns.com
    }
    cache 300
    log
    errors
}

Zone File

; /etc/coredns/zones/example.com.zone
$ORIGIN example.com.
$TTL 3600

@       SOA     ns1.example.com. admin.example.com. (
            2025011501 ; Serial
            3600       ; Refresh
            600        ; Retry
            604800     ; Expire
            300        ; Minimum TTL
        )

@       NS      ns1.example.com.
@       NS      ns2.example.com.
@       A       203.0.113.1
@       MX  10  mail.example.com.
@       TXT     "v=spf1 mx -all"

ns1     A       203.0.113.1
ns2     A       203.0.113.2
www     CNAME   example.com.
mail    A       203.0.113.10

Key Plugins

# DNS-over-TLS (DoT)
tls://.:853 {
    tls /etc/coredns/cert.pem /etc/coredns/key.pem
    forward . 1.1.1.1
    cache
}

# DNS-over-HTTPS (DoH)
https://.:443 {
    tls /etc/coredns/cert.pem /etc/coredns/key.pem
    forward . 1.1.1.1
    cache
}

# Prometheus metrics
. {
    prometheus :9153
    forward . 1.1.1.1
    cache
}

# Health check endpoint
. {
    health :8080
    ready :8181
}

# Rewrite queries
example.com {
    rewrite name old.example.com new.example.com
    file /etc/coredns/zones/example.com.zone
}

# Auto-reload zone files
example.com {
    file /etc/coredns/zones/example.com.zone {
        reload 30s
    }
}

Systemd Service

[Unit]
Description=CoreDNS DNS Server
After=network.target

[Service]
ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
Restart=on-failure
User=coredns
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Use Cases

  • Kubernetes DNS — default cluster DNS, service discovery
  • Internal DNS — split-horizon DNS with internal zone files
  • DNS proxy — caching forwarder with metrics and logging
  • DoH/DoT server — encrypted DNS for privacy

Best Practices

  • Use the cache plugin to reduce upstream queries and improve response times
  • Enable prometheus plugin for monitoring query rates, latencies, and cache hit ratios
  • Use health and ready endpoints for load balancer health checks
  • Set appropriate TTL values in zone files based on how frequently records change
  • Use reload directive in the file plugin for automatic zone updates without restart

Was this article helpful?

Related Articles