CoreDNS can serve DNS queries over gRPC, a high-performance, language-agnostic RPC framework.
Here’s a basic setup to get CoreDNS serving DNS over gRPC.
First, you’ll need a CoreDNS configuration file (e.g., Corefile) that includes the grpc plugin.
. {
grpc :5353
forward . 8.8.8.8
}
This configuration tells CoreDNS to listen for gRPC requests on port 5353 and forward standard DNS queries to Google’s public DNS server.
Now, let’s run CoreDNS with this configuration. You can do this by passing the Corefile path as an argument:
coredns -conf Corefile
CoreDNS will start up and begin listening for gRPC traffic on port 5353.
To test this, you can use a gRPC client that’s capable of sending DNS queries. A simple way to do this is with grpcurl, a command-line tool for interacting with gRPC servers.
First, make sure you have grpcurl installed. Then, you can send a query like this:
grpcurl -plaintext -d '{"query": {"name": "example.com.", "type": "A"}}' localhost:5353 dns.Lookup
This command sends a gRPC request to localhost:5353 asking for the A record of example.com.. The -d flag provides the JSON-encoded request payload, and dns.Lookup specifies the gRPC method.
The grpc plugin in CoreDNS expects a specific protobuf definition for DNS queries and responses. The dns.Lookup method is defined to accept a LookupRequest and return a LookupResponse.
The LookupRequest typically contains fields like name (the domain name to query) and type (the DNS record type, e.g., "A", "AAAA", "MX").
The LookupResponse will then contain the DNS records that CoreDNS resolved, often structured in a way that mirrors standard DNS response formats.
The grpc plugin is particularly useful in environments where you want to leverage the performance benefits of gRPC for DNS lookups, such as within microservice architectures or when integrating DNS resolution into applications that already use gRPC for inter-service communication. It avoids the overhead associated with traditional UDP/TCP DNS packets and allows for more structured data exchange.
The grpc plugin also supports TLS for secure communication. To enable TLS, you would configure it with paths to your certificate and key files:
. {
grpc :5353 -tls cert.pem key.pem
forward . 8.8.8.8
}
When using TLS, you would connect to the gRPC server using grpcurl -d ... localhost:5353 without the -plaintext flag, and the client would need to trust the server’s certificate.
The real power of serving DNS over gRPC comes into play when you need to integrate DNS resolution seamlessly into applications that are already heavily invested in the gRPC ecosystem. Instead of making separate HTTP or raw network calls for DNS information, you can leverage existing gRPC client libraries and infrastructure. This simplifies client-side logic and allows for more consistent communication patterns across your services.
What many people miss is how the grpc plugin handles different DNS record types and how it maps them to the protobuf definitions. For instance, AAAA records (IPv6 addresses) are handled similarly to A records, with the type field set to "AAAA". The response will then contain IPv6 addresses in the appropriate format within the protobuf structure.
The next logical step is to explore advanced gRPC features like load balancing and service discovery for your CoreDNS gRPC endpoints.