
CoreDNS: DNS service discovery for the cloud - pjf
https://coredns.io/
======
ben_hall
CoreDNS is very cool. You can try it without any downloads or configuration
using a Katacoda interactive scenario at
[https://katacoda.com/courses/coredns/dns-
responder](https://katacoda.com/courses/coredns/dns-responder)

------
sdwisely
I don't know why they don't mention this on the site, but this has been merged
back in as a module for Caddy (available at download time).

------
gjem97
I assume this uses the crypto libs in the Go standard lib to do the SEC part
of DNSSEC. It used to be that the Go authors urged caution when using those
libs because they were relatively new and unaudited. Has that changed? Are
they recommended for use in production for security critical apps?

------
asher_
Cool.

It would be great if the site explained why it is different to the
alternatives. If I was using Kubernetes for instances, why would I swap out
the default service discovery mechanism for this one?

~~~
e1g
Indeed! It's a delicate balance between being informative and talking down the
competition, but I wish more projects did this.

K8S uses SkyDNS and CoreDNS says it's a full replacement for sky just with
more features. From quick eyeballing of the site, these new features include:
serving from files instead of etcd, proxying requests, rewriting requests,
doing healthchecks on endpoints, and publishing metrics into Prometheus.

~~~
hallmark
Go to HashiCorp's documentation for fantastic examples of comparing software
to others in the same space. Here is their "Vs" section for Consul:

[https://www.consul.io/intro/vs/index.html](https://www.consul.io/intro/vs/index.html)

------
frederikvs
Is this related to DNS service discovery (DNS-SD, RFC6763), or is it just a
very poor choice of words?

~~~
kiallmacinnes
DND-SD is, and I'm a DNS guy, just a overly broad name for a RFC. They laid
claim to all use of DNS for service discovery with that name.

~~~
frederikvs
Same could be said for any number of protocols. DNS itself laid claim to all
use of a system for doing things with domain names. TCP laid claim to all use
of a protocol to control transmissions of any sort. ND laid claim to all
protocols that could be used to discover your neighbours. And don't even get
me started on ICMP!

------
andmarios
This looks very interesting. Does anyone know if it supports a split horizon
DNS setup? I can't find anything specific in the site nor in the docs, but
maybe some of the mentioned features can achieve this?

------
teddyh
Does it support rate limiting? This is needed in order not to be used as a
DDoS amplifier.

~~~
hueving
Rate limiting is relatively pointless. Attacks are just spread out over enough
DNS servers so the rate limit isn't exceeded on any of them.

Even without rate limiting attackers will spread it out because too much
traffic coming from one DNS server can be easily blocked at the network level.

~~~
jazoom
You haven't convinced me that rate limiting is pointless.

~~~
hueving
It does nothing to stop real attacks.

------
smkkannan
What's the basic difference between coredns and classic bind based dns??

------
sigmonsays
In a cloud world, moving host resolution into the app makes the most sense and
isn't that hard.

Why use dns at all?

~~~
notliketherest
Maybe because when the host resolution is built into the app it needs to be
externally provisioned less it becomes out of date as services come and go. So
if you're going to need some centralized mechanism to provision apps, why deal
with that overhead and just bake it into DNS directly?

------
jesusjzp
This is really cool! It's easy to develop new middleware.

