K3D and blocked DNS

1 min readJan 12, 2022


k3d uses CoreDNS and its default configuration is to forward DNS query outside the cluster to the container where the node run. The default configuration for Docker (as CRI of k3d) is also to forward to host (my computer).

I don’t know why in the case of my new internet provider, Biznet, pods failed to resolve DNS queries even though when using Orbit it succeeds. I tried to manually edit /etc/resolve.conf of the container where the CoreDNS pod runs with no luck though it should’ve been.

I am a lazy person and networking is not my strong suit so if somehow the query was ‘blocked’ and the easiest way to circumvent DNS blocking is using DoT (DNS over TLS) and CoreDNS support that, why not use it anyway?

This is how to do it:

First, make sure we can use DoT

> sudo apt-get install -y knot-dnsutils
&& kdig -d @ +tls-ca +tls-host=cloudflare-dns.com www.bpk.go.id
www.bpk.go.id. 13456 IN A

If yes, continue with

> kubectl edit cm -n kube-system coredns

Replace the line withforward’s directive with the following lines

# forward . /etc/resolv.conf
forward . tls:// tls:// {
tls_servername cloudflare-dns.com
health_check 5s

CoreDNS should pick up that, if not just restart it:

> kubectl -n kube-system rollout restart deployment coredns