Understanding ndots in Kubernetes DNS Resolution
The ndots option in DNS configuration plays a subtle but important role in how domain names are resolved inside Kubernetes pods. Incorrectly configured ndots can lead to unnecessary DNS queries, delays, or failed resolutions.
What is ndots?
ndots is a setting in /etc/resolv.conf that determines whether a DNS query is treated as a fully qualified domain name (FQDN) or a partial name requiring search path resolution.
If the number of dots in a queried domain is equal to or greater than the ndots value, it’s treated as an FQDN. Otherwise, Kubernetes appends the search domains before querying DNS.
Example
Assume ndots:5 and your pod queries service.default. It has only one dot, so Kubernetes tries these in order:
service.default.<search-domain>service.default- Then falls back to FQDN lookup if needed.
Why it matters in Kubernetes
In a cluster, services are often queried using short names (service, service.namespace, etc.). A high ndots value can cause:
- Multiple redundant DNS lookups.
- Increased DNS latency.
- Failed resolutions if names don’t match expected search paths.
Recommended ndots Value
A common best practice in Kubernetes is:
ndots: 2
This allows queries like myservice.namespace (which has one dot) to be treated as incomplete and use search paths efficiently.
How to Set ndots in Kubernetes
You can configure ndots per Pod via the dnsConfig field:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
dnsPolicy: "Default"
dnsConfig:
options:
- name: ndots
value: "2"
Verifying DNS Behavior
Use tools like dig or nslookup inside your container:
dig myservice.namespace
You can also inspect /etc/resolv.conf in a pod:
kubectl exec -it mypod -- cat /etc/resolv.conf
Conclusion
The ndots setting can significantly affect your DNS behavior in Kubernetes. Set it thoughtfully to reduce lookup latency and DNS overhead, especially in large clusters with many services.