K
Q

How can I sniff all DNS records from kuberenetes?

9/1/2019

I wish to sniff and extract all DNS records from kubernetes: clientIP,serverIP,date,QueryType etc... I had set up a kuberenetes service. It is online and running. There I created several containerized micro-services that generate DNS queries (HTTP requests to external addresses). How can I see sniff it ? Is there a way to extract logs with DNS records ?

-- trung chum
coredns
dns
kubernetes
sniffer

Similar Questions

Gunicorn issues on gcloud. Memory faults and restarts thread
How expose multiple services on the same port in kubernetes using OpenStack
stuck on trying connect angular frontend to java backend via port 8080
Kubernetes Architecture / Design /?
Why coredns in Kubernetes can't resolve Pod DNS Records

2 Answers

9/11/2019

I have successfully extracted DNS logs , using answer above. My new problem is that I can't see resolution data, i.e. RRDATA, such as resolved IP or other response info?

-- trung chum
Source: StackOverflow
9/2/2019

Given that you use CoreDNS as your cluster DNS service you can configure it to log queries, errors etc. to stdout. CoreDNS have been available as an alternative to kube-dns since k8s version 1.11, so if you're running a cluster of version >1.11 there's a good chance that you're using CoreDNS.

The CoreDNS service usually™️ lives in the kube-system namespace and can be reconfigured using the provided ConfigMap.

Example on how to log everything to stdout, taken from the README:

. {
    ...
    log
    ...
}

When you've reconfigured CoreDNS you can check the Pod logs with:

kubectl logs -n kube-system <POD NAME>

-- mikejoh
Source: StackOverflow