When I using dig command to test the CoreDNS server,it shows: connection timed out; no servers could be reached:

[root@ops001 ~]# /opt/k8s/bin/kubectl exec -ti soa-user-service-5c8b744d6d-7p9hr -n dabai-fat /bin/sh
/ # dig -t A kubernetes.default.svc.cluster.local. @10.254.0.2

; <<>> DiG 9.12.4-P2 <<>> -t A kubernetes.default.svc.cluster.local. @10.254.0.2
;; global options: +cmd
;; connection timed out; no servers could be reached

when I ping server,it success.

[root@ops001 ~]# /opt/k8s/bin/kubectl exec -ti soa-user-service-5c8b744d6d-7p9hr -n dabai-fat /bin/sh
/ # ping 10.254.0.2
PING 10.254.0.2 (10.254.0.2): 56 data bytes
64 bytes from 10.254.0.2: seq=0 ttl=64 time=0.100 ms
64 bytes from 10.254.0.2: seq=1 ttl=64 time=0.071 ms
64 bytes from 10.254.0.2: seq=2 ttl=64 time=0.094 ms
64 bytes from 10.254.0.2: seq=3 ttl=64 time=0.087 ms

why the dig could not connect to DNS server althrough the network is ok?This is my CoreDNS service:

when azshara-k8s03‘s node connection to CoreDNS server:

/ # telnet 10.254.0.2 53
Connection closed by foreign host

when azshara-k8s02‘s and azshara-k8s01‘s node connection to CoreDNS server:

/ # telnet 10.254.0.2 53
telnet: can't connect to remote host (10.254.0.2): Connection refused

I just confusing why port 53 is not open,when I scan from host using same command,the port 53 is open: