The Cloud Native Computing Foundation (CNCF) today announced it has graduated CoreDNS, an instance of a highly portable domain name system (DNS) server, to give this project equal standing alongside Kubernetes container engine, Prometheus container monitoring and Envoy service mesh projects.
Written in the Go programming language, CoreDNS is already the recommended DNS server employed in version 1.13 of Kubernetes. Francois Tur, engineering manager at Infoblox, a provider of DNS appliances and cloud services, and project maintainer for CoreDNS, says because CoreDNS is written in Go, it enabled the development team to eliminate cache poisoning issues that have enabled cybercriminals to divert network traffic to a malicious website.
The open source CoreDNS project was created in March 2016 by Miek Gieben, a site reliability engineer at Google, as an effort to create a generic DNS server that could talk to multiple backends, including etcd, Consul and Kubernetes. In 2017, CoreDNS later joined the Cloud Native Sandbox, and it became an incubating project in February 2018.
The CoreDNS team has also completed 12 releases in the past year. The project itself is based on plug-in architecture that has been employed to include 35 built-in plugins and support for 15 external plugins. As CoreDNS gains more traction, the number of external plugins written by third-party vendors should increase, says Tur.
Today, the project has more than 100 contributors, 16 active maintainers and many organizations using it in production within and outside of Kubernetes—including Bose, Hellofresh, Skyscanner, SoundCloud, Trainline and Zalando.
Tur says the rate at which CoreDNS is maturing is moving faster than anticipated originally. Next up, the CoreDNS team plans to develop reservation reservoirs, external plugins for connecting to other DNS systems and the ability to apply controls to DNS queries to thwart brute-force attacks that attempt to take DNS servers offline by overloading them with queries. The controls would be able to apply policies, should it be determined those queries are being launched by a malicious website, he says.
Longer term, he adds, the CoreDNS teams plans to investigate the ability to employ machine learning algorithms to identify, for example, websites launching malicious queries.
DNS was first employed in 1985. Today, the entire internet depends on traffic directions provided by a hierarchical database that translates domain names into the web addresses that computers can understand. The role DNS has played in, for example, helping to maintain cybersecurity is often underappreciated. But as cybercriminals have become more adept at exploiting DNS platforms based on legacy implementations, it’s clear there exists a need to modernize those implements. Less clear is the degree increased usage of CoreDNS within Kubernetes environments will spur additional adoption of CoreDNS on other platforms. But, from a cybersecurity perspective at least, it’s apparent that when it comes to legacy DNS platforms there is much room for improvement. The challenge may be getting everyone to agree how much performance can be sacrificed to achieve that cybersecurity goal.