DNS Tap

dns tap is an open source protocol that streams dns query and response logs to a tcp endpoint enable dns tap from the resolve satellite / /resolve satellite md to observe dns resolution activity across your cluster in real time, without injecting anything into your application code how resolve ai uses dns tap the resolve satellite / /resolve satellite md uses dns tap to understand runtime relationships between services in your infrastructure each time one pod resolves another (ex servicea queries checkout service cluster local ), the satellite logs that dns request these query logs help resolve build a live dependency graph of your architecture surface upstream/downstream relationships during investigations detect when a service goes down and others are affected this visibility is critical if you don’t have full apm or tracing coverage dns tap allows the resolve satellite to capture service to service dns queries and build a runtime dependency map prerequisites install the resolve satellite / /resolve satellite md before setting up dns tap 1\ get cluster ip copy the cluster ip of the resolve satellite kubectl kubectl get service \<your satellite name> check how to avoid cluster ip conflict in kubernetes first then create a resolve values yaml file resolve values yaml ingest token \<your resolve satellite token> clustername \<your cluster name> environment \<your environment> dnstap enabled true staticip \<your resolve satellite ip> #e g 172 20 0 42 install the help chart using your new values file 2\ configure coredns add this line to the coredns configmap corefile to forward logs configmap dnstap tcp\ //\<your resolve satellite ip> 4444 full for example, your configmap will look something like this coredns config file example apiversion v1 kind configmap data corefile | 53 { errors health { lameduck 5s } ready kubernetes cluster local in addr arpa ip6 arpa { pods insecure fallthrough in addr arpa ip6 arpa } dnstap tcp\ //\<your resolve satellite ip> 4444 full prometheus 9153 forward /etc/resolv conf cache 30 loop reload loadbalance } frequently asked questions what is dns tap? dns tap is an open source logging / monitoring technology that enables dns servers to efficiently forward dns logs to a tcp socket the logs contain all dns queries and responses made by the dns server, as well as the requester’s ip and port this dns information can be used to determine which source ips are requesting ips for which other servers additional information on dns tap can be found at https //dnstap info/ https //dnstap info/ does enabling dns tap impact performance? no, the satellite receives data via a non intrusive push model from the dns layer it does not introduce any observable latency or load on your dns servers or kubernetes workloads for deeper implementation specifics and performance characteristics, we recommend watching this video overview https //www youtube com/watch?v=rj3vuui fg8 what does a dependency map built from dns tap data look like? the dependency map reflects real traffic driven service relationships (not just declared ones) it includes calling services and target services , identified via dns requests overlays with other metadata (e g , from kubernetes infrastructure data, tracing, etc ) to provide root cause context during investigations example if servicea makes a dns request to checkout service cluster local , and that resolves to a pod in the checkout service, resolve ai will register a dependency between the two—enriching investigations when servicea fails configure coredns either with the aws console or with terraform option 1 aws console open the amazon eks console select your cluster from the list navigate to the add ons tab select the coredns add on and click edit scroll to optional configuration settings in the configuration values field, paste your existing corefile config and add dnstap tcp\ //\<your resolve satellite ip> 4444 full be sure to include your full, working corefile do not remove or replace any required settings example corefile coredns corefile | 53 { errors health { lameduck 5s } ready kubernetes cluster local in addr arpa ip6 arpa { pods insecure fallthrough in addr arpa ip6 arpa } dnstap tcp\ //\<your resolve satellite ip> 4444 full prometheus 9153 forward /etc/resolv conf cache 30 loop reload loadbalance } for more detail, see the aws blog on advanced eks add on configuration https //aws amazon com/blogs/containers/amazon eks add ons advanced configuration/ option 2 terraform if you manage your eks cluster using terraform, you can configure the coredns add on with jsonencode() and a multi line corefile string example module "eks" { source = "terraform aws modules/eks/aws" cluster addons = { coredns = { addon version = "\<latest version>" configuration values = jsonencode({ corefile = <\<eof 53 { errors health { lameduck 5s } ready kubernetes cluster local in addr arpa ip6 arpa { pods insecure fallthrough in addr arpa ip6 arpa } dnstap tcp\ //\<your resolve satellite ip> 4444 full prometheus 9153 forward /etc/resolv conf cache 30 loop reload loadbalance } eof }) } } } this method ensures consistent config across environments and supports gitops workflows create and save a coredns custom yaml file with the following configuration coredns custom yaml apiversion v1 kind configmap metadata name coredns custom data dnstap override | dnstap tcp\ //\<your resolve satellite ip> 4444 full additional information on customizing coredns in aks can be found in azure documentation