Forward Plugin Upstream DNS Failures

critical

reliabilityUpdated Jan 19, 2026

CoreDNS cannot reach upstream DNS servers, causing external domain resolution failures while internal cluster DNS continues to work. This indicates network connectivity or upstream DNS server issues.

Sources

How to Troubleshoot Kubernetes DNS Issues (CoreDNS) - OneUptimeoneuptime.com

How to Troubleshoot CoreDNS Issues in DOKS Clustersdocs.digitalocean.com

How to Debug DNS Resolution Issues in Kubernetes with CoreDNSoneuptime.com

Technologies:

CoreDNSSymptoms of this issue are visible in CoreDNS metrics and logs

How to detect:

Monitor coredns_forward_healthcheck_failure_count and coredns_forward_healthcheck_broken_count for increasing values. Check logs for 'i/o timeout', 'connection refused', or 'SERVFAIL' errors. Test external resolution separately from internal cluster resolution.

Recommended action:

Verify upstream DNS server configuration in CoreDNS ConfigMap forward plugin. Test network connectivity from CoreDNS pods to upstream servers (8.8.8.8, 8.8.4.4). Configure multiple upstream servers with policy sequential. Increase max_concurrent to 1000 for high-load scenarios. Check NetworkPolicies for egress blocking.