DNS search limits can be lowered for runner pods
A new configuration allows the default Kubernetes DNS search limits to be overridden, reducing query amplification for runner pods resolving external domains.
Kubernetes defaults to searching internal cluster networks before resolving external domains for any address with fewer than five dots. This means a standard request to an external address like api.example.com triggers four or more unnecessary internal CoreDNS queries.
A new configuration allows the default DNS search limit to be lowered for runner pods. By overriding this default, standard external domain names are resolved immediately without first walking through the entire cluster search list.
Bypassing these redundant internal network checks significantly reduces DNS query amplification and network overhead. The configuration is managed in the supervisor app, giving precise control over pod DNS routing behavior.
View Original GitHub Description
Adds KUBERNETES_POD_DNS_NDOTS_OVERRIDE_ENABLED flag (off by default) that overrides the cluster default and sets dnsConfig.options.ndots on runner pods (defaulting to 2, configurable via KUBERNETES_POD_DNS_NDOTS).
Kubernetes defaults pods to ndots: 5, so any name with fewer than 5 dots, including typical external domains like api.example.com, is first walked through every entry in the cluster search list (<ns>.svc.cluster.local, svc.cluster.local, cluster.local) before being tried as-is, turning one resolution into 4+ CoreDNS queries (×2 with A+AAAA).
Using a lower ndots value reduces DNS query amplification in the cluster.local zone.