CoreDNS · Rate Limits
Coredns Rate Limits
CoreDNS is a self-hosted DNS server. It does not expose a public hosted API with provider-imposed per-second request limits. The HTTP Health (port 8080) and Prometheus Metrics (port 9153) endpoints are intended for in-cluster operations and have no upstream-imposed rate limit; effective limits are bounded by the operator's deployment topology and node CPU. CoreDNS does, however, ship plugins (ratelimit, bufsize, cache) that operators can configure to throttle DNS query throughput.
3 Limits
Cloud NativeDNSKubernetesNetworkingOpen SourceService DiscoveryRate Limiting
Limits
DNS query rate deployment
operator-configured
Bounded by node CPU and configured via the optional ratelimit plugin. No upstream-imposed number.
Health endpoint deployment
not enforced
HTTP /health on port 8080 is intended for kubelet liveness/readiness probes; CoreDNS does not throttle it.
Metrics endpoint deployment
not enforced
HTTP /metrics on port 9153 is intended for Prometheus scraping; CoreDNS does not throttle it.
Policies
Operator-configured throttling
Use the ratelimit plugin (external) to apply per-source rate limits to DNS queries. Configure cache and bufsize plugins to absorb bursts and reduce upstream load.
No hosted API
CoreDNS is run by the operator inside their cluster or environment. There is no provider-hosted DNS endpoint and therefore no provider-imposed rate limit.
Backoff for clients
DNS clients should respect SERVFAIL and REFUSED responses and back off rather than hot-looping; the cache plugin can be tuned to reduce load when SERVFAIL spikes.