You are browsing documentation for a version of Kuma that is not the latest release.

Looking for even older versions? Learn more.

DNS in the control plane

This is deprecated way of handling Kuma DNS that will be removed in the future versions of Kuma. Consider using DNS embedded in kuma-dp

In this mode, DNS traffic is not intercepted and resolved by Envoy, but the DNS resolver is explicitly configured with kuma-cp DNS server for defined domains (.mesh by default).

How Kuma DNS in the control plane works

Kuma DNS in the control plane works in a similar way as Kuma DNS embedded in kuma-dp, but DNS server is run by kuma-cp. The DNS server in kuma-cp listens on port 5653.


The Kuma control plane exposes a DNS service which handles the name resolution in the .mesh DNS zone.

Usually DNS configuration expects DNS server to be served on port 53 therefore we need to configure the control plane with KUMA_DNS_SERVER_PORT set to 53.

  1. When you install the control plane, configure it with the following environment variable to disable the data plane proxy DNS:


  2. Plug Kuma DNS resolver into Kube DNS or Core DNS

    kumactl install dns

Last Updated: 11/4/2022, 13:26:36 PM