gke/BP/2025_001

GKE clusters should have NodeLocal DNSCache enabled for better DNS performance.

Product: Google Kubernetes Networking
Rule class: BP - Best practice, opinionated recommendation

Description

NodeLocal DNSCache improves DNS reliability and performance within the cluster by running a local DNS cache on each node. This reduces latency and load on kube-dns. It is a recommended best practice for most Standard clusters. Autopilot clusters have this enabled by default.

Remediation

Enable NodeLocal DNSCache on an existing Standard cluster using the following gcloud command:

gcloud container clusters update ${CLUSTER_NAME} \
    --location=${COMPUTE_LOCATION} \
    --update-addons=NodeLocalDNS=ENABLED

Replace ${CLUSTER_NAME} and ${COMPUTE_LOCATION} (e.g., us-central1 for region) with your cluster’s details.

Further information

See https://cloud.google.com/kubernetes-engine/docs/how-to/nodelocal-dns-cache