Back to articles
DevOpsMay 20, 20262 min read

Cross-Namespace Communication in Kubernetes using Internal DNS (FQDN)

A practical look at how Kubernetes handles internal cross-namespace networking natively through Fully Qualified Domain Names (FQDN) without complex routing or external IPs.

One of the first things you learn when diving into Kubernetes is that Namespaces are exceptional for resource isolation. They allow you to segment clusters into logical groups. However, in a real-world microservices architecture, services rarely live in an isolated vacuum.

Eventually, you will run into a scenario where Service-A running in your backend namespace needs to talk to Database-B running in your data namespace. How do you bridge that gap cleanly?

The Native Kubernetes Solution: FQDN

I found that you do not need to mess with complex ingress routing, custom proxies, or external IP addresses. Kubernetes handles cross-namespace communication natively through its internal DNS hierarchy using Fully Qualified Domain Names (FQDN).

If you are inside the cluster, any service is reachable using this standard, predictable DNS format:

text read-only 
[service-name].[namespace].svc.cluster.local

For example, if your backend service wants to connect to a PostgreSQL database named postgres-service in the data namespace, it simply connects to the host:

text read-only 
postgres-service.data.svc.cluster.local

Why This Internal DNS Architecture is Powerful

  • Logical Separation: You can group resources cleanly by team, project, or lifecycle stage (e.g. dev, staging, prod) without losing internal system connectivity.
  • Zero Hardcoding: You never have to worry about ephemeral Pod IP addresses. As long as the service definition name is stable, CoreDNS resolves the record to the correct active Pods behind the scenes.
  • Security Context (Network Policies): By using namespaces and services, you set a perfect stage for implementing granular Network Policies. This allows you to explicitly allow-list traffic between specific namespaces, securing your cluster from unauthorized internal lateral movements.

    • Testing it Locally with kind (Kubernetes in Docker)

    If you are looking to test multi-node networking configurations locally without renting cloud VMs, I highly recommend using kind (Kubernetes in Docker). It is a fantastic tool to simulate multi-node clusters and inspect how CoreDNS maps these DNS records under the hood.

    Setting up cross-namespace DNS resolution is one of those small details that connects the dots on how Kubernetes orchestrates robust, secure, and developer-friendly cloud-native networks!

    P
    Pratik Sangani
    Backend Developer & Architect
    Get in touch