Kubernetes Network Created: 12 Apr 2026 Updated: 12 Apr 2026

ExternalName Service

ExternalName is a special type of service that does not have selectors and uses DNS names instead.

When looking up the host ext-service.default.svc.cluster.local, the cluster DNS service returns a CNAME record of database.mycompany.com:

apiVersion: v1
kind: Service
metadata:
name: ext-service
spec:
type: ExternalName
externalName: database.mycompany.com

If developers are migrating an application into Kubernetes but its dependencies are staying external to the cluster, ExternalName service allows them to define a DNS record internal to the cluster no matter where the service actually runs.

DNS will try the search as shown in the following example:

kubectl exec -it dnsutils -- host -v -t a github.com
Trying "github.com.default.svc.cluster.local"
Trying "github.com.svc.cluster.local"
Trying "github.com.cluster.local"
Trying "github.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55908
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;github.com. IN A

;; ANSWER SECTION:
github.com. 30 IN A 140.82.112.3

Received 54 bytes from 10.96.0.10#53 in 18 ms

As an example, the ExternalName service allows developers to map a service to a DNS name.

Now if we deploy the external service like so:

kubectl apply -f service-external.yml
service/external-service created

The A record for github.com is returned from the external-service query:

kubectl exec -it dnsutils -- host -v -t a external-service
Trying "external-service.default.svc.cluster.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11252
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;external-service.default.svc.cluster.local. IN A

;; ANSWER SECTION:
external-service.default.svc.cluster.local. 24 IN CNAME github.com.
github.com. 24 IN A 140.82.112.3

Received 152 bytes from 10.96.0.10#53 in 0 ms

The CNAME for the external service returns github.com:

kubectl exec -it dnsutils -- host -v -t cname external-service
Trying "external-service.default.svc.cluster.local"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36874
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;external-service.default.svc.cluster.local. IN CNAME

;; ANSWER SECTION:
external-service.default.svc.cluster.local. 30 IN CNAME github.com.

Received 126 bytes from 10.96.0.10#53 in 0 ms

Sending traffic to a headless service via a DNS record is possible but inadvisable. DNS is a notoriously poor way to load balance, as software takes very different (and often simple or unintuitive) approaches to A or AAAA DNS records that return multiple IP addresses. For example, it is common for software to always choose the first IP address in the response and/or cache and reuse the same IP address indefinitely. If you need to be able to send traffic to the service’s DNS address, consider a (standard) ClusterIP or LoadBalancer service.

The “correct” way to use a headless service is to query the service’s A/AAAA DNS record and use that data in a server-side or client-side load balancer.

Most of the services we have been discussing are for internal traffic management for the cluster network. In our next sections, will be reviewing how to route requests into the cluster with service type LoadBalancer and ingress.


Share this lesson:

Details

Category
Kubernetes
Sub: Network
View All Courses Back to Lessons

Navigation

Progress 25 / 25
Start 100% Complete
Kubernetes Endpoints
Statistics
2 Lessons in Network
5 SubCategories in Kubernetes
25 Total Lessons in Kubernetes