How to expose kube-dns service for queries outside cluster?

Are you querying on the tcp port or the udp port?

I changed my kube-dns to be a NodePort service:

$ kubectl describe services kube-dns --namespace kube-systemName:           kube-dnsNamespace:      kube-systemLabels:         k8s-app=kube-dns            kubernetes.io/cluster-service=true            kubernetes.io/name=KubeDNSSelector:       k8s-app=kube-dnsType:           NodePortIP:         10.171.240.10Port:           dns 53/UDPNodePort:       dns 30100/UDPEndpoints:      10.168.0.6:53Port:           dns-tcp 53/TCPNodePort:       dns-tcp 30490/TCPEndpoints:      10.168.0.6:53Session Affinity:   None

and then queried on the udp port from outside of the cluster and everything appeared to work:

$ dig -p 30100 @10.240.0.4 kubernetes.default.svc.cluster.local; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -p 30100 @10.240.0.4 kubernetes.default.svc.cluster.local; (1 server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45472;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;kubernetes.default.svc.cluster.local. IN A;; ANSWER SECTION:kubernetes.default.svc.cluster.local. 30 IN A   10.171.240.1;; Query time: 3 msec;; SERVER: 10.240.0.4#30100(10.240.0.4);; WHEN: Thu May 26 18:27:32 UTC 2016;; MSG SIZE  rcvd: 70

Right now, Kubernetes does not allow NodePort services to share the same port for tcp & udp (see Issue #20092). That makes this a little funky for something like DNS.

EDIT: The bug was fixed in Kubernetes 1.3.