dns_filter: Add external resolution (#11384)

Extend the DNS Filter so that it can resolve queries using external resolvers Additional Description: The DNS Filter up to this point resolves queries from its local configuration. This change adds the ability to define external name servers and refer queries that cannot be answered from the local config. We also add metrics to gauge the filters behavior and performance. Signed-off-by: Alvin Baptiste <alvinsb@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ d0e52aade70bf841803476b12657ab6053897745
5 years ago · 3f64335226
parent e353deafeb
commit 3f64335226
2 changed files with 22 additions and 12 deletions
--- a/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
+++ b/envoy/extensions/filters/udp/dns_filter/v3alpha/dns_filter.proto
@ -2,6 +2,7 @@ syntax = "proto3";

 package envoy.extensions.filters.udp.dns_filter.v3alpha;

+import "envoy/config/core/v3/address.proto";
 import "envoy/config/core/v3/base.proto";
 import "envoy/data/dns/v3/dns_table.proto";

@ -46,14 +47,18 @@ message DnsFilterConfig {
  message ClientContextConfig {
    // Sets the maximum time we will wait for the upstream query to complete
    // We allow 5s for the upstream resolution to complete, so the minimum
-    // value here is 5
-    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 5}}];
+    // value here is 1. Note that the total latency for a failed query is the
+    // number of retries multiplied by the resolver_timeout.
+    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 1}}];

    // A list of DNS servers to which we can forward queries
-    repeated string upstream_resolvers = 2 [(validate.rules).repeated = {
-      min_items: 1
-      items {string {min_len: 3}}
-    }];
+    repeated config.core.v3.Address upstream_resolvers = 2
+        [(validate.rules).repeated = {min_items: 1}];
+
+    // Controls how many outstanding external lookup contexts the filter tracks.
+    // The context structure allows the filter to respond to every query even if the external
+    // resolution times out or is otherwise unsuccessful
+    uint64 max_pending_lookups = 3 [(validate.rules).uint64 = {gte: 1}];
  }

  // The stat prefix used when emitting DNS filter statistics
--- a/envoy/extensions/filters/udp/dns_filter/v4alpha/dns_filter.proto
+++ b/envoy/extensions/filters/udp/dns_filter/v4alpha/dns_filter.proto
@ -2,6 +2,7 @@ syntax = "proto3";

 package envoy.extensions.filters.udp.dns_filter.v4alpha;

+import "envoy/config/core/v4alpha/address.proto";
 import "envoy/config/core/v4alpha/base.proto";
 import "envoy/data/dns/v4alpha/dns_table.proto";

@ -56,14 +57,18 @@ message DnsFilterConfig {

    // Sets the maximum time we will wait for the upstream query to complete
    // We allow 5s for the upstream resolution to complete, so the minimum
-    // value here is 5
-    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 5}}];
+    // value here is 1. Note that the total latency for a failed query is the
+    // number of retries multiplied by the resolver_timeout.
+    google.protobuf.Duration resolver_timeout = 1 [(validate.rules).duration = {gte {seconds: 1}}];

    // A list of DNS servers to which we can forward queries
-    repeated string upstream_resolvers = 2 [(validate.rules).repeated = {
-      min_items: 1
-      items {string {min_len: 3}}
-    }];
+    repeated config.core.v4alpha.Address upstream_resolvers = 2
+        [(validate.rules).repeated = {min_items: 1}];
+
+    // Controls how many outstanding external lookup contexts the filter tracks.
+    // The context structure allows the filter to respond to every query even if the external
+    // resolution times out or is otherwise unsuccessful
+    uint64 max_pending_lookups = 3 [(validate.rules).uint64 = {gte: 1}];
  }

  // The stat prefix used when emitting DNS filter statistics