.. _envoy_v3_api_file_envoy/extensions/filters/udp/dns_filter/v3/dns_filter.proto: DNS Filter (proto) ================== .. _extension_envoy.filters.udp.dns_filter: This extension has the qualified name ``envoy.filters.udp.dns_filter`` .. note:: This extension is functional but has not had substantial production burn time, use only with this caveat. This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted. .. tip:: This extension extends and can be used with the following extension category: - :ref:`envoy.filters.udp_listener ` This extension must be configured with one of the following type URLs: - :ref:`type.googleapis.com/envoy.extensions.filters.udp.dns_filter.v3.DnsFilterConfig ` DNS Filter :ref:`configuration overview `. .. _envoy_v3_api_msg_extensions.filters.udp.dns_filter.v3.DnsFilterConfig: extensions.filters.udp.dns_filter.v3.DnsFilterConfig ---------------------------------------------------- :repo:`[extensions.filters.udp.dns_filter.v3.DnsFilterConfig proto] ` Configuration for the DNS filter. .. code-block:: json :force: { "stat_prefix": ..., "server_config": {...}, "client_config": {...} } .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.stat_prefix: stat_prefix (`string `_, *REQUIRED*) The stat prefix used when emitting DNS filter statistics .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.server_config: server_config (:ref:`extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig `) Server context configuration contains the data that the filter uses to respond to DNS requests. .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.client_config: client_config (:ref:`extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig `) Client context configuration controls Envoy's behavior when it must use external resolvers to answer a query. This object is optional and if omitted instructs the filter to resolve queries from the data in the server_config .. _envoy_v3_api_msg_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig: extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig ------------------------------------------------------------------------ :repo:`[extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig proto] ` This message contains the configuration for the DNS Filter operating in a server context. This message will contain the virtual hosts and associated addresses with which Envoy will respond to queries .. code-block:: json :force: { "inline_dns_table": {...}, "external_dns_table": {...} } .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig.inline_dns_table: inline_dns_table (:ref:`data.dns.v3.DnsTable `) Load the configuration specified from the control plane Precisely one of :ref:`inline_dns_table `, :ref:`external_dns_table ` must be set. .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ServerContextConfig.external_dns_table: external_dns_table (:ref:`config.core.v3.DataSource `) Seed the filter configuration from an external path. This source is a yaml formatted file that contains the DnsTable driving Envoy's responses to DNS queries Precisely one of :ref:`inline_dns_table `, :ref:`external_dns_table ` must be set. .. _envoy_v3_api_msg_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig: extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig ------------------------------------------------------------------------ :repo:`[extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig proto] ` This message contains the configuration for the DNS Filter operating in a client context. This message will contain the timeouts, retry, and forwarding configuration for Envoy to make DNS requests to other resolvers .. code-block:: json :force: { "resolver_timeout": {...}, "dns_resolution_config": {...}, "typed_dns_resolver_config": {...}, "max_pending_lookups": ... } .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig.resolver_timeout: resolver_timeout (`Duration `_) Sets the maximum time we will wait for the upstream query to complete We allow 5s for the upstream resolution to complete, so the minimum value here is 1. Note that the total latency for a failed query is the number of retries multiplied by the resolver_timeout. .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig.dns_resolution_config: dns_resolution_config (:ref:`config.core.v3.DnsResolutionConfig `) DNS resolution configuration which includes the underlying dns resolver addresses and options. This field is deprecated in favor of :ref:`typed_dns_resolver_config `. .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig.typed_dns_resolver_config: typed_dns_resolver_config (:ref:`config.core.v3.TypedExtensionConfig `) DNS resolver type configuration extension. This extension can be used to configure c-ares, apple, or any other DNS resolver types and the related parameters. For example, an object of :ref:`CaresDnsResolverConfig ` can be packed into this ``typed_dns_resolver_config``. This configuration replaces the :ref:`dns_resolution_config ` configuration. During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists, when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``. When ``typed_dns_resolver_config`` is missing, the default behavior is in place. .. _extension_category_envoy.network.dns_resolver: .. tip:: This extension category has the following known extensions: - :ref:`envoy.network.dns_resolver.apple ` - :ref:`envoy.network.dns_resolver.cares ` - :ref:`envoy.network.dns_resolver.getaddrinfo ` .. _envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig.max_pending_lookups: max_pending_lookups (`uint64 `_) Controls how many outstanding external lookup contexts the filter tracks. The context structure allows the filter to respond to every query even if the external resolution times out or is otherwise unsuccessful