DNS Filter

This extension may be referenced by the qualified name envoy.filters.udp_listener.dns_filter


This extension is functional but has not had substantial production burn time, use only with this caveat.

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.


This API is work-in-progress and is subject to breaking changes.

DNS Filter configuration overview.


[extensions.filter.udp.dns_filter.v3alpha.DnsFilterConfig proto]

Configuration for the DNS filter.

  "stat_prefix": "...",
  "server_config": "{...}"

(string) The stat prefix used when emitting DNS filter statistics


(extensions.filter.udp.dns_filter.v3alpha.DnsFilterConfig.ServerContextConfig) Server context configuration


[extensions.filter.udp.dns_filter.v3alpha.DnsFilterConfig.ServerContextConfig proto]

This message contains the configuration for the Dns Filter operating in a server context. This message will contain the virtual hosts and associated addresses with which Envoy will respond to queries

  "inline_dns_table": "{...}",
  "external_dns_table": "{...}"

(data.dns.v3.DnsTable) Load the configuration specified from the control plane

Precisely one of inline_dns_table, external_dns_table must be set.


(config.core.v3.DataSource) Seed the filter configuration from an external path. This source is a yaml formatted file that contains the DnsTable driving Envoy’s responses to DNS queries

Precisely one of inline_dns_table, external_dns_table must be set.