DNS Resolution

Many Envoy components resolve DNS: different cluster types ( strict dns, logical dns); the dynamic forward proxy system (which is composed of a cluster and a filter); the udp dns filter, etc. Envoy uses c-ares as a third party DNS resolution library. On Apple OSes Envoy additionally offers resolution using Apple specific APIs via the envoy.restart_features.use_apple_api_for_dns_lookups runtime feature.

Envoy provides DNS resolution through extensions, and contains 3 built-in extensions:

  1. c-ares: CaresDnsResolverConfig

  2. Apple (iOS/macOS only): AppleDnsResolverConfig

  3. getaddrinfo: GetAddrInfoDnsResolverConfig

For an example of a built-in DNS typed configuration see the HTTP filter configuration documentation.

The c-ares based DNS Resolver emits the following stats rooted in the dns.cares stats tree:

Name

Type

Description

resolve_total

Count

Number of DNS queries

pending_resolutions

Gauge

Number of pending DNS queries

not_found

Counter

Number of DNS queries that returned NXDOMAIN or NODATA response

timeout

Counter

Number of DNS queries that resulted in timeout

get_addr_failure

Counter

Number of general failures during DNS quries

The Apple-based DNS Resolver emits the following stats rooted in the dns.apple stats tree:

Name

Type

Description

connection_failure

Counter

Number of failed attempts to connect to the DNS server

get_addr_failure

Counter

Number of general failures when calling GetAddrInfo API

network_failure

Counter

Number of failures due to network connectivity

processing_failure

Counter

Number of failures when processing data from the DNS server

socket_failure

Counter

Number of failed attempts to obtain a file descriptor to the socket to the DNS server

timeout

Counter

Number of queries that resulted in a timeout