package envoy.extensions.network.dns_resolver.hickory.v3
Get desktop application:
View/edit binary Protocol Buffers messages
message
hickory_dns_resolver.proto:32Configuration for DNS-over-HTTPS (DoH) servers.
Used in:
repeated string server_urls = 1
The list of DNS-over-HTTPS endpoint URLs (e.g., ``https://dns.google/dns-query``).
message
hickory_dns_resolver.proto:23Configuration for DNS-over-TLS (DoT) servers.
Used in:
repeated servers = 1
The list of DNS-over-TLS server addresses. The port should typically be 853.
string tls_server_name = 2
The SNI hostname to use for TLS verification. Required when ``servers`` are specified.
message
hickory_dns_resolver.proto:44Configuration for the Hickory DNS resolver. This resolver uses the Hickory DNS library, a pure Rust DNS implementation, for DNS resolution. It supports standard DNS (UDP/TCP), DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and ``DNSSEC`` validation. The resolver runs asynchronously on its own ``Tokio`` runtime threads, separate from Envoy's event loop threads. Results are delivered back to the calling dispatcher thread. [#next-free-field: 10]
repeated resolvers = 1
A list of DNS resolver addresses for standard UDP/TCP resolution. If not specified and ``use_system_config`` is not explicitly set to ``false``, the system configuration (``/etc/resolv.conf`` on Unix) will be used.
optional dns_over_tls = 2
Configuration for DNS-over-TLS (DoT). When specified, queries will be sent over TLS to the configured servers.
optional dns_over_https = 3
Configuration for DNS-over-HTTPS (DoH). When specified, queries will be sent over HTTPS to the configured endpoints.
bool enable_dnssec = 4
Enables ``DNSSEC`` validation for DNS responses. When enabled, the resolver will validate ``DNSSEC`` signatures and reject responses that fail validation. Defaults to ``false``.
optional cache_size = 5
Maximum number of entries in the DNS response cache. The cache uses an LRU eviction policy and supports negative caching (caching of ``NXDOMAIN``/``NODATA`` responses). Defaults to ``1024``.
optional num_resolver_threads = 6
Number of threads in the ``Tokio`` runtime used for asynchronous DNS resolution. Each resolver instance runs its own ``Tokio`` runtime. Defaults to ``2``. Maximum is ``16``.
optional use_system_config = 7
If ``true``, read the system DNS configuration (``/etc/resolv.conf`` on Unix) for name server addresses and search domains. When ``resolvers`` are also specified, they take precedence over the system configuration. If not specified, defaults to ``true`` when no ``resolvers``, ``dns_over_tls``, or ``dns_over_https`` are configured.
optional query_timeout = 8
Timeout for each individual DNS query attempt. Defaults to ``5`` seconds.
optional query_tries = 9
Maximum number of query attempts before the resolver gives up. Each attempt may use a different name server. Defaults to ``3``.