Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more DNS configuration fields to ServiceEntry when resolution: DNS #53319

Open
spacewander opened this issue Sep 27, 2024 · 2 comments
Open

Add more DNS configuration fields to ServiceEntry when resolution: DNS #53319

spacewander opened this issue Sep 27, 2024 · 2 comments
Labels
area/networking kind/enhancement

Comments

@spacewander
Copy link
Contributor

(This is used to request new product features, please visit https://github.com/istio/istio/discussions for questions on using Istio)

Describe the feature request

Currently, when we use resolution: DNS ServiceEntry, there is little way to control the DNS lookup behavior. As mentioned by https://istio.io/latest/docs/ops/configuration/traffic-management/dns/, if we need to reduce the DNS server overhead, we have to:

  1. reduce the usage of resolution: DNS ServiceEntry
  2. reduce the TTL in domain's DNS record

However, in the real world, if we need to use DNS to connect a domain, it's probable that the team maintains the Istio doesn't own the domain. Therefore we can't reduce the TTL of the DNS record from the source.

Moreover, sometimes we need to configure a separate DNS failure refresh rate of a domain, to archive a better fail-over.

Envoy's CDS supports configuring DNS refresh rate per cluster, so what we need is to provide an equivalent configuration in Istio.

Describe alternatives you've considered

Use EnvoyFilter to modify the cluster resource generated from the ServiceEntry.

Affected product area (please put an X in all that apply)

[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[x] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

Affected features (please put an X in all that apply)

[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane

Additional context
@howardjohn
Copy link
Member

does envoyproxy/envoy#20562 is in progress, meet your needs? It's a bit orthogonal but the same goal of reduced DNS load

@spacewander
Copy link
Contributor Author

@howardjohn
Thanks for your suggestion!

However, "reduce the DNS server overhead" is just an example of customizing DNS configuration. What we actually want to do is the opposite - reduce the DNS TTL to get a faster fail-over. We also plan to configure a higher failure refresh rate so the down of the DNS server won't affect the proxy immediately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/networking kind/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@howardjohn @spacewander @istio-policy-bot