chaos-controller icon indicating copy to clipboard operation
chaos-controller copied to clipboard
verified publisher icon DataDog

feat(network-disruption): add DNS resolver control

Open aymericDD opened this issue 1 month ago • 2 comments

What does this PR do?

  • [x] Adds new functionality
  • [ ] Alters existing functionality
  • [ ] Fixes a bug
  • [ ] Improves documentation or testing

Please briefly describe your changes as well as the motivation behind them:

Changes:

  • Adds per-host DNS resolution strategy control through a new dnsResolver field on network disruption hosts
  • Implements four DNS resolver strategies: pod, node, pod-fallback-node (default), and node-fallback-pod
  • Refactors DNS client to support strategy-based resolution with ResolveWithStrategy method
  • Adds getResolversAndNames helper method for cleaner DNS configuration logic

Motivation:

  • Addresses issues with service mesh proxies (like Istio DNS proxy) that intercept DNS queries and return VIP addresses (240.x.x.x) that don't work with tc traffic control rules
  • Provides flexibility for users to choose between pod and node nameservers based on their cluster configuration
  • Maintains backward compatibility with default pod-fallback-node strategy

Resolves: #882

Code Quality Checklist

  • [x] The documentation is up to date.
  • [x] My code is sufficiently commented and passes continuous integration checks.
  • [x] I have signed my commit (see Contributing Docs).

Testing

  • [x] I leveraged continuous integration testing
    • [x] by depending on existing unit tests or end-to-end tests.
    • [x] by adding new unit tests or end-to-end tests.
  • [x] I manually tested the following steps:
    • Test default behavior without specifying dnsResolver field (uses pod-fallback-node)
    • Test dnsResolver: pod strategy to verify pod-only DNS resolution
    • Test dnsResolver: node strategy to verify node-only DNS resolution
    • Test dnsResolver: pod-fallback-node with pod DNS failure to verify fallback
    • Test dnsResolver: node-fallback-pod with node DNS failure to verify fallback
    • Test with Istio-enabled namespace using dnsResolver: node to bypass DNS proxy
    • [x] locally.
    • [ ] as a canary deployment to a cluster.

aymericDD avatar Dec 18 '25 11:12 aymericDD

This stack of pull requests is managed by Graphite. Learn more about stacking.

aymericDD avatar Dec 18 '25 11:12 aymericDD

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: a81a3d8 | Docs | Datadog PR Page | Was this helpful? Give us feedback!

datadog-datadog-prod-us1[bot] avatar Dec 18 '25 11:12 datadog-datadog-prod-us1[bot]