Skip to content

LLT-7053: Integrate DNS forwarder#1765

Open
tomasz-grz wants to merge 1 commit intoLLT-7053_raw_forwarderfrom
LLT-7053_integrate_forwarder
Open

LLT-7053: Integrate DNS forwarder#1765
tomasz-grz wants to merge 1 commit intoLLT-7053_raw_forwarderfrom
LLT-7053_integrate_forwarder

Conversation

@tomasz-grz
Copy link
Copy Markdown
Contributor

@tomasz-grz tomasz-grz commented May 5, 2026
edited
Loading

Problem

Non .nord DNS queries are forwarded through hickory-server's ForwardAuthority zone. We want to remove hickory dependencies as it adds unnecessary overhead, requires additional maintenance and was a source of bugs.

Solution

Integrate RawForwarder into LocalNameServer behind a new use_raw_forwarder feature flag.

  • Add use_raw_forwarder: Option<bool> to FeatureDns (default: None, uses hickory-server)
  • When use_raw_forwarder is true, LocalNameServer routes non .nord queries through RawForwarder instead of hickory Resolver and ClonableZones::lookup().
  • The hickory-server path remains the default
  • Parametrize nat-lab DNS tests to run with both hickory and raw forwarder

☑️ Definition of Done checklist

  • Commit history is clean (requirements)
  • README.md is updated
  • Functionality is covered by unit or integration tests

@tomasz-grz tomasz-grz self-assigned this May 5, 2026
@tomasz-grz tomasz-grz changed the base branch from main to LLT-7053_raw_forwarder May 5, 2026 09:21
@tomasz-grz tomasz-grz force-pushed the LLT-7053_integrate_forwarder branch from 52c8993 to 714dd91 Compare May 5, 2026 12:46
@tomasz-grz tomasz-grz marked this pull request as ready for review May 5, 2026 16:10
@tomasz-grz tomasz-grz requested a review from a team as a code owner May 5, 2026 16:10
@tomasz-grz tomasz-grz force-pushed the LLT-7053_integrate_forwarder branch from 714dd91 to 7188885 Compare May 5, 2026 16:17
@tomasz-grz
Integrate raw DNS forwarder behind feature flag
2828781 
Integrate RawForwarder into LocalNameServer as an alternative to
hickory-based zone forwarding. When `use_raw_forwarder` is enabled,
non-.nord queries are forwarded as raw UDP packets to upstream
nameservers. The hickory-server forwarder remains the default.
@tomasz-grz tomasz-grz force-pushed the LLT-7053_integrate_forwarder branch from 7188885 to 2828781 Compare May 5, 2026 16:20
gytsto
gytsto reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gytsto gytsto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm +1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gytsto gytsto gytsto left review comments

Assignees

@tomasz-grz tomasz-grz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomasz-grz @gytsto