feat(egress): add nameserver exempt for direct DNS forwarding#356
feat(egress): add nameserver exempt for direct DNS forwarding#356hittyt merged 4 commits intoalibaba:mainfrom
Conversation
|
@codex review |
hittyt
left a comment
hittyt
left a comment
There was a problem hiding this comment.
The PR introduces a valuable 'nameserver exempt' feature to bypass egress proxying for specific destinations. However, the implementation has a few critical gaps, particularly regarding CIDR support in nftables and performance in the DNS hot path.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 437f383a1f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
hittyt
left a comment
hittyt
left a comment
There was a problem hiding this comment.
The PR adds a necessary 'nameserver exempt' feature to handle cases where upstream DNS is only reachable via specific routes. However, there is a critical regression in IPv6 DNS redirection and some performance concerns in the proxy hot path.
3 participants
Summary
Testing
Breaking Changes
Checklist