dns: disable the use of search namespaces when using the c-ares resolver

api/envoy/config/bootstrap/v3/bootstrap.proto

@@ -39,7 +39,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // <config_overview_bootstrap>` for more detail.
 
 // Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
-// [#next-free-field: 30]
+// [#next-free-field: 31]
 message Bootstrap {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.bootstrap.v2.Bootstrap";
@@ -250,7 +250,11 @@ message Bootstrap {
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 20;
+  bool use_tcp_for_dns_lookups = 20
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // Configuration of DNS Lookup option flags which control the behavior of the DNS resolver.
+  core.v3.DnsLookupOptions dns_lookup_options = 30;
 
   // Specifies optional bootstrap extensions to be instantiated at startup time.
   // Each item contains extension specific configuration.

api/envoy/config/cluster/v3/cluster.proto

@@ -42,7 +42,7 @@ message ClusterCollection {
 }
 
 // Configuration for a single upstream cluster.
-// [#next-free-field: 53]
+// [#next-free-field: 54]
 message Cluster {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
 
@@ -859,12 +859,15 @@ message Cluster {
   // server startup. Apple's API only allows overriding DNS resolvers via system settings.
   repeated core.v3.Address dns_resolvers = 18;
 
-  // [#next-major-version: Reconcile DNS options in a single message.]
   // Always use TCP queries instead of UDP queries for DNS lookups.
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 45;
+  bool use_tcp_for_dns_lookups = 45
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // Configuration of DNS Lookup option flags which control the behavior of the DNS resolver.
+  core.v3.DnsLookupOptions dns_lookup_options = 53;
 
   // If specified, outlier detection will be enabled for this upstream cluster.
   // Each of the configuration values can be overridden via

api/envoy/config/core/v3/base.proto

@@ -444,3 +444,19 @@ message ControlPlane {
   // the Envoy is connected to.
   string identifier = 1;
 }
+
+// Configuration of DNS Lookup option flags which control the behavior of the DNS resolver.
+message DnsLookupOptions {
+  // Always use TCP queries instead of UDP queries for DNS lookups.
+  // This may be overridden on a per-cluster basis in cds_config,
+  // when :ref:`dns_resolvers <envoy_api_field_config.cluster.v3.Cluster.dns_resolvers>` and
+  // :ref:`use_tcp_for_dns_lookups <envoy_api_field_config.cluster.v3.Cluster.use_tcp_for_dns_lookups>` are
+  // specified.
+  // Setting this value causes failure if the
+  // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
+  // server startup. Apple' API only uses UDP for DNS resolution.
+  google.protobuf.BoolValue use_tcp_for_dns_lookups = 1;
+
+  // Do not use the default search domains; only query hostnames as-is or as aliases.
+  google.protobuf.BoolValue no_defalt_search_domain = 2;
+}

api/envoy/extensions/common/dynamic_forward_proxy/v3/BUILD

@@ -6,8 +6,10 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
+        "//envoy/annotations:pkg",
         "//envoy/config/cluster/v3:pkg",
         "//envoy/config/common/dynamic_forward_proxy/v2alpha:pkg",
+        "//envoy/config/core/v3:pkg",
         "@com_github_cncf_udpa//udpa/annotations:pkg",
     ],
 )

api/envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto

@@ -3,10 +3,12 @@ syntax = "proto3";
 package envoy.extensions.common.dynamic_forward_proxy.v3;
 
 import "envoy/config/cluster/v3/cluster.proto";
+import "envoy/config/core/v3/base.proto";
 
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/status.proto";
 import "udpa/annotations/versioning.proto";
 import "validate/validate.proto";
@@ -27,7 +29,7 @@ message DnsCacheCircuitBreakers {
 
 // Configuration for the dynamic forward proxy DNS cache. See the :ref:`architecture overview
 // <arch_overview_http_dynamic_forward_proxy>` for more information.
-// [#next-free-field: 9]
+// [#next-free-field: 10]
 message DnsCacheConfig {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.common.dynamic_forward_proxy.v2alpha.DnsCacheConfig";
@@ -95,10 +97,13 @@ message DnsCacheConfig {
   // Envoy will use dns cache circuit breakers with default settings even if this value is not set.
   DnsCacheCircuitBreakers dns_cache_circuit_breaker = 7;
 
-  // [#next-major-version: Reconcile DNS options in a single message.]
   // Always use TCP queries instead of UDP queries for DNS lookups.
   // Setting this value causes failure if the
   // ``envoy.restart_features.use_apple_api_for_dns_lookups`` runtime value is true during
   // server startup. Apple' API only uses UDP for DNS resolution.
-  bool use_tcp_for_dns_lookups = 8;
+  bool use_tcp_for_dns_lookups = 8
+      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
+
+  // Configuration of DNS Lookup option flags which control the behavior of the DNS resolver.
+  config.core.v3.DnsLookupOptions dns_lookup_options = 9;
 }