Open tssurya opened 1 month ago
@rahulkjoshi : The API PR will follow soon right?
Got a few questions about the NPEP:
If a policy is applied after a lookup is already performed and cached by the client, is the implementor required to allow the traffic based on the past query?
Cilium's implementation forces you to specify matchPattern: "*"
which explicitly caches all dns on port 53, or otherwise blocks DNS queries if matched with toFQDN
(unlike the NPEP requirement) which ensures that an old lookup is not used.
The other thing that's not super clear is what DNS traffic is expected to be detected:
53
be supported?
API Details:
So implementing it here will help us make it part of our upstream CI tests.