c-ares: add option for udp_max_queries

[deveshkandpal1224]

Commit Message: Provides an option to set udp_max_queries in DNSResolverOptions to limit max UDP queries.
Additional Description: This change does following:

• Implements the fix in this version of c-ares library that has been raised in this comment.
• Updates cares_dns_resolver.proto to expose the option to pass udp_max_queries which can then be passed to c-ares.
• Adds a unit test to validate that when udp_max_queries is set, ARES_OPT_UDP_MAX_QUERIES flag is set as well.

Risk Level: Low
Testing: Unit test
Docs Changes: n/a
Release Notes: updated
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @lizan
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).
CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @htuch

🐱

Caused by: #33551 was opened by deveshkandpal1224.

see: more, trace.

[adisuissa]

@yanjunxiang-google can you please take a first pass?

[yanjunxiang-google]

nit: This change is for updating c-ares library to 1.20, but have nothing to do with the udp_max_queries option support. Does it make sense to separate it?

[deveshkandpal1224]

DestroyChannelOnRefused and CustomResolverValidAfterChannelDestruction test fail in dns_impl_test.cc after upgrading the c-ares library to 1.20 if this isn't added, while udp_max_queries is supported in 1.20 so kind of tied together if that makes sense ? Or do you suggest splitting this into 2 PRs ?

[htuch]

Can you split into two PRs? It will make it easier to review the dependency updates vs. the UDP query specific change proposed. Thanks!

[deveshkandpal1224]

sure I can split it. Let me send out a PR for library update.

[yanjunxiang-google]

nit:
Is there a way to verify the UdpMaxQueries number actually is enforced by the c-ares library?

[deveshkandpal1224]

@yanjunxiang-google - do you mean by checking opts.udp_max_queries or something more involved ? I tried poking in that area but couldn't find anything obvious - if you have suggestions - happy to look into it!

[rakeshdatta]

I was pushing c'ares team for this change : c-ares/c-ares#444

I believe you can test like this:

• set this value as n
• keep pumping traffic.
• Dont turn on dns over tcp
• Sniffing ('ngrep -W single -l -q -d any -i "" udp port 53') the DNS packets
• The src port should keep changing after every n DNS resolution requests.

[yanavlasov]

This change should be ok as is, since we rely on c-ares to test the behavior of the ARES_OPT_UDP_MAX_QUERIES flag. I do not think it is important to validate that this flag is working in c-ares.

[yanjunxiang-google]

LGTM in high level except a few nit comments.

[yanjunxiang-google]

LGTM

[lizan]

/lgtm api

@yanavlasov for cares DNS resolver owner.

[rakeshdatta]

I was pushing c'ares team for this change : c-ares/c-ares#444

I believe you can test like this:

• set this value as n
• keep pumping traffic.
• Dont turn on dns over tcp
• Sniffing ('ngrep -W single -l -q -d any -i "" udp port 53') the DNS packets

The src port should keep changing after every n DNS resolution requests.

[yanavlasov]

/wait-any

[yanavlasov]

Would it make sense to move this option in c-ares specific configuration: https://github.com/envoyproxy/envoy/blob/main/api/envoy/extensions/network/dns_resolver/cares/v3/cares_dns_resolver.proto ?

[deveshkandpal1224]

I was in two minds thinking that if tomorrow there was an option for apple dns resolver, it could be leveraged. But happy to move this to c-ares if that makes more sense.