dns: add a new RUST-based DNS resolver extension

[agrawroh]

Description

This PR adds a new RUST-based DNS resolver extension to Envoy.

---

Commit Message: dns: add a new RUST-based DNS resolver extension
Additional Description: Added a new RUST-based DNS resolver extension to Envoy.
Risk Level: Low
Testing: Added Tests
Docs Changes: Added
Release Notes: Added

[repokitteh-read-only]

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #44090 was opened by agrawroh.

see: more, trace.

[agrawroh]

/gemini review

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @mattklein123
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).
CC @envoyproxy/dependency-shepherds: Your approval is needed for changes made to (bazel/.*repos.*\.bzl)|(bazel/dependency_imports\.bzl)|(api/bazel/.*\.bzl)|(.*/requirements\.txt)|(.*\.patch).
envoyproxy/dependency-shepherds assignee is @moderation

🐱

Caused by: #44090 was ready_for_review by agrawroh.

see: more, trace.

[gemini-code-assist]

Code Review

This pull request introduces a new Rust-based DNS resolver extension, Hickory, which is a great addition. The implementation is comprehensive, including the core logic in Rust, the C++ shell, ABI definitions, build system changes, documentation, and tests.

My review has identified two main issues:

1. A large, unrelated Tracer ABI definition has been included in source/extensions/dynamic_modules/abi/abi.h. This should be removed.
2. There's a bug in the DNS-over-HTTPS configuration logic in the Rust implementation that prevents using hostnames in DoH URLs.

Apart from these points, the changes look solid. The C++ shell and Rust SDK are well-designed for thread safety and proper resource management.

[agrawroh]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new Rust-based DNS resolver extension, Hickory, to Envoy. This is a substantial and well-executed feature, including a new dynamic module ABI for DNS resolvers, a Rust SDK for this ABI, the C++ shell for the extension, and the Rust implementation of the resolver logic. The code is well-structured, documented, and comes with comprehensive unit and integration tests. My review identified a critical issue in the new Rust SDK module where FFI functions are not panic-safe. Panics from user code could unwind across the FFI boundary, leading to undefined behavior and process crashes. I have provided comments with code suggestions to wrap the FFI calls with catch_unwind to ensure safety, consistent with other parts of the dynamic module SDK.

[agrawroh]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new Rust-based DNS resolver, Hickory, as a dynamic module. This is a significant and well-executed addition, providing modern DNS features like DNS-over-TLS, DNS-over-HTTPS, and DNSSEC. The implementation is thoughtfully split between a C++ shell and a Rust module, communicating via a new, well-documented DNS resolver ABI. The changes are extensive, touching API definitions, build systems, documentation, and adding new implementation and test files. The C++/Rust interaction, particularly the threading and shutdown logic, appears robust. The tests are comprehensive, covering both unit and integration scenarios. I have one suggestion to enhance configuration validation in the Rust module.