Limit DNS matchname/matchpattern rule lengths #21491
Labels
help-wanted
Please volunteer for this by adding yourself as an assignee!
kind/enhancement
This would improve or streamline existing functionality.
pinned
These issues are not marked stale by our issue bot.
sig/agent
Cilium agent related.
stale
The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
DNS names can only be up to 255 characters in length:
https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4
Furthermore, DNS matchpattern rules that are excessively long could cause Cilium agent to take a long time to process the rules. It would make sense to impose a (configurable?) limit on these, perhaps something like 63 to begin with.
Tasks:
The text was updated successfully, but these errors were encountered: