Struct DnsProxyConfig 

pub struct DnsProxyConfig {

    pub bind_addr: SocketAddr,
    pub upstream_addr: SocketAddr,
    pub hostname_allowlist: Vec<String>,
    pub allowed_query_types: Vec<DnsQueryType>,
    pub cell_id: String,
    pub run_id: String,
    pub policy_digest: Option<String>,
    pub keyset_id: Option<String>,
    pub issuer_kid: Option<String>,
    pub correlation_id: Option<String>,
    pub upstream_resolver_id: String,
    pub upstream_timeout: Duration,
    pub tcp_idle_timeout: Duration,
    pub dnssec_validator: Option<Arc<DataplaneDnssecValidator>>,
    pub transport: UpstreamTransport,
    pub upstream_extras: UpstreamExtras,
}

Configuration for run_one_shot.

All fields are owned (no borrows / lifetimes) so the supervisor can build this once and pass it into a spawn_blocking thread without lifetime gymnastics.

Fields

bind_addr: SocketAddr

Address the listener socket is bound to. Used only for diagnostic logs; the caller passes the actual pre-bound socket in.

upstream_addr: SocketAddr

Upstream resolver address (must be a do53-udp resolver from dnsAuthority.resolvers[]).

hostname_allowlist: Vec<String>

Lowercased hostname allowlist. Entries may have a single leading *. for subdomain wildcards (e.g. *.cdn.example.com matches foo.cdn.example.com but not cdn.example.com itself).

allowed_query_types: Vec<DnsQueryType>

Permitted query types. Empty = default [A, AAAA, CNAME, HTTPS].

cell_id: String

Cell identifier (mirrors lifecycle.started.cellId).

run_id: String

Run identifier (mirrors lifecycle.started.runId).

policy_digest: Option<String>

Optional policyDigest to bind into emitted events.

keyset_id: Option<String>

Optional keysetId to bind into emitted events.

issuer_kid: Option<String>

Optional issuerKid to bind into emitted events.

correlation_id: Option<String>

Optional correlationId to bind into emitted events.

upstream_resolver_id: String

Resolver identifier — mirrors a dnsAuthority.resolvers[].resolverId. Stamped into events on the allow path so audit can attribute the upstream answer to a declared resolver.

upstream_timeout: Duration

Round-trip timeout for the upstream forward. On timeout the proxy returns SERVFAIL to the workload and emits reasonCode: upstream_failure.

tcp_idle_timeout: Duration

SEAM-1 / L2-04 Slot A5 — per-connection idle timeout for the workload-facing TCP/53 listener. Applied as set_read_timeout / set_write_timeout on every accepted TCP stream so a stuck workload cannot pin a worker thread forever. A zero Duration is treated as “unset” and falls back to [DEFAULT_TCP_IDLE_TIMEOUT] (30s, matching the UDP SERVFAIL ceiling). Only consulted by run_tcp_one_shot; ignored by the UDP-only run_one_shot entry point.

dnssec_validator: Option<Arc<DataplaneDnssecValidator>>

SEC-21 Phase 3h.1 — optional dataplane DNSSEC validator. None means the cell’s DnsAuthority did not request DNSSEC validation on the dataplane (mode = off); the proxy hot path is unchanged. Some(_) means every allowlisted query is post-validated through the validator before the upstream answer is relayed to the workload — see dnssec::DataplaneDnssecValidator for the full behaviour matrix.

transport: UpstreamTransport

SEC-21 Phase 3h.2 / T2.B Slot A6 — upstream transport selector. Default = Do53Udp so the existing UDP-only behaviour is the no-op upgrade path. See upstream::UpstreamTransport for the full dispatch matrix and upstream::forward for the hot-path entry.

upstream_extras: UpstreamExtras

A6 — per-transport extras (DoT SNI, etc.). Unused when transport == Do53Udp; populated by callers selecting DoT/DoH/DoQ.

Trait Implementations

impl Clone for DnsProxyConfig

fn clone(&self) -> DnsProxyConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DnsProxyConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.