DNS dot-suffix: Adds TCP DNS dot-suffix for Direct mode to avoid Kubernetes ndots latency#5731
Open
kirankumarkolli wants to merge 3 commits intomasterfrom
Open
DNS dot-suffix: Adds TCP DNS dot-suffix for Direct mode to avoid Kubernetes ndots latency#5731kirankumarkolli wants to merge 3 commits intomasterfrom
kirankumarkolli wants to merge 3 commits intomasterfrom
Conversation
…ency Adds opt-in DNS dot-suffix (FQDN trailing dot) for Direct/TCP connections to avoid Kubernetes ndots:5 search-domain expansion latency. - Add AZURE_COSMOS_DNS_DOT_SUFFIX_ENABLED environment variable - Add DnsDotSuffixHelper with ToFqdnHostName() and CreateDnsResolutionFunction() - Wire dnsResolutionFunction into StoreClientFactory via DocumentClient - Add unit tests for DnsDotSuffixHelper Fixes #5730 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
5 tasks
kirankumarkolli
commented
Apr 3, 2026
kirankumarkolli
commented
Apr 3, 2026
- Rename AZURE_COSMOS_DNS_DOT_SUFFIX_ENABLED AZURE_COSMOS_TCP_DNS_DOT_SUFFIX_ENABLED - Rename DnsDotSuffixEnabled TcpDnsDotSuffixEnabled - Rename IsDnsDotSuffixEnabled() IsTcpDnsDotSuffixEnabled() - Restore original line endings in IsLengthAwareRangeComparatorEnabled() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
kirankumarkolli
changed the title
kirankumarkolli
requested review from
FabianMeiswinkel,
Pilchie,
adityasa,
khdang,
kirillg,
neildsh and
sboshra
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Feature: Enable DNS dot-suffix for Direct mode to avoid Kubernetes ndots latency
Description
Fixes #5730
On Kubernetes with
ndots:5, Cosmos DB endpoints likemyaccount.documents.azure.com(only 3 dots) trigger multiple failed DNS search-domain expansions before the absolute lookup succeeds. This adds 50-200ms latency per DNS resolution in Direct mode (TCP/RNTBD).This fix leverages the existing
dnsResolutionFunctioninjection point onStoreClientFactoryto append a trailing dot (.) to hostnames at DNS resolution time, making them fully qualified (FQDN). This signals the DNS resolver to skip search-domain expansion entirely.Issue Summary
Root Cause Analysis
Code Path
Root Cause
Connection.ResolveHostAsync()callsDns.GetHostAddressesAsync(hostName)with bare hostnames (e.g.,myaccount.documents.azure.com). On Kubernetes withndots:5, hostnames with fewer than 5 dots trigger search-domain expansion: the resolver first triesmyaccount.documents.azure.com.default.svc.cluster.local, then.svc.cluster.local, etc — all failing — before the absolute lookup. This is not a regression; it has always worked this way, but the latency only manifests in Kubernetes environments.Changes Made
Files Modified
ConfigurationManager.csAZURE_COSMOS_DNS_DOT_SUFFIX_ENABLEDenv var constant +IsDnsDotSuffixEnabled()accessorDnsDotSuffixHelper.cs(new)ToFqdnHostName()appends trailing dot (skips IPs/nulls/already-dotted).CreateDnsResolutionFunction()factory for the StoreClientFactory lambdaDocumentClient.csdnsResolutionFunction:intoStoreClientFactoryconstructor, conditionally enabled via env varDnsDotSuffixHelperTests.cs(new)Code Changes
ToFqdnHostName()usesIPAddress.TryParseto skip IPs, checksEndsWith(".")for idempotency.CreateDnsResolutionFunction()wrapsDns.GetHostAddressesAsyncwith dot-suffix logic.dnsResolutionFunction:in existingStoreClientFactoryconstructor call. Passesnullwhen disabled (preserving default behavior).Generated Output (Before/After)
Before (bare hostname — triggers ndots expansion):
After (FQDN with trailing dot — single query):
Testing
Test Results
New Tests Added
DnsDotSuffixHelperTests.ToFqdnHostName_AppendsTrailingDot- Standard Cosmos DB endpointDnsDotSuffixHelperTests.ToFqdnHostName_IdempotentWhenAlreadyDotSuffixed- Already FQDNDnsDotSuffixHelperTests.ToFqdnHostName_SkipsIPv4Address- IPv4 passthroughDnsDotSuffixHelperTests.ToFqdnHostName_SkipsIPv6Address- IPv6 loopbackDnsDotSuffixHelperTests.ToFqdnHostName_SkipsIPv6FullAddress- Full IPv6DnsDotSuffixHelperTests.ToFqdnHostName_ReturnsNullForNull- Null guardDnsDotSuffixHelperTests.ToFqdnHostName_ReturnsEmptyForEmpty- Empty guardDnsDotSuffixHelperTests.ToFqdnHostName_AppendsTrailingDotToLocalhost- Single-label hostDnsDotSuffixHelperTests.ToFqdnHostName_AppendsTrailingDotToSingleLabel- Short hostnameDnsDotSuffixHelperTests.CreateDnsResolutionFunction_ReturnsNonNullFunction- Factory sanityBreaking Changes
None. Opt-in via environment variable. Default behavior unchanged.
External References
Checklist
Generated by GitHub Copilot CLI Agent