Calico Enterprise 3.21 rolls out eBPF-driven DNS policies to iptables, slicing latency without needing an eBPF overhaul. Enter DNS inline mode: it outpaces competing DNS policies, kills retransmits, and zips up connections. Nftables? Still lagging in eBPF chops, but xtables—which they’ve put out to pasture—fills the gap for now.
