microsoft · rbtr · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
@@ -1,16 +1,16 @@
 # `dns` (Linux)
 
-Counts number of packets/bytes dropped on a Node, along with the direction and reason for drop.
+Captures both incoming and outgoing DNS traffic, providing various metrics and details about the DNS queries and responses.
 
 ## Metrics
 
 See metrics for [Basic Mode](../basic.md#plugin-dns-linux) or [Advanced Mode](../advanced.md#plugin-dns-linux).
 
 ## Architecture
 
-The plugin utilizes eBPF to gather data.
-The plugin generates Basic metrics from an eBPF result.
-In Advanced mode (see [Metric Modes](../modes.md)), the plugin turns this eBPF result into an enriched `Flow` (adding Pod information based on IP), then sends the `Flow` to an external channel so that a dns module can create extra Pod-Level metrics.
+This plugin fundamentally relies on [Inspektor Gadget](https://github.com/inspektor-gadget/inspektor-gadget)'s DNS Tracer for monitoring DNS traffic. It uses eBPF (Extended Berkeley Packet Filter) to efficiently track DNS events. Following the capture of these events, the plugin generates basic metrics derived from the eBPF results.
+
+In its Advanced mode (refer to [Metric Modes](https://retina.sh/docs/metrics/modes) for more details), the plugin further processes the eBPF results into an enriched Flow. This Flow includes additional Pod information, determined by IP. Subsequently, the Flow is transmitted to an external channel. This allows a DNS module to generate additional Pod-Level metrics.
 
 ### Code locations