Validate DNS monitoring port range and harden empty-list fallback

[jmw51798]

Builds on the generic string-to-numeric-slice env-var parsing (EnableStringUnmarshal) by adding DNS-port-specific sanitization in config.New():

• Reject out-of-range ports (must be 1-65535) in addition to the existing HTTP-port (80/443) removal. Out-of-range values corrupt the eBPF LOAD_CONSTANT slot encoding and silently disable the filter.
• Sanitize first, then fall back to [53]. Previously the fallback ran before HTTP removal, so a config of only invalid/HTTP ports (e.g. "80 443") left the list empty — disabling DNS monitoring on the eBPF path and capturing all traffic on the classic-BPF path.

Expands TestDNSMonitoringPorts with out-of-range, all-invalid, and fallback cases. A single malformed token now fails the whole env-var parse (the generic converter is all-or-nothing, not per-element zero coercion) and falls back to the default.

What does this PR do?

Motivation

Describe how you validated your changes

Additional Notes

[datadog-prod-us1-6]

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 4 Pipeline jobs failed

DataDog/datadog-agent | oracle: [21.3.0-xe]     

See error

Failed to ping oracle instance: ORA-12514: TNS:listener does not currently know of service requested in connect descriptor

DataDog/datadog-agent | single-machine-performance-regression_detector     

See error

API error 403 Forbidden: Unsupported SMP version, please update. (This can usually be fixed by rebasing on the latest changes).

DataDog/datadog-agent | single-machine-performance-regression_detector-pr-comment     

See error

Regression Detector report not found. No PR comment posted.

View all 4 failed jobs.

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: ba05917 | Docs | Datadog PR Page | Give us feedback!}

[dd-octo-sts]

Files inventory check summary

File checks results against ancestor 8c345ccd:

Results for datadog-agent_7.81.0~devel.git.437.ba05917.pipeline.117221930-1_amd64.deb:

No change detected

[dd-octo-sts]

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor 8c345cc
📊 Static Quality Gates Dashboard
🔗 SQG Job

Successful checks

Info

	Quality gate	Change	Size (prev → curr → max)
✅	agent_deb_amd64	+117.33 KiB (0.02% increase, -1.94% of buffer)	744.916 → 745.031 → 750.810
✅	agent_deb_amd64_fips	+97.3 KiB (0.01% increase, -6.16% of buffer)	702.759 → 702.854 → 704.300
✅	agent_heroku_amd64	+28.09 KiB (0.01% increase, -0.76% of buffer)	310.644 → 310.671 → 314.260
✅	agent_msi	+120.57 KiB (0.02% increase, -0.83% of buffer)	609.780 → 609.898 → 624.040
✅	agent_rpm_amd64	+117.33 KiB (0.02% increase, -1.95% of buffer)	744.900 → 745.014 → 750.780
✅	agent_rpm_amd64_fips	+97.3 KiB (0.01% increase, -6.10% of buffer)	702.742 → 702.837 → 704.300
✅	agent_rpm_arm64	+171.82 KiB (0.02% increase, -8.40% of buffer)	722.493 → 722.661 → 724.490
✅	agent_rpm_arm64_fips	+107.79 KiB (0.02% increase, -7.50% of buffer)	683.466 → 683.571 → 684.870
✅	agent_suse_amd64	+117.33 KiB (0.02% increase, -1.95% of buffer)	744.900 → 745.014 → 750.780
✅	agent_suse_amd64_fips	+97.3 KiB (0.01% increase, -6.10% of buffer)	702.742 → 702.837 → 704.300
✅	agent_suse_arm64	+171.82 KiB (0.02% increase, -8.40% of buffer)	722.493 → 722.661 → 724.490
✅	agent_suse_arm64_fips	+107.79 KiB (0.02% increase, -7.50% of buffer)	683.466 → 683.571 → 684.870
✅	docker_agent_amd64	+97.5 KiB (0.01% increase, -5.44% of buffer)	805.100 → 805.195 → 806.850
✅	docker_agent_arm64	+104.02 KiB (0.01% increase, -3.95% of buffer)	807.538 → 807.639 → 810.110
✅	docker_agent_jmx_amd64	+97.5 KiB (0.01% increase, -6.07% of buffer)	996.041 → 996.136 → 997.610
✅	docker_agent_jmx_arm64	+104.0 KiB (0.01% increase, -3.82% of buffer)	987.131 → 987.233 → 989.790
✅	docker_cluster_agent_amd64	+12.17 KiB (0.01% increase, -0.99% of buffer)	207.320 → 207.332 → 208.520
✅	docker_dogstatsd_amd64	+16.03 KiB (0.04% increase, -10.14% of buffer)	39.406 → 39.421 → 39.560
✅	docker_host_profiler_amd64	+6.28 KiB (0.00% increase, -0.04% of buffer)	302.170 → 302.177 → 315.880
✅	dogstatsd_deb_amd64	+16.03 KiB (0.05% increase, -2.15% of buffer)	30.061 → 30.077 → 30.790
✅	dogstatsd_deb_arm64	+12.03 KiB (0.04% increase, -1.06% of buffer)	28.182 → 28.194 → 29.290
✅	dogstatsd_rpm_amd64	+16.03 KiB (0.05% increase, -2.15% of buffer)	30.061 → 30.077 → 30.790
✅	dogstatsd_suse_amd64	+16.03 KiB (0.05% increase, -2.15% of buffer)	30.061 → 30.077 → 30.790
✅	iot_agent_deb_amd64	+12.06 KiB (0.03% increase, -1.41% of buffer)	44.993 → 45.005 → 45.830
✅	iot_agent_deb_arm64	+16.06 KiB (0.04% increase, -1.08% of buffer)	41.919 → 41.935 → 43.370
✅	iot_agent_deb_armhf	+12.04 KiB (0.03% increase, -1.32% of buffer)	42.646 → 42.658 → 43.540
✅	iot_agent_rpm_amd64	+12.06 KiB (0.03% increase, -1.41% of buffer)	44.994 → 45.006 → 45.830
✅	iot_agent_suse_amd64	+12.06 KiB (0.03% increase, -1.41% of buffer)	44.993 → 45.005 → 45.830

5 successful checks with minimal change (< 2 KiB)

	Quality gate	Current Size
✅	docker_cluster_agent_arm64	221.269 MiB
✅	docker_cws_instrumentation_amd64	7.154 MiB
✅	docker_cws_instrumentation_arm64	6.689 MiB
✅	docker_dogstatsd_arm64	37.628 MiB
✅	docker_host_profiler_arm64	313.674 MiB