diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
index ba9951c6..70e2aeb7 100644
--- a/.github/workflows/ci-pr.yml
+++ b/.github/workflows/ci-pr.yml
@@ -48,7 +48,7 @@ jobs:
   docker-build:
     runs-on: ubuntu-latest
     needs: [compile-ebpf-test, go-unit-test]
-    if: github.ref_name == 'main'
+    #if: github.ref_name == 'main'
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 4584e018..135ba839 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -63,7 +63,7 @@ jobs:
         kubectl exec $(kubectl get po -l app=sleep -o=jsonpath='{..metadata.name}') -c sleep -- curl -s -v helloworld:5000/hello
     - name: install merbridge
       run: |
-        nohup go run -exec sudo ./app/main.go -k -m istio -d > mbctl.log &
+        nohup go run -exec sudo ./app/main.go -k -m istio -d --dns-redir=true > mbctl.log &
         while true; do [ "$(cat mbctl.log | grep 'Pod Watcher Ready')" = "" ] || break && (echo waiting for mbctl watcher ready; sleep 3); done
     - name: test connect with Merbridge
       run: |
diff --git a/app/cmd/root.go b/app/cmd/root.go
index 62910a0b..af32af3c 100644
--- a/app/cmd/root.go
+++ b/app/cmd/root.go
@@ -40,7 +40,7 @@ var rootCmd = &cobra.Command{
 	Short: "Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.",
 	Long:  `Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		if err := ebpfs.LoadMBProgs(config.Mode, config.UseReconnect, config.Debug); err != nil {
+		if err := ebpfs.LoadMBProgs(config.Mode, config.UseReconnect, config.Debug, config.DNSRedirection); err != nil {
 			return fmt.Errorf("failed to load ebpf programs: %v", err)
 		}
 
@@ -97,6 +97,7 @@ func init() {
 	rootCmd.PersistentFlags().BoolVarP(&config.IsKind, "kind", "k", false, "Kubernetes in Kind mode")
 	rootCmd.PersistentFlags().StringVarP(&config.IpsFile, "ips-file", "f", "", "Current node ips file name")
 	rootCmd.PersistentFlags().BoolVar(&config.EnableCNI, "cni-mode", false, "Enable Merbridge CNI plugin")
+	rootCmd.PersistentFlags().BoolVar(&config.DNSRedirection, "dns-redir", false, "Enable DNS message redirection for istio service mesh")
 	// If hardware checksum not enabled, we should disable tx checksum, otherwise,
 	// this can cause problems with Pods communication across hosts (Kubernetes Service logic) when CNI mode enabled.
 	// Turning this off may make network performance worse.
diff --git a/bpf/Makefile b/bpf/Makefile
index 0853724d..a24c0c1f 100644
--- a/bpf/Makefile
+++ b/bpf/Makefile
@@ -47,6 +47,10 @@ ifeq ($(USE_RECONNECT),1)
     MACROS:= $(MACROS) -DUSE_RECONNECT
 endif
 
+ifeq ($(DNS_REDIR),1)
+    MACROS:= $(MACROS) -DDNS_REDIR
+endif
+
 CGROUP2_PATH ?= $(shell mount | grep cgroup2 | awk '{print $$3}' | grep -v "^/host" | head -n 1)
 ifeq ($(CGROUP2_PATH),)
 $(error It looks like your system does not have cgroupv2 enabled, or the automatic recognition fails. Please enable cgroupv2, or specify the path of cgroupv2 manually via CGROUP2_PATH parameter.)
diff --git a/bpf/mb_recvmsg.c b/bpf/mb_recvmsg.c
index 1d025e5e..1fe5554c 100644
--- a/bpf/mb_recvmsg.c
+++ b/bpf/mb_recvmsg.c
@@ -25,9 +25,8 @@ __section("cgroup/recvmsg4") int mb_recvmsg4(struct bpf_sock_addr *ctx)
     // only works on istio
     return 1;
 #endif
-    debugf("skip dns recv messages");
-    return 1;
 
+#ifdef USE_REDIR
     if (bpf_htons(ctx->user_port) != DNS_CAPTURE_PORT) {
         return 1;
     }
@@ -46,6 +45,7 @@ __section("cgroup/recvmsg4") int mb_recvmsg4(struct bpf_sock_addr *ctx)
     } else {
         printk("failed get origin");
     }
+#endif
     return 1;
 }
 
diff --git a/bpf/mb_sendmsg.c b/bpf/mb_sendmsg.c
index a5b8dbfa..9ec53417 100644
--- a/bpf/mb_sendmsg.c
+++ b/bpf/mb_sendmsg.c
@@ -25,9 +25,8 @@ __section("cgroup/sendmsg4") int mb_sendmsg4(struct bpf_sock_addr *ctx)
     // only works on istio
     return 1;
 #endif
-    debugf("skip dns send messages");
-    return 1;
 
+#ifdef USE_REDIR
     if (bpf_htons(ctx->user_port) != 53) {
         return 1;
     }
@@ -52,6 +51,7 @@ __section("cgroup/sendmsg4") int mb_sendmsg4(struct bpf_sock_addr *ctx)
         ctx->user_port = bpf_htons(DNS_CAPTURE_PORT);
         ctx->user_ip4 = 0x100007f;
     }
+#endif
     return 1;
 }
 
diff --git a/config/vars.go b/config/vars.go
index 482954a9..503b062f 100644
--- a/config/vars.go
+++ b/config/vars.go
@@ -26,6 +26,7 @@ var (
 	Mode             string
 	IpsFile          string
 	UseReconnect     = true
+	DNSRedirection   = false
 	Debug            = false
 	EnableCNI        = false
 	HardwareCheckSum = false
diff --git a/deploy/all-in-one-linkerd.yaml b/deploy/all-in-one-linkerd.yaml
index eecf9666..8b382cbf 100644
--- a/deploy/all-in-one-linkerd.yaml
+++ b/deploy/all-in-one-linkerd.yaml
@@ -72,6 +72,7 @@ spec:
         - /host/ips/ips.txt
         - --use-reconnect=false
         - --cni-mode=false
+        - --dns-redir=false
         lifecycle:
           preStop:
             exec:
diff --git a/deploy/all-in-one.yaml b/deploy/all-in-one.yaml
index 3d9442df..2f6846f1 100644
--- a/deploy/all-in-one.yaml
+++ b/deploy/all-in-one.yaml
@@ -72,6 +72,7 @@ spec:
         - /host/ips/ips.txt
         - --use-reconnect=true
         - --cni-mode=false
+        - --dns-redir=false
         lifecycle:
           preStop:
             exec:
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index e7f4e02b..d503bcd4 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -64,6 +64,7 @@ Merbridge args command
 - {{ .Values.ipsFilePath }}
 - --use-reconnect={{ if eq .Values.mode "istio" }}true{{ else }}false{{ end }}
 - --cni-mode={{ .Values.cniMode }}
+- --dns-redir={{ .Values.dnsRedir }}
 {{- if ne .Values.mountPath.proc "/host/proc" }}
 - --host-proc={{ .Values.mountPath.proc }}
 {{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 5257d869..8843ab97 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -8,6 +8,7 @@ namespace: istio-system
 mode: istio
 ipsFilePath: /host/ips/ips.txt
 cniMode: false
+dnsRedir: false
 
 # some settings of deployment
 image:
diff --git a/internal/ebpfs/prog.go b/internal/ebpfs/prog.go
index d60a7d1a..de3ecae5 100644
--- a/internal/ebpfs/prog.go
+++ b/internal/ebpfs/prog.go
@@ -21,7 +21,7 @@ import (
 	"os/exec"
 )
 
-func LoadMBProgs(meshMode string, useReconnect bool, debug bool) error {
+func LoadMBProgs(meshMode string, useReconnect bool, debug bool, dnsRedir bool) error {
 	if os.Getuid() != 0 {
 		return fmt.Errorf("root user in required for this process or container")
 	}
@@ -34,6 +34,9 @@ func LoadMBProgs(meshMode string, useReconnect bool, debug bool) error {
 	if useReconnect {
 		cmd.Env = append(cmd.Env, "USE_RECONNECT=1")
 	}
+	if dnsRedir {
+		cmd.Env = append(cmd.Env, "DNS_REDIR=1")
+	}
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	err := cmd.Run()