test(connlib): workaround DNS cache in proptests (#10602)

With the introduction of the DNS cache for Clients in #10533, we now enable a behaviour where we don't necessarily need to establish a connection to a Gateway to resolve a DNS query if we still have a valid entry in the DNS cache. In particular, the proptests discovered that: - a DNS query for an upstream resolver - which happens to be a resource - and has a valid entry in the DNS cache - but (no longer) a connection to the corresponding Gateway will now serve the cached DNS records instead of establishing a new connection to the Gateway. As a result, the site status which we assert in the proptests remains in "unknown" instead of the expected "online". Modelling the caching behaviour in the tests is rather tedious. To avoid that, we set the TTL of all simulated upstream DNS responses to 1 which effectively bypasses the cache. Whilst not an ideal solution, it ensures that CI is consistently green without flaky tests. The DNS cache itself is already unit-tested.
2026-01-27 10:18:54 +00:00 · 2025-10-18 03:17:52 +11:00
parent 97895c499a
commit a07dfc9869
3 changed files with 7 additions and 2 deletions
--- a/rust/connlib/tunnel/proptest-regressions/tests.txt
+++ b/rust/connlib/tunnel/proptest-regressions/tests.txt
@@ -219,3 +219,4 @@ cc 3467fb0a9697b7b1221b46558d998b3689bdce49944de7fcdc2627e1fbbc3771
 cc 3bdd819cda2577278b0372cb7598418227ecab83271c48f5b28dc192f766061e
 cc 764c22e664da06820cd02cba259196edeec94cce45e450959ce9354be7bc9f1c
 cc 04193ee1047f542c469aa0893bf636df9c317943022d922e231de3e821b39486
+cc e8520f159df085f7dbe6dce8b121336d33708af9f804a8a14bf6b5a3eb3a9d4d
--- a/rust/connlib/tunnel/src/tests/dns_server_resource.rs
+++ b/rust/connlib/tunnel/src/tests/dns_server_resource.rs
@@ -82,12 +82,14 @@ fn handle_dns_query(
    query: &dns_types::Query,
    global_dns_records: &DnsRecords,
 ) -> dns_types::Response {
+    const TTL: u32 = 1; // We deliberately chose a short TTL so we don't have to model the DNS cache in these tests.
+
    let domain = query.domain().to_vec();

    let records = global_dns_records
        .domain_records_iter(&domain)
        .filter(|r| r.rtype() == query.qtype())
-        .map(|rdata| (domain.clone(), 60 * 60 * 24, rdata));
+        .map(|rdata| (domain.clone(), TTL, rdata));

    dns_types::ResponseBuilder::for_query(query, ResponseCode::NOERROR)
        .with_records(records)
--- a/rust/connlib/tunnel/src/tests/sut.rs
+++ b/rust/connlib/tunnel/src/tests/sut.rs
@@ -914,6 +914,8 @@ impl TunnelTest {
        query: &dns_types::Query,
        global_dns_records: &DnsRecords,
    ) -> dns_types::Response {
+        const TTL: u32 = 1; // We deliberately chose a short TTL so we don't have to model the DNS cache in these tests.
+
        let qtype = query.qtype();
        let domain = query.domain();

@@ -922,7 +924,7 @@ impl TunnelTest {
                global_dns_records
                    .domain_records_iter(&domain)
                    .filter(|record| qtype == record.rtype())
-                    .map(|rdata| (domain.clone(), 60 * 60 * 24, rdata)),
+                    .map(|rdata| (domain.clone(), TTL, rdata)),
            )
            .build();