From a07dfc98699edc048ac8fab70335fedffdd6e357 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Sat, 18 Oct 2025 03:17:52 +1100 Subject: [PATCH] test(connlib): workaround DNS cache in proptests (#10602) With the introduction of the DNS cache for Clients in #10533, we now enable a behaviour where we don't necessarily need to establish a connection to a Gateway to resolve a DNS query if we still have a valid entry in the DNS cache. In particular, the proptests discovered that: - a DNS query for an upstream resolver - which happens to be a resource - and has a valid entry in the DNS cache - but (no longer) a connection to the corresponding Gateway will now serve the cached DNS records instead of establishing a new connection to the Gateway. As a result, the site status which we assert in the proptests remains in "unknown" instead of the expected "online". Modelling the caching behaviour in the tests is rather tedious. To avoid that, we set the TTL of all simulated upstream DNS responses to 1 which effectively bypasses the cache. Whilst not an ideal solution, it ensures that CI is consistently green without flaky tests. The DNS cache itself is already unit-tested. --- rust/connlib/tunnel/proptest-regressions/tests.txt | 1 + rust/connlib/tunnel/src/tests/dns_server_resource.rs | 4 +++- rust/connlib/tunnel/src/tests/sut.rs | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/rust/connlib/tunnel/proptest-regressions/tests.txt b/rust/connlib/tunnel/proptest-regressions/tests.txt index e5bc7e734..dda981536 100644 --- a/rust/connlib/tunnel/proptest-regressions/tests.txt +++ b/rust/connlib/tunnel/proptest-regressions/tests.txt @@ -219,3 +219,4 @@ cc 3467fb0a9697b7b1221b46558d998b3689bdce49944de7fcdc2627e1fbbc3771 cc 3bdd819cda2577278b0372cb7598418227ecab83271c48f5b28dc192f766061e cc 764c22e664da06820cd02cba259196edeec94cce45e450959ce9354be7bc9f1c cc 04193ee1047f542c469aa0893bf636df9c317943022d922e231de3e821b39486 +cc e8520f159df085f7dbe6dce8b121336d33708af9f804a8a14bf6b5a3eb3a9d4d diff --git a/rust/connlib/tunnel/src/tests/dns_server_resource.rs b/rust/connlib/tunnel/src/tests/dns_server_resource.rs index bff0e2510..21c667ee3 100644 --- a/rust/connlib/tunnel/src/tests/dns_server_resource.rs +++ b/rust/connlib/tunnel/src/tests/dns_server_resource.rs @@ -82,12 +82,14 @@ fn handle_dns_query( query: &dns_types::Query, global_dns_records: &DnsRecords, ) -> dns_types::Response { + const TTL: u32 = 1; // We deliberately chose a short TTL so we don't have to model the DNS cache in these tests. + let domain = query.domain().to_vec(); let records = global_dns_records .domain_records_iter(&domain) .filter(|r| r.rtype() == query.qtype()) - .map(|rdata| (domain.clone(), 60 * 60 * 24, rdata)); + .map(|rdata| (domain.clone(), TTL, rdata)); dns_types::ResponseBuilder::for_query(query, ResponseCode::NOERROR) .with_records(records) diff --git a/rust/connlib/tunnel/src/tests/sut.rs b/rust/connlib/tunnel/src/tests/sut.rs index 51bdcaf50..ff08ebe46 100644 --- a/rust/connlib/tunnel/src/tests/sut.rs +++ b/rust/connlib/tunnel/src/tests/sut.rs @@ -914,6 +914,8 @@ impl TunnelTest { query: &dns_types::Query, global_dns_records: &DnsRecords, ) -> dns_types::Response { + const TTL: u32 = 1; // We deliberately chose a short TTL so we don't have to model the DNS cache in these tests. + let qtype = query.qtype(); let domain = query.domain(); @@ -922,7 +924,7 @@ impl TunnelTest { global_dns_records .domain_records_iter(&domain) .filter(|record| qtype == record.rtype()) - .map(|rdata| (domain.clone(), 60 * 60 * 24, rdata)), + .map(|rdata| (domain.clone(), TTL, rdata)), ) .build();