Skip to content

fix(gateway): reuse app address DNS resolver#741

Open
kvinwang wants to merge 4 commits into
masterfrom
fix/gateway-app-address-resolver-cache
Open

fix(gateway): reuse app address DNS resolver#741
kvinwang wants to merge 4 commits into
masterfrom
fix/gateway-app-address-resolver-cache

Conversation

@kvinwang

@kvinwang kvinwang commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • reuse one AppAddressResolver per gateway proxy instead of constructing a DNS resolver per SNI proxy connection
  • use Hickory's built-in TTL-aware DNS cache for positive app-address TXT lookups, with the app-address resolver cache sized to 256 entries
  • cap negative DNS caching for app-address lookups at 10 seconds so newly-created TXT records are not hidden by long-lived NXDOMAIN/NODATA responses
  • keep the TXT lookup and parsing behavior unchanged, including legacy prefix compatibility and wildcard fallback
  • add missing SPDX header / shellcheck suppression for the existing gateway test docs and script so CI remains clean

Why

Creating a new TokioAsyncResolver for each proxied connection prevents Hickory's resolver cache from being reused. Keeping the resolver on ProxyInner lets repeated TXT lookups share the resolver cache while preserving DNS TTL semantics for positive records.

App-address records can appear shortly after registration, so negative responses are capped to a short TTL for this resolver. That keeps the useful positive cache while avoiding a long-lived negative cache miss for newly-created apps.

The cache is bounded via Hickory's LRU cache size, so many distinct SNI domains evict older entries instead of growing memory without bound.

Verification

  • cargo check --manifest-path gateway/Cargo.toml
  • cargo test --manifest-path gateway/Cargo.toml
  • cargo clippy --manifest-path gateway/Cargo.toml -- -D warnings -D clippy::expect_used -D clippy::unwrap_used --allow unused_variables
  • bash -n gateway/test-run/test_suite.sh
  • shellcheck gateway/test-run/test_suite.sh
  • reuse lint
  • manual proxy DNS cache smoke test: two HTTPS proxy requests for the same SNI returned successfully while the local TXT DNS server observed one TXT query

Copilot AI review requested due to automatic review settings June 25, 2026 06:57
Copilot AI reviewed Jun 25, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@kvinwang kvinwang requested a review from Copilot June 25, 2026 09:10
Copilot AI reviewed Jun 25, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kvinwang