feat(dns): answer PTR queries in the DNS lookup handler

[chet]

Summary

The handler that makes the LookupRecord RPC answer reverse DNS. A PTR query name is an address in in-addr.arpa / ip6.arpa form, not a hostname, so it cannot go through the qname view lookup that serves A/AAAA/SOA — a new PTR arm parses the name back to an IpAddr with arpa_qname_to_ip (#2637) and resolves it with find_ptr_record (#2639).

• New lookup_ptr_record helper: arpa qname → IpAddr → the holding interface's FQDN.
• Each reply echoes the queried name back as its qname (the form the PowerDNS remote backend expects); a name that does not parse, or that no interface holds, yields an empty answer rather than an error.
• End-to-end test: resolves both an IPv4 and an IPv6 address on a managed host's interface to its FQDN, plus the empty-answer cases (an unheld address and an unparseable name).

This completes the resolver side of reverse DNS; carbide-dns's PTR unlock is #2643.

Implements #2641. Part of the #2630 epic (reverse DNS / PTR records).

Stacked on #2639 (the address lookup) and #2637 (the arpa parser). Until those merge, this PR's diff also shows their commits.

Draft pending review.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Summary by CodeRabbit

Release Notes

• New Features

  • Added reverse-DNS (PTR) lookup support for both IPv4 and IPv6.

• Performance Improvements

  • Improved PTR lookup performance with a new database index for interface address lookups.

• Bug Fixes / Reliability

  • Malformed or invalid PTR query names now return no results instead of failing.
  • PTR lookups correctly return no results for addresses not associated with known interfaces.

• Testing

  • Added unit and integration tests covering both positive and negative PTR resolution cases.

Walkthrough

Adds end-to-end PTR (reverse-DNS) record support. A new arpa_qname_to_ip function parses .in-addr.arpa and .ip6.arpa qnames into IpAddr with strict validation on label counts and octet/nibble formats. A new find_ptr_record database function joins machine interface address records to domains to compute PTR FQDNs, with a migration adding an index on machine_interface_addresses.address for efficient lookups. The API handler gains a PTR routing arm backed by a new lookup_ptr_record helper that normalizes the query name and maps results to API replies. Comprehensive integration tests cover IPv4 and IPv6 resolution at both database and API layers, including validation of negative cases.

Changes

PTR Reverse-DNS Record Support

Layer / File(s)	Summary
arpa qname parsing and unit tests crates/api-db/src/dns/mod.rs	Introduces pub fn arpa_qname_to_ip(qname: &str) -> Option<IpAddr> that normalizes trailing dots and case, then parses .in-addr.arpa and .ip6.arpa qnames by validating exact label/nibble counts and reconstructing the address through octet reversal (IPv4) or nibble-to-byte packing (IPv6). Includes unit tests validating successful IPv4/IPv6 parsing, case-normalization behavior, and rejection of malformed or non-arpa qnames.
DbPtrRecord model, find_ptr_record query, database index, and DB integration test crates/api-db/src/dns/resource_record.rs, crates/api-db/src/dns/mod.rs, crates/api-db/migrations/20260620153439_machine_interface_addresses_address_index.sql	Adds DbPtrRecord struct with FromRow mapper extracting ptr_content, ttl, and domain_id from query results. find_ptr_record async function joins machine_interface_addresses → machine_interfaces → domains, applies interface-type filtering (primary or BMC), computes PTR FQDN via concat(hostname, '.', domain_name, '.'), coalesces TTL with 300-second default, and returns results as DbPtrRecord. Migration creates machine_interface_addresses_address_idx B-tree index for efficient IP-based lookups. SQLx integration test provisions fixture data (domain, network, machine with three interfaces) and asserts PTR resolution succeeds for primary/BMC addresses, fails for unowned addresses, and handles non-existent addresses gracefully.
lookup_ptr_record handler and PTR routing crates/api-core/src/handlers/dns.rs	Adds internal lookup_ptr_record async helper that normalizes the query name to a trailing-dot FQDN, delegates to arpa_qname_to_ip for address parsing, returns an empty record list on parse failure, and on success invokes find_ptr_record, mapping each DbPtrRecord into a DnsResourceRecordReply with qtype: PTR, qname echoed, ttl sourced from the record, content set to the PTR FQDN, and domain_id propagated. Extends lookup_record's match over DnsResourceRecordType with a new PTR arm delegating to this helper.
API-layer PTR integration tests and helpers crates/api-core/src/tests/dns.rs	Adds test_dns_ptr integration test that provisions test infrastructure, fetches the primary interface and its IPv4 address, inserts an additional IPv6 address, generates reverse-DNS qnames via ip_to_arpa for both IPv4 and IPv6, issues PTR lookup_record queries, and asserts success cases return exactly one PTR record with qname echoed and content matching the interface's fully-qualified hostname. Also asserts negative cases: PTR queries for addresses not held by any interface and malformed qnames both return zero records. Provides lookup_ptr wrapper helper that sets qtype: "PTR" and returns record results, and ip_to_arpa helper that generates reverse-DNS qnames by reversing IPv4 octets into in-addr.arpa. labels or reversing IPv6 nibbles into ip6.arpa. labels.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~28 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the primary change: introducing PTR query support to the DNS lookup handler.
Description check	✅ Passed	The description comprehensively explains the PTR query handling implementation, including the parsing logic, helper functions, test coverage, and integration with related PRs.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chet]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🧹 Nitpick comments (3)

crates/api-core/src/handlers/dns.rs (1)

97-97: ⚡ Quick win

Switch PTR lookup debug log to structured fields.

Line 97 currently interpolates the qname; prefer key/value attributes for logfmt compatibility.

Suggested change

-    tracing::debug!("Looking up PTR record for {}", query_name);
+    tracing::debug!(qname = %query_name, "looking up PTR record");

As per coding guidelines, “All services should emit logs in 'logfmt' syntax” and “prefer placing common fields as attributes passed to tracing functions instead of using string interpolation.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-core/src/handlers/dns.rs` at line 97, The debug log statement uses
string interpolation to include query_name in the message instead of structured
fields. Refactor the tracing::debug! call to pass query_name as a key-value
field attribute rather than interpolating it into the format string. This
ensures logfmt compatibility by moving the dynamic value into structured field
attributes while keeping the message as a static string.

Source: Coding guidelines

crates/api-core/src/tests/dns.rs (1)

386-413: ⚡ Quick win

Refactor repeated PTR assertions into table-driven cases.

Lines 386-413 execute one operation (lookup_ptr) across multiple input/expected variants; a case table will make future PTR coverage cheaper to extend.

As per coding guidelines, “Prefer table-driven tests for any function that maps inputs to outputs” and “Reach for a table whenever two or more tests call the same operation with different inputs.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-core/src/tests/dns.rs` around lines 386 - 413, Refactor the
multiple `lookup_ptr` calls and their assertions (IPv4 reverse lookup, IPv6
reverse lookup, unheld address, and malformed qname cases) into a table-driven
test structure. Create a slice of test case structs containing the input qname,
expected content, and expected length for each variant, then iterate through the
table executing the `lookup_ptr` call and performing the assertions within the
loop. This eliminates the repeated assertion patterns and makes it easier to
extend PTR test coverage in the future.

Source: Coding guidelines

crates/api-db/src/dns/mod.rs (1)

24-27: ⚡ Quick win

Use structured tracing fields in normalization logging.

Line 26 should log attributes instead of interpolated text so logfmt consumers can query keys consistently.

Suggested change

 pub fn normalize_domain(name: &str) -> String {
-    let normalize_domain = name.trim_end_matches('.').to_lowercase();
-    tracing::debug!("Normalized domain name: {} to: {}", name, normalize_domain);
-    normalize_domain
+    let normalized_domain = name.trim_end_matches('.').to_lowercase();
+    tracing::debug!(input = %name, normalized = %normalized_domain, "normalized domain name");
+    normalized_domain
 }

As per coding guidelines, “All services should emit logs in 'logfmt' syntax” and “prefer placing common fields as attributes passed to tracing functions instead of using string interpolation.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-db/src/dns/mod.rs` around lines 24 - 27, The tracing::debug! call
in the normalize_domain function currently uses string interpolation to include
the original domain name and normalized result in the log message. Instead,
convert this to use structured tracing fields by passing the name and
normalize_domain values as key-value attributes to the tracing macro, keeping
only a descriptive message string. This allows logfmt consumers to query the
fields consistently as structured attributes rather than parsing interpolated
text.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@crates/api-core/src/handlers/dns.rs`:
- Line 97: The debug log statement uses string interpolation to include
query_name in the message instead of structured fields. Refactor the
tracing::debug! call to pass query_name as a key-value field attribute rather
than interpolating it into the format string. This ensures logfmt compatibility
by moving the dynamic value into structured field attributes while keeping the
message as a static string.

In `@crates/api-core/src/tests/dns.rs`:
- Around line 386-413: Refactor the multiple `lookup_ptr` calls and their
assertions (IPv4 reverse lookup, IPv6 reverse lookup, unheld address, and
malformed qname cases) into a table-driven test structure. Create a slice of
test case structs containing the input qname, expected content, and expected
length for each variant, then iterate through the table executing the
`lookup_ptr` call and performing the assertions within the loop. This eliminates
the repeated assertion patterns and makes it easier to extend PTR test coverage
in the future.

In `@crates/api-db/src/dns/mod.rs`:
- Around line 24-27: The tracing::debug! call in the normalize_domain function
currently uses string interpolation to include the original domain name and
normalized result in the log message. Instead, convert this to use structured
tracing fields by passing the name and normalize_domain values as key-value
attributes to the tracing macro, keeping only a descriptive message string. This
allows logfmt consumers to query the fields consistently as structured
attributes rather than parsing interpolated text.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a4e0dcaf-8d96-48f4-807b-2e685181d1ed

📥 Commits

Reviewing files that changed from the base of the PR and between 79e54c0 and 00accc3.

📒 Files selected for processing (5)

• crates/api-core/src/handlers/dns.rs
• crates/api-core/src/tests/dns.rs
• crates/api-db/migrations/20260620153439_machine_interface_addresses_address_index.sql
• crates/api-db/src/dns/mod.rs
• crates/api-db/src/dns/resource_record.rs

[chet]

@coderabbitai Thanks for the eyes. Both quick wins addressed -- the PTR lookup log now passes qname as a structured field, and the four PTR cases (IPv4, IPv6, unheld, unparseable) are now a named-struct case table. Left the third: normalize_domain is pre-existing and untouched by this PR, so a logfmt pass there belongs in its own cleanup rather than widening a reverse-DNS change. PTAL.

[chet]

@coderabbitai full review

[coderabbitai]

✅ Action performed

Full review finished.

[coderabbitai]

@chet: Acknowledged — the structured log field and named-struct case table are well-executed improvements. The scoping decision on normalize_domain is sound; conflating a logfmt cleanup with a feature change would obscure the diff and complicate bisection. A dedicated cleanup commit or PR is the correct venue for that.

Triggering a full re-review now.

✅ Action performed

Full review finished.

[coderabbitai]

@chet: Acknowledged — the structured log field and named-struct case table are well-executed improvements. The scoping decision on normalize_domain is sound; conflating a logfmt cleanup with a feature change would obscure the diff and complicate bisection. A dedicated cleanup commit or PR is the correct venue for that.

Triggering a full re-review now.

✅ Action performed

Full review finished.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

crates/api-core/src/tests/dns.rs (1)

420-434: ⚡ Quick win

Assert ttl and domain_id on successful PTR replies.

At Line 420, the success branch validates core fields but skips ttl/domain_id, which are part of the returned contract. Adding those checks will better protect the PTR API mapping path from silent regressions.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-core/src/tests/dns.rs` around lines 420 - 434, The success branch
of the PTR test case (in the Some(expected_content) match arm) currently
validates qtype, qname, and content but is missing assertions for ttl and
domain_id fields. Add assert_eq! statements to verify records[0].ttl and
records[0].domain_id match their expected values from the test case data,
following the same pattern as the existing assertions for qtype, qname, and
content to ensure the complete contract of the PTR API response is validated.

crates/api-db/src/dns/mod.rs (1)

377-380: ⚡ Quick win

Strengthen PTR DB test assertions for full row contract.

At Line 377, the success path validates ptr_content only. Please also assert ttl and domain_id so regressions in the COALESCE(meta.ttl, 300)/join mapping are caught by this test.

Proposed test assertion update

             match expected {
                 Some(fqdn) => {
                     assert_eq!(records.len(), 1, "address {address}");
                     assert_eq!(records[0].ptr_content, fqdn, "address {address}");
+                    assert_eq!(records[0].ttl, 300, "address {address}");
+                    assert_eq!(
+                        records[0].domain_id.to_string(),
+                        "10000000-0000-0000-0000-000000000001",
+                        "address {address}"
+                    );
                 }
                 None => assert!(
                     records.is_empty(),
                     "address {address} should resolve to nothing"
                 ),
             }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-db/src/dns/mod.rs` around lines 377 - 380, In the Some(fqdn)
success path block, strengthen the test assertions to validate the full row
contract. After the existing assertion that checks records[0].ptr_content equals
fqdn, add assertions to validate records[0].ttl (verifying it matches the
expected default or configured value from the COALESCE logic) and
records[0].domain_id (verifying the join mapping is correct). This ensures
regressions in the database query logic and field mappings are caught by the
test.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/api-db/src/dns/resource_record.rs`:
- Around line 149-154: The PTR lookup query that joins machine_interfaces with
domains table and filters on mia.address does not apply a soft-deletion guard on
domains, unlike other DNS read paths in this file. Add a condition to the WHERE
clause to exclude soft-deleted domains by checking the appropriate deletion
column on the domains table d (likely d.deleted_at IS NULL or similar deletion
guard pattern used elsewhere in this file) to prevent returning stale DNS data
from deleted domains.

---

Nitpick comments:
In `@crates/api-core/src/tests/dns.rs`:
- Around line 420-434: The success branch of the PTR test case (in the
Some(expected_content) match arm) currently validates qtype, qname, and content
but is missing assertions for ttl and domain_id fields. Add assert_eq!
statements to verify records[0].ttl and records[0].domain_id match their
expected values from the test case data, following the same pattern as the
existing assertions for qtype, qname, and content to ensure the complete
contract of the PTR API response is validated.

In `@crates/api-db/src/dns/mod.rs`:
- Around line 377-380: In the Some(fqdn) success path block, strengthen the test
assertions to validate the full row contract. After the existing assertion that
checks records[0].ptr_content equals fqdn, add assertions to validate
records[0].ttl (verifying it matches the expected default or configured value
from the COALESCE logic) and records[0].domain_id (verifying the join mapping is
correct). This ensures regressions in the database query logic and field
mappings are caught by the test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1ae52872-95a0-4c85-aa3a-77047e046b40

📥 Commits

Reviewing files that changed from the base of the PR and between 79e54c0 and 370df29.

📒 Files selected for processing (5)

• crates/api-core/src/handlers/dns.rs
• crates/api-core/src/tests/dns.rs
• crates/api-db/migrations/20260620153439_machine_interface_addresses_address_index.sql
• crates/api-db/src/dns/mod.rs
• crates/api-db/src/dns/resource_record.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Exclude soft-deleted domains in PTR lookup query.

At Line 153, PTR lookup can still return records from deleted domains because this query does not apply a domain deletion guard, unlike other DNS read paths in this file. That can leak stale DNS data.

Proposed SQL fix

     WHERE mia.address = $1::inet
-      AND (mi.primary_interface = TRUE OR mi.interface_type = 'Bmc')"#;
+      AND (mi.primary_interface = TRUE OR mi.interface_type = 'Bmc')
+      AND d.deleted IS NULL"#;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/api-db/src/dns/resource_record.rs` around lines 149 - 154, The PTR
lookup query that joins machine_interfaces with domains table and filters on
mia.address does not apply a soft-deletion guard on domains, unlike other DNS
read paths in this file. Add a condition to the WHERE clause to exclude
soft-deleted domains by checking the appropriate deletion column on the domains
table d (likely d.deleted_at IS NULL or similar deletion guard pattern used
elsewhere in this file) to prevent returning stale DNS data from deleted
domains.

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
boot-artifacts-aarch64	3	0	0	3	0	0
boot-artifacts-x86_64	3	0	0	3	0	0
forge-admin-cli-x86_64	264	6	23	99	6	130
machine-validation-runner	704	34	183	258	35	194
machine_validation	704	34	183	258	35	194
nvmetal-carbide	704	34	183	258	35	194
TOTAL	2382	108	572	879	111	712

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.