Conversation
HTTP server that triggers many DNS lookups for the same domain, testing that Keploy properly deduplicates DNS mocks when a domain returns different IPs on each lookup (e.g., AWS SQS round-robin).
There was a problem hiding this comment.
Pull request overview
Adds a new standalone Go sample app (dns-dedup/) intended for Keploy E2E validation of DNS-mock deduplication when a single domain returns rotating IPs (e.g., AWS SQS).
Changes:
- Introduces an HTTP server with
/health,/resolve, and/resolve-manyendpoints that perform repeated DNS lookups for a target domain. - Adds a minimal
go.modfor the new sample. - Adds a
curl.shhelper script to generate traffic against the endpoints.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| dns-dedup/main.go | Implements the DNS lookup endpoints and the “many lookups” scenario used to validate dedup behavior. |
| dns-dedup/go.mod | Defines a minimal Go module for building/running the sample app. |
| dns-dedup/curl.sh | Provides a simple traffic generator for manual/CI exercising of the endpoints. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| d := r.URL.Query().Get("domain") | ||
| if d == "" { | ||
| d = domain | ||
| } | ||
| ips, err := net.LookupHost(d) |
There was a problem hiding this comment.
domain is taken directly from the request and used for DNS lookups. If this sample server is ever run in a non-local environment, it becomes an open DNS “oracle” that can be abused to enumerate internal/private DNS names. Consider restricting allowed domains by default (or gating arbitrary domains behind an explicit flag/env).
| d := r.URL.Query().Get("domain") | ||
| if d == "" { | ||
| d = domain | ||
| } |
There was a problem hiding this comment.
Same concern as /resolve: domain is fully user-controlled and used for DNS lookups, which can leak internal DNS information if this service is exposed. Consider an allowlist or a flag to enable arbitrary domains.
| port := "8086" | ||
| fmt.Printf("DNS dedup test server starting on :%s\n", port) | ||
| if err := http.ListenAndServe(":"+port, nil); err != nil { | ||
| fmt.Fprintf(os.Stderr, "server error: %v\n", err) |
There was a problem hiding this comment.
The startup error message server error: ... doesn’t provide an actionable next step. Consider including a hint such as checking whether the port is already in use or whether the process has permission to bind the port.
| fmt.Fprintf(os.Stderr, "server error: %v\n", err) | |
| fmt.Fprintf(os.Stderr, "server failed to start on :%s: %v\nHint: Check if port %s is already in use or if this process has permission to bind it.\n", port, err, port) |
|
|
||
| set -euo pipefail | ||
|
|
||
| BASE="http://localhost:8086" |
There was a problem hiding this comment.
For easier reuse in CI/local runs, consider allowing the base URL to be overridden via an environment variable (similar to other scripts in this repo), instead of hardcoding localhost:8086.
| BASE="http://localhost:8086" | |
| BASE="${BASE:-http://localhost:8086}" |
| key := fmt.Sprintf("%v", ips) | ||
| isNew := !seen[key] | ||
| seen[key] = true | ||
| results = append(results, result{Iteration: i, IPs: ips, New: isNew}) |
There was a problem hiding this comment.
In /resolve-many, the dedup key is derived from fmt.Sprintf("%v", ips), which is order-sensitive. If DNS responses return the same set of IPs in a different order, this will incorrectly count them as different “unique_ip_sets”. Consider normalizing before keying (e.g., sort the IP slice and join) and using map[string]struct{} for the seen set.
| n := 20 | ||
| if ns := r.URL.Query().Get("n"); ns != "" { | ||
| if parsed, err := strconv.Atoi(ns); err == nil && parsed > 0 { | ||
| n = parsed | ||
| } | ||
| } |
There was a problem hiding this comment.
The n query parameter is effectively unbounded; a large value can make this handler run for a very long time (and allocate a large results slice), which is risky for CI stability and for anyone accidentally exposing the service. Consider enforcing a reasonable max n (and/or returning 400 when exceeded).
Summary
sqs.us-east-1.amazonaws.com)/health,/resolve,/resolve-many?n=30dns_dedup_testjob in keploy/keploy#3950 to verify Keploy deduplicates DNS mocks when a domain returns rotating IPsTest plan