feat(dns): derive PTR records from machine interface addresses

[chet]

Summary

The database foundation for reverse DNS (PTR records).

• New nico_ip_to_arpa_qname(inet) PL/pgSQL function: reversed octets under in-addr.arpa (IPv4) and reversed nibbles under ip6.arpa (IPv6), reusing the IPv6 ::-expansion from nico_inet_to_dns_hostname so the two address-derived helpers agree.
• New dns_records_ptr view: each interface address's arpa name → the FQDN the forward shortname view publishes for that interface. Its WHERE matches dns_records_shortname_combined exactly (primary or BMC interfaces), so a forward A/AAAA record and its PTR round-trip.
• DB-backed test (test_ip_to_arpa_qname) covering the IPv4 and IPv6 arpa forms (dotted-quad, documentation prefix, loopback, unspecified) against Postgres.

Plumbing only — nothing serves PTR yet; the api-db query (#2639), the api-core handler arm (#2641), and the carbide-dns unlock (#2643) are the follow-ons.

Implements #2637. Part of the #2630 epic (reverse DNS / PTR records).

Draft pending review.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b859e2be-3826-419c-a021-dd0cda450c21

📥 Commits

Reviewing files that changed from the base of the PR and between 0244842 and 38244e1.

📒 Files selected for processing (2)

• crates/api-db/migrations/20260618070345_reverse_dns_ptr_records.sql
• crates/api-db/src/dns/mod.rs

🚧 Files skipped from review as they are similar to previous changes (1)

• crates/api-db/migrations/20260618070345_reverse_dns_ptr_records.sql

---

Summary by CodeRabbit

• New Features

  • Introduced reverse DNS (PTR) record functionality for machine network interfaces, supporting both IPv4 and IPv6 addresses with proper reverse DNS query name resolution.

• Tests

  • Added comprehensive testing for IP address to reverse DNS conversion, including validation of IPv4 addresses, IPv6 addresses, and special address cases.

Walkthrough

A new SQL migration adds the PL/pgSQL function nico_ip_to_arpa_qname(inet) for converting IPv4/IPv6 addresses to their reverse DNS query names, alongside the dns_records_ptr view that derives PTR records from machine interface addresses. A corresponding SQLx integration test validates the function against multiple address cases.

Changes

Reverse DNS PTR Record Support

Layer / File(s)	Summary
ARPA conversion function and PTR records view crates/api-db/migrations/20260618070345_reverse_dns_ptr_records.sql	Defines nico_ip_to_arpa_qname with IPv4 octet-reversal and full IPv6 :: expansion, nibble reversal, and ip6.arpa formatting. Creates dns_records_ptr view joining interface addresses, domains, and TTL metadata to emit PTR record fields, filtered to primary and BMC interfaces.
Integration tests for ARPA function crates/api-db/src/dns/mod.rs	Adds test_ip_to_arpa_qname async test executing nico_ip_to_arpa_qname via sqlx::query_scalar across IPv4, IPv6, loopback, and unspecified address cases, validated through check_cases_async.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• DB: nico_ip_to_arpa_qname() function + dns_records_ptr view #2637: The migration directly implements the nico_ip_to_arpa_qname() function, dns_records_ptr view, and test_ip_to_arpa_qname test exactly as specified in that issue.
• Support Reverse DNS (PTR Records) #2630: This PR fulfills the reverse DNS (PTR) record support requirements identified in that issue by providing the required SQL function and view.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the primary change: adding DNS PTR record derivation from machine interface addresses, which aligns with both the migration and test additions.
Description check	✅ Passed	The description is directly related to the changeset, detailing the new SQL function, view, and test, while contextualizing the work within the larger reverse-DNS initiative.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chet]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/api-db/src/dns/mod.rs`:
- Around line 90-126: The test cases in the check_cases_async function call
currently cover standard IPv4 and IPv6 addresses but are missing a test case for
IPv6-mapped IPv4 addresses (in the format ::ffff:x.x.x.x), which exercise a
dedicated embedded-IPv4 conversion branch in the SQL function. Add a new Case
object to the test array with a scenario that uses an IPv6-mapped IPv4 address
as input (for example ::ffff:192.0.2.1), set an appropriate expect value with
the expected PTR record output for that mapped address, and place it alongside
the other test cases passed to check_cases_async to ensure this branch is
covered.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3e40a21a-8107-4574-b58b-fd3918484804

📥 Commits

Reviewing files that changed from the base of the PR and between 6d36a43 and 0244842.

📒 Files selected for processing (2)

• crates/api-db/migrations/20260618070345_reverse_dns_ptr_records.sql
• crates/api-db/src/dns/mod.rs

[github-actions]

🔍 Container Scan Summary

Service	Total	Critical	High	Medium	Low	Other
boot-artifacts-aarch64	3	0	0	3	0	0
boot-artifacts-x86_64	3	0	0	3	0	0
forge-admin-cli-x86_64	261	5	22	103	6	125
machine-validation-runner	691	31	182	257	35	186
machine_validation	691	31	182	257	35	186
nvmetal-carbide	691	31	182	257	35	186
TOTAL	2340	98	568	880	111	683

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.