fix: remove DNS events from dedup cache

[slashben]

DNS events don't benefit from deduplication — the system resolver cache already limits DNS traffic at the network layer, so events reaching the eBPF tracer are almost always unique. Benchmark data confirms 0% dedup ratio for DNS.

Removes the DNS case from computeEventDedupKey and the unused dedupTTLDNS constant.

Summary by CodeRabbit

• Bug Fixes
  • Modified DNS event handling to prevent unintended deduplication, allowing DNS events to be processed individually rather than consolidated through the deduplication cache.

[coderabbitai]

Warning

Rate limit exceeded

@slashben has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 41 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 46 minutes and 41 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1892cad9-1742-4416-aa23-cfc7c55173c0

📥 Commits

Reviewing files that changed from the base of the PR and between 3e1d8c7 and 6f8b984.

📒 Files selected for processing (1)

• .github/workflows/benchmark.yaml

📝 Walkthrough

Walkthrough

This change disables DNS event deduplication by removing the dedupTTLDNS constant and the DNS case handler from the event dedup key computation function. DNS events now skip dedup cache participation and fall through to the default non-dedup return value. Other event types remain unaffected.

Changes

Cohort / File(s)	Summary
DNS Deduplication Removal pkg/containerwatcher/v2/event_handler_factory.go	Removed DNS dedup TTL constant and case handler; added comment documenting that DNS events are intentionally not deduplicated; DNS events now bypass dedup cache checking and return (0, 0, false).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 DNS packets hop along with glee,
No dedup chains to slow their spree,
A comment notes this choice so clear,
Let every lookup freely appear! 📡

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing DNS events from the dedup cache mechanism.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/remove-dns-dedup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Performance Benchmark Results

Node-Agent Resource Usage

Metric	BEFORE	AFTER	Delta
Avg CPU (cores)	0.000	0.000	N/A
Peak CPU (cores)	0.000	0.000	N/A
Avg Memory (MiB)	0.000	0.000	N/A
Peak Memory (MiB)	0.000	0.000	N/A

Dedup Effectiveness

No data available.

[github-actions]

Performance Benchmark Results

Node-Agent Resource Usage

Metric	BEFORE	AFTER	Delta
Avg CPU (cores)	0.133	0.134	+1.0%
Peak CPU (cores)	0.149	0.142	-4.3%
Avg Memory (MiB)	406.011	319.970	-21.2%
Peak Memory (MiB)	411.211	327.195	-20.4%

Dedup Effectiveness (AFTER only)

Event Type	Passed	Deduped	Ratio
capabilities	2	0	0.0%
hardlink	6000	0	0.0%
http	1700	119460	98.6%
network	900	78000	98.9%
open	50725	620462	92.4%
symlink	6000	0	0.0%
syscall	984	1881	65.7%

Event Counters

Metric	BEFORE	AFTER
capability_counter	8	9
dns_counter	1457	1415
exec_counter	7290	7079
network_counter	95911	93111
open_counter	815580	795452
syscall_counter	3672	3487