Bound DNS engine caches with LRU eviction

[liquidsec]

Summary

The DNS engine maintains several in-memory caches that previously used unbounded dict and set types. On long-running scans these grow without limit.

This replaces them with cachetools.LRUCache:

• _dns_cache: 10,000 → 100,000 entries (~18 MB) -- main resolution cache, bumped up since the original was too small
• _wildcard_cache: unbounded dict → LRU 10,000 entries -- wildcard detection results
• _dns_warnings: unbounded set → LRU 10,000 entries -- duplicate warning suppression
• _errors: unbounded dict → LRU 10,000 entries -- per-domain error counters

Eviction behavior is safe for all four: evicted DNS entries get re-resolved, evicted wildcard entries get re-checked, evicted warnings may print a duplicate log line, and evicted error counters reset (allowing retries, which is actually desirable in long scans where transient issues may have resolved).

[github-actions]

📊 Performance Benchmark Report

Comparing 3.0 (baseline) vs wildcard-cache-limit (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name	📏 Base	📏 Current	📈 Change	🎯 Status
Bloom Filter Dns Mutation Tracking Performance	4.28ms	4.25ms	-0.6% ⚪	✅
Bloom Filter Large Scale Dns Brute Force	17.72ms	17.57ms	-0.8% ⚪	✅
Large Closest Match Lookup	355.25ms	355.66ms	+0.1% ⚪	✅
Realistic Closest Match Workload	187.92ms	187.76ms	-0.1% ⚪	✅
Event Memory Medium Scan	1776 B/event	1776 B/event	+0.0% ⚪	✅
Event Memory Large Scan	1760 B/event	1760 B/event	+0.0% ⚪	✅
Event Validation Full Scan Startup Small Batch	402.81ms	400.81ms	-0.5% ⚪	✅
Event Validation Full Scan Startup Large Batch	580.97ms	576.57ms	-0.8% ⚪	✅
Make Event Autodetection Small	30.41ms	30.80ms	+1.3% ⚪	✅
Make Event Autodetection Large	313.43ms	313.91ms	+0.2% ⚪	✅
Make Event Explicit Types	13.65ms	13.71ms	+0.4% ⚪	✅
Excavate Single Thread Small	3.936s	3.950s	+0.4% ⚪	✅
Excavate Single Thread Large	9.567s	9.575s	+0.1% ⚪	✅
Excavate Parallel Tasks Small	4.154s	4.111s	-1.0% ⚪	✅
Excavate Parallel Tasks Large	7.278s	7.191s	-1.2% ⚪	✅
Is Ip Performance	3.17ms	3.21ms	+1.2% ⚪	✅
Make Ip Type Performance	11.59ms	11.65ms	+0.5% ⚪	✅
Mixed Ip Operations	4.53ms	4.53ms	-0.1% ⚪	✅
Typical Queue Shuffle	62.58µs	62.03µs	-0.9% ⚪	✅
Priority Queue Shuffle	700.26µs	702.51µs	+0.3% ⚪	✅

🎯 Performance Summary

✅ No significant performance changes detected (all changes <10%)

---

🐍 Python Version 3.11.15

[codecov]

Codecov Report

❌ Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 91%. Comparing base (8b02acb) to head (e771036).
⚠️ Report is 4 commits behind head on 3.0.

Files with missing lines	Patch %	Lines
bbot/core/helpers/dns/engine.py	80%	1 Missing ⚠️

Additional details and impacted files

@@          Coverage Diff          @@
##             3.0   #3003   +/-   ##
=====================================
+ Coverage     91%     91%   +1%     
=====================================
  Files        436     436           
  Lines      37072   37072           
=====================================
+ Hits       33677   33688   +11     
+ Misses      3395    3384   -11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.