feat(dns): re-introduce DNS_SERVER option

- force to set `DNS_UPSTREAM_RESOLVER_TYPE=plain` to avoid any confusion/security hole
- force to set `DNS_UPSTREAM_PLAIN_ADDRESSES` to addresses only with port 53

internal/dns/run.go

@@ -33,9 +33,22 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 		for {
 			settings = l.GetSettings()
 			var err error
-			runError, err = l.setupServer(ctx, settings)
-			if err == nil {
-				break
+			if *settings.ServerEnabled { //nolint:nestif
+				runError, err = l.setupServer(ctx, settings)
+				if err == nil {
+					l.logger.Infof("ready and using DNS server with %s upstream resolvers", settings.UpstreamType)
+					err = l.updateFiles(ctx, settings)
+					if err != nil {
+						l.logger.Warn("downloading block lists failed, skipping: " + err.Error())
+					}
+					break
+				}
+			} else {
+				err = l.usePlainServers(settings.UpstreamPlainAddresses)
+				if err == nil {
+					l.logger.Infof("ready and using plain DNS resolvers: %v", settings.UpstreamPlainAddresses)
+					break
+				}
 			}
 
 			l.signalOrSetStatus(constants.Crashed)
@@ -46,12 +59,6 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 		}
 
 		l.backoffTime = defaultBackoffTime
-		l.logger.Infof("ready and using DNS server with %s upstream resolvers", settings.UpstreamType)
-
-		err = l.updateFiles(ctx, settings)
-		if err != nil {
-			l.logger.Warn("downloading block lists failed, skipping: " + err.Error())
-		}
 		l.signalOrSetStatus(constants.Running)
 
 		l.userTrigger = false
@@ -74,13 +81,13 @@ func (l *Loop) runWait(ctx context.Context, runError <-chan error) (exitLoop boo
 	for {
 		select {
 		case <-ctx.Done():
-			l.stopServer()
+			l.stopServerIfAny()
 			// TODO revert OS and Go nameserver when exiting
 			return true
 		case <-l.stop:
 			l.userTrigger = true
 			l.logger.Info("stopping")
-			l.stopServer()
+			l.stopServerIfAny()
 			l.stopped <- struct{}{}
 		case <-l.start:
 			l.userTrigger = true
@@ -94,7 +101,10 @@ func (l *Loop) runWait(ctx context.Context, runError <-chan error) (exitLoop boo
 	}
 }
 
-func (l *Loop) stopServer() {
+func (l *Loop) stopServerIfAny() {
+	if l.server == nil {
+		return
+	}
 	stopErr := l.server.Stop()
 	if stopErr != nil {
 		l.logger.Error("stopping server: " + stopErr.Error())

internal/dns/setup.go

@@ -3,6 +3,7 @@ package dns
 import (
 	"context"
 	"fmt"
+	"net/netip"
 
 	"github.com/qdm12/dns/v2/pkg/middlewares/filter/update"
 	"github.com/qdm12/dns/v2/pkg/nameserver"
@@ -45,3 +46,25 @@ func (l *Loop) setupServer(ctx context.Context, settings settings.DNS) (runError
 
 	return runError, nil
 }
+
+func (l *Loop) usePlainServers(addrPorts []netip.AddrPort) (err error) {
+	nameserver.UseDNSInternally(nameserver.SettingsInternalDNS{
+		AddrPort: addrPorts[0],
+	})
+	addresses := make([]netip.Addr, len(addrPorts))
+	for i, addrPort := range addrPorts {
+		const defaultDNSPort = 53
+		if addrPort.Port() != defaultDNSPort {
+			return fmt.Errorf("invalid DNS port: %d, must be %d", addrPort.Port(), defaultDNSPort)
+		}
+		addresses[i] = addrPort.Addr()
+	}
+	err = nameserver.UseDNSSystemWide(nameserver.SettingsSystemDNS{
+		IPs:        addresses,
+		ResolvPath: l.resolvConf,
+	})
+	if err != nil {
+		return fmt.Errorf("using DNS system wide: %w", err)
+	}
+	return nil
+}