feat(dns): re-introduce DNS_SERVER option

- force to set `DNS_UPSTREAM_RESOLVER_TYPE=plain` to avoid any confusion/security hole - force to set `DNS_UPSTREAM_PLAIN_ADDRESSES` to addresses only with port 53
2026-05-10 04:30:20 +02:00 · 2026-05-05 21:15:28 +00:00
parent aab10f9d3f
commit 4ea2337668
5 changed files with 97 additions and 18 deletions
@@ -3,6 +3,7 @@ package dns
 import (
 	"context"
 	"fmt"
+	"net/netip"

 	"github.com/qdm12/dns/v2/pkg/middlewares/filter/update"
 	"github.com/qdm12/dns/v2/pkg/nameserver"
@@ -45,3 +46,25 @@ func (l *Loop) setupServer(ctx context.Context, settings settings.DNS) (runError

 	return runError, nil
 }
+
+func (l *Loop) usePlainServers(addrPorts []netip.AddrPort) (err error) {
+	nameserver.UseDNSInternally(nameserver.SettingsInternalDNS{
+		AddrPort: addrPorts[0],
+	})
+	addresses := make([]netip.Addr, len(addrPorts))
+	for i, addrPort := range addrPorts {
+		const defaultDNSPort = 53
+		if addrPort.Port() != defaultDNSPort {
+			return fmt.Errorf("invalid DNS port: %d, must be %d", addrPort.Port(), defaultDNSPort)
+		}
+		addresses[i] = addrPort.Addr()
+	}
+	err = nameserver.UseDNSSystemWide(nameserver.SettingsSystemDNS{
+		IPs:        addresses,
+		ResolvPath: l.resolvConf,
+	})
+	if err != nil {
+		return fmt.Errorf("using DNS system wide: %w", err)
+	}
+	return nil
+}