fix(updater): only uses DoH to cloudflare+google

- prevent dns plaintext manipulation both the periodic update and when running in cli mode
- possibly higher reliability on poor connections versus UDP
- drop `-dns` flag in update command
- for now no configuration allowed since it makes everything rather complex

internal/updater/resolver/interfaces.go

@@ -0,0 +1,10 @@
+package resolver
+
+import (
+	"context"
+	"net"
+)
+
+type Dialer interface {
+	Dial(ctx context.Context, network, address string) (net.Conn, error)
+}

internal/updater/resolver/net.go

@@ -1,17 +1,12 @@
 package resolver
 
 import (
-	"context"
 	"net"
 )
 
-func newResolver(resolverAddress string) *net.Resolver {
-	d := net.Dialer{}
-	resolverAddress = net.JoinHostPort(resolverAddress, "53")
+func newResolver(d Dialer) *net.Resolver {
 	return &net.Resolver{
 		PreferGo: true,
-		Dial: func(ctx context.Context, _, _ string) (net.Conn, error) {
-			return d.DialContext(ctx, "udp", resolverAddress)
-		},
+		Dial:     d.Dial,
 	}
 }

internal/updater/resolver/parallel.go

@@ -11,9 +11,9 @@ type Parallel struct {
 	repeatResolver *Repeat
 }
 
-func NewParallelResolver(resolverAddress string) *Parallel {
+func NewParallelResolver(dialer Dialer) *Parallel {
 	return &Parallel{
-		repeatResolver: NewRepeat(resolverAddress),
+		repeatResolver: NewRepeat(dialer),
 	}
 }
 

internal/updater/resolver/repeat.go

@@ -14,9 +14,9 @@ type Repeat struct {
 	resolver *net.Resolver
 }
 
-func NewRepeat(resolverAddress string) *Repeat {
+func NewRepeat(dialer Dialer) *Repeat {
 	return &Repeat{
-		resolver: newResolver(resolverAddress),
+		resolver: newResolver(dialer),
 	}
 }