Do not send legacy DNS queries to bootstrap DNS

config.go

@@ -402,12 +402,6 @@ func (uc *UpstreamConfig) SetCertPool(cp *x509.CertPool) {
 	uc.certPool = cp
 }
 
-// SetupBootstrapIP manually find all available IPs of the upstream.
-// The first usable IP will be used as bootstrap IP of the upstream.
-func (uc *UpstreamConfig) SetupBootstrapIP() {
-	uc.setupBootstrapIP(true)
-}
-
 // UID returns the unique identifier of the upstream.
 func (uc *UpstreamConfig) UID() string {
 	return uc.uid
@@ -415,11 +409,11 @@ func (uc *UpstreamConfig) UID() string {
 
 // SetupBootstrapIP manually find all available IPs of the upstream.
 // The first usable IP will be used as bootstrap IP of the upstream.
-func (uc *UpstreamConfig) setupBootstrapIP(withBootstrapDNS bool) {
+func (uc *UpstreamConfig) SetupBootstrapIP() {
 	b := backoff.NewBackoff("setupBootstrapIP", func(format string, args ...any) {}, 10*time.Second)
 	isControlD := uc.IsControlD()
 	for {
-		uc.bootstrapIPs = lookupIP(uc.Domain, uc.Timeout, withBootstrapDNS)
+		uc.bootstrapIPs = lookupIP(uc.Domain, uc.Timeout)
 		// For ControlD upstream, the bootstrap IPs could not be RFC 1918 addresses,
 		// filtering them out here to prevent weird behavior.
 		if isControlD {

config_internal_test.go

@@ -2,16 +2,12 @@ package ctrld
 
 import (
 	"net/url"
-	"os"
 	"testing"
 
-	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestUpstreamConfig_SetupBootstrapIP(t *testing.T) {
-	l := zerolog.New(os.Stdout)
-	ProxyLogger.Store(&l)
 	uc := &UpstreamConfig{
 		Name:     "test",
 		Type:     ResolverTypeDOH,
@@ -19,7 +15,7 @@ func TestUpstreamConfig_SetupBootstrapIP(t *testing.T) {
 		Timeout:  5000,
 	}
 	uc.Init()
-	uc.setupBootstrapIP(false)
+	uc.SetupBootstrapIP()
 	if len(uc.bootstrapIPs) == 0 {
 		t.Log(defaultNameservers())
 		t.Fatal("could not bootstrap ip without bootstrap DNS")

dot.go

@@ -18,7 +18,7 @@ func (r *dotResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, erro
 	// dns.controld.dev first. By using a dialer with custom resolver,
 	// we ensure that we can always resolve the bootstrap domain
 	// regardless of the machine DNS status.
-	dialer := newDialer(net.JoinHostPort(controldBootstrapDns, "53"))
+	dialer := newDialer(net.JoinHostPort(controldPublicDns, "53"))
 	dnsTyp := uint16(0)
 	if msg != nil && len(msg.Question) > 0 {
 		dnsTyp = msg.Question[0].Qtype

resolver.go

@@ -41,10 +41,7 @@ const (
 	ResolverTypeSDNS = "sdns"
 )
 
-const (
-	controldBootstrapDns = "76.76.2.22"
-	controldPublicDns    = "76.76.2.0"
-)
+const controldPublicDns = "76.76.2.0"
 
 var controldPublicDnsWithPort = net.JoinHostPort(controldPublicDns, "53")
 
@@ -440,7 +437,7 @@ type legacyResolver struct {
 
 func (r *legacyResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, error) {
 	// See comment in (*dotResolver).resolve method.
-	dialer := newDialer(net.JoinHostPort(controldBootstrapDns, "53"))
+	dialer := newDialer(net.JoinHostPort(controldPublicDns, "53"))
 	dnsTyp := uint16(0)
 	if msg != nil && len(msg.Question) > 0 {
 		dnsTyp = msg.Question[0].Qtype
@@ -472,10 +469,10 @@ func (d dummyResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, err
 // LookupIP looks up host using OS resolver.
 // It returns a slice of that host's IPv4 and IPv6 addresses.
 func LookupIP(domain string) []string {
-	return lookupIP(domain, -1, true)
+	return lookupIP(domain, -1)
 }
 
-func lookupIP(domain string, timeout int, withBootstrapDNS bool) (ips []string) {
+func lookupIP(domain string, timeout int) (ips []string) {
 	resolverMutex.Lock()
 	if or == nil {
 		ProxyLogger.Load().Debug().Msgf("Initialize OS resolver in lookupIP")
@@ -485,9 +482,6 @@ func lookupIP(domain string, timeout int, withBootstrapDNS bool) (ips []string)
 
 	nss := *or.lanServers.Load()
 	nss = append(nss, *or.publicServers.Load()...)
-	if withBootstrapDNS {
-		nss = append([]string{net.JoinHostPort(controldBootstrapDns, "53")}, nss...)
-	}
 	resolver := newResolverWithNameserver(nss)
 	ProxyLogger.Load().Debug().Msgf("resolving %q using bootstrap DNS %q", domain, nss)
 	timeoutMs := 2000