From 2de1b9929a53ee790dd5429daf627ad7314e8ed9 Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong@windscribe.com>
Date: Thu, 13 Mar 2025 21:04:00 +0700
Subject: [PATCH] Do not send legacy DNS queries to bootstrap DNS

---
 config.go               | 10 ++--------
 config_internal_test.go |  6 +-----
 dot.go                  |  2 +-
 resolver.go             | 14 ++++----------
 4 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/config.go b/config.go
index 48736ac..4ace9f1 100644
--- a/config.go
+++ b/config.go
@@ -402,12 +402,6 @@ func (uc *UpstreamConfig) SetCertPool(cp *x509.CertPool) {
 	uc.certPool = cp
 }
 
-// SetupBootstrapIP manually find all available IPs of the upstream.
-// The first usable IP will be used as bootstrap IP of the upstream.
-func (uc *UpstreamConfig) SetupBootstrapIP() {
-	uc.setupBootstrapIP(true)
-}
-
 // UID returns the unique identifier of the upstream.
 func (uc *UpstreamConfig) UID() string {
 	return uc.uid
@@ -415,11 +409,11 @@ func (uc *UpstreamConfig) UID() string {
 
 // SetupBootstrapIP manually find all available IPs of the upstream.
 // The first usable IP will be used as bootstrap IP of the upstream.
-func (uc *UpstreamConfig) setupBootstrapIP(withBootstrapDNS bool) {
+func (uc *UpstreamConfig) SetupBootstrapIP() {
 	b := backoff.NewBackoff("setupBootstrapIP", func(format string, args ...any) {}, 10*time.Second)
 	isControlD := uc.IsControlD()
 	for {
-		uc.bootstrapIPs = lookupIP(uc.Domain, uc.Timeout, withBootstrapDNS)
+		uc.bootstrapIPs = lookupIP(uc.Domain, uc.Timeout)
 		// For ControlD upstream, the bootstrap IPs could not be RFC 1918 addresses,
 		// filtering them out here to prevent weird behavior.
 		if isControlD {
diff --git a/config_internal_test.go b/config_internal_test.go
index 44b7e2f..7695eb5 100644
--- a/config_internal_test.go
+++ b/config_internal_test.go
@@ -2,16 +2,12 @@ package ctrld
 
 import (
 	"net/url"
-	"os"
 	"testing"
 
-	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestUpstreamConfig_SetupBootstrapIP(t *testing.T) {
-	l := zerolog.New(os.Stdout)
-	ProxyLogger.Store(&l)
 	uc := &UpstreamConfig{
 		Name:     "test",
 		Type:     ResolverTypeDOH,
@@ -19,7 +15,7 @@ func TestUpstreamConfig_SetupBootstrapIP(t *testing.T) {
 		Timeout:  5000,
 	}
 	uc.Init()
-	uc.setupBootstrapIP(false)
+	uc.SetupBootstrapIP()
 	if len(uc.bootstrapIPs) == 0 {
 		t.Log(defaultNameservers())
 		t.Fatal("could not bootstrap ip without bootstrap DNS")
diff --git a/dot.go b/dot.go
index c0fe102..67d1ff8 100644
--- a/dot.go
+++ b/dot.go
@@ -18,7 +18,7 @@ func (r *dotResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, erro
 	// dns.controld.dev first. By using a dialer with custom resolver,
 	// we ensure that we can always resolve the bootstrap domain
 	// regardless of the machine DNS status.
-	dialer := newDialer(net.JoinHostPort(controldBootstrapDns, "53"))
+	dialer := newDialer(net.JoinHostPort(controldPublicDns, "53"))
 	dnsTyp := uint16(0)
 	if msg != nil && len(msg.Question) > 0 {
 		dnsTyp = msg.Question[0].Qtype
diff --git a/resolver.go b/resolver.go
index 677738b..3da2574 100644
--- a/resolver.go
+++ b/resolver.go
@@ -41,10 +41,7 @@ const (
 	ResolverTypeSDNS = "sdns"
 )
 
-const (
-	controldBootstrapDns = "76.76.2.22"
-	controldPublicDns    = "76.76.2.0"
-)
+const controldPublicDns = "76.76.2.0"
 
 var controldPublicDnsWithPort = net.JoinHostPort(controldPublicDns, "53")
 
@@ -440,7 +437,7 @@ type legacyResolver struct {
 
 func (r *legacyResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, error) {
 	// See comment in (*dotResolver).resolve method.
-	dialer := newDialer(net.JoinHostPort(controldBootstrapDns, "53"))
+	dialer := newDialer(net.JoinHostPort(controldPublicDns, "53"))
 	dnsTyp := uint16(0)
 	if msg != nil && len(msg.Question) > 0 {
 		dnsTyp = msg.Question[0].Qtype
@@ -472,10 +469,10 @@ func (d dummyResolver) Resolve(ctx context.Context, msg *dns.Msg) (*dns.Msg, err
 // LookupIP looks up host using OS resolver.
 // It returns a slice of that host's IPv4 and IPv6 addresses.
 func LookupIP(domain string) []string {
-	return lookupIP(domain, -1, true)
+	return lookupIP(domain, -1)
 }
 
-func lookupIP(domain string, timeout int, withBootstrapDNS bool) (ips []string) {
+func lookupIP(domain string, timeout int) (ips []string) {
 	resolverMutex.Lock()
 	if or == nil {
 		ProxyLogger.Load().Debug().Msgf("Initialize OS resolver in lookupIP")
@@ -485,9 +482,6 @@ func lookupIP(domain string, timeout int, withBootstrapDNS bool) (ips []string)
 
 	nss := *or.lanServers.Load()
 	nss = append(nss, *or.publicServers.Load()...)
-	if withBootstrapDNS {
-		nss = append([]string{net.JoinHostPort(controldBootstrapDns, "53")}, nss...)
-	}
 	resolver := newResolverWithNameserver(nss)
 	ProxyLogger.Load().Debug().Msgf("resolving %q using bootstrap DNS %q", domain, nss)
 	timeoutMs := 2000