Make RFC1918 listener spawning opt-in via --rfc1918 flag instead of automatic behavior.
This allows users to explicitly control when ctrld listens on private network addresses
to receive DNS queries from LAN clients, improving security and configurability.
Refactor network interface detection to better distinguish between physical and virtual
interfaces, ensuring only real hardware interfaces are used for RFC1918 address binding.
- Add UpstreamConfig.VerifyMsg() method with proper EDNS0 support
- Replace hardcoded DNS messages in health checks with standardized verification method
- Set EDNS0 buffer size to 4096 bytes to handle large DNS responses
- Add test case for legacy resolver with extensive extra sections
- Move network monitoring initialization out of serveDNS() function
- Start network monitoring in a separate goroutine during program startup
- Remove context parameter from monitorNetworkChanges() as it's not used
- Simplify serveDNS() function signature by removing unused context parameter
- Ensure network monitoring starts only once during initial run, not on reload
This change improves separation of concerns by isolating network monitoring
from DNS serving logic, and prevents potential issues with multiple
monitoring goroutines if starting multiple listeners.
For cached or singleflight messages, the edns0 cookie is currently
shared among all of them, causing mismatch cookie warning from clients.
The ctrld proxy should re-set client cookies for each request
separately, even though they use the same shared answer.
netmon provides ipv6 availability during network event changes, so use
this metadata instead of wasting on polling check.
Further, repeated network errors will force marking ipv6 as disable if
were being enabled, catching a rare case when ipv6 were disabled from
cli or system settings.
Since application may need SRV record for public domains, which could be
blocked by OS resolver, but not with remote upstreams.
This was reported by a Minecraft user, who seeing thing is broken after
upgrading to v1.4.0 release.
fix bad logger usages
patch darwin interface name
patch darwin interface name, debugging
make resetDNS check for static config on startup, optionally restoring static confiration as needed
fix netmon logging
Previously, a valid interfaces map is only meaningful on Windows and
Darwin, where ctrld needs to set DNS for all physical interfaces.
With new network monitor, the valid interfaces is used for checking new
changes, thus we have to implement the valid interfaces map for all
systems.
- On Linux, just retrieving all non-virtual interfaces.
- On others, fallback to use default route interface only.
debugging
debugging
debugging
debugging
use default route interface IP for OS resolver queries
remove retries
fix resolv.conf clobbering on MacOS, set custom local addr for os resolver queries
remove the client info discovery logic on network change, this was overkill just for the IP, and was causing service failure after switching networks many times rapidly
handle ipv6 local addresses
guard ciTable from nil pointer
debugging failure count
copy
fix get valid ifaces in nameservers_bsd
nameservers on MacOS can be found in resolv.conf reliably
nameservers on MacOS can be found in resolv.conf reliably
exclude local IPs from MacOS resolve conf check
use scutil for MacOS, simplify reinit logic to prevent duplicate calls
add more dns server fetching options
never skip OS resolver in IsDown check
split dsb and darwin nameserver methods, add delay for setting DNS on interface on network change.
increase delay to 5s but only on MacOS
By recording both the error and output of external commands.
While at it:
- Removing un-necessary usages of sudo, since ctrld already
running with root privilege.
- Removing un-used function triggerCaptiveCheck.
So these events will be recorded separately from normal runtime log,
making troubleshooting later more easily.
While at it, only update ctrld.ProxyLogger for runCmd, it's the only one
which needs to log the query when proxying requests.
flush dns cache, manually hit captive portal on MacOS
fix real ip in debug log
treat all upstreams as down upon network change
delay upstream checks when leaking queries on network changes
debugging
skip type 24 in nameserver detection
skip type 24 in nameserver detection
remove interface type check from valid interfaces for now
skip non hardware interfaces in DNS nameserver lookup
ignore win api log output
set retries to 5 and 1s backoff
reset DNS when upgrading to make sure we get the proper OS nameservers on start
init running iface for upgrade
update windows service options for auto restarts on failure
make upgrade use the actual stop and start commands
fix the windows service retry logic
fix the windows service retry logic
task debugging
more task debugging
windows service name fix
windows service name fix
fix start command args
fix restart delay
dont recover from non crash failures
fix upgrade flow
fix logging
fix logging
try to enable nameserver logs
try to enable nameserver logs
handle flags in interface state changes
debugging
debugging
debugging
fix state detection, AD status fix
fix debugging line
more dc info
always log state changes
remove unused method
windows AD IP discovery
windows AD IP discovery
windows AD IP discovery
For normal OS resolver, ctrld does not use local addresses as nameserver
to avoid possible looping. However, on AD environment with local DNS
running, AD queries must be sent to the local DNS server for proper
resolving.
fix test
use upstreamIS var
init map, fix watcher flag
attempt to detect network changes
attempt to detect network changes
cancel and rerun reinitializeOSResolver
cancel and rerun reinitializeOSResolver
cancel and rerun reinitializeOSResolver
ignore invalid inferaces
ignore invalid inferaces
allow OS resolver upstream to fail
dont wait for dnsWait group on reinit, check for active interfaces to trigger reinit
fix unused var
simpler active iface check, debug logs
dont spam network service name patching on Mac
dont wait for os resolver nameserver testing
remove test for osresovlers for now
async nameserver testing
remove unused test
smol tweaks to nameserver test queries
fix restoreDNS errors
add some debugging information
fix wront type in log msg
set send logs command timeout to 5 mins
when the runningIface is no longer up, attempt to find a new interface
prefer default route, ignore non physical interfaces
prefer default route, ignore non physical interfaces
add max context timeout on performLeakingQuery with more debug logs
