ignore os resolver setup for android.

2026-04-07 12:32:04 +02:00 · 2025-07-02 11:50:21 -04:00
19 changed files with 110 additions and 666 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
      fail-fast: false
      matrix:
        os: ["windows-latest", "ubuntu-latest", "macOS-latest"]
-        go: ["1.24.x"]
+        go: ["1.23.x"]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v3
@@ -21,6 +21,6 @@ jobs:
      - run: "go test -race ./..."
      - uses: dominikh/staticcheck-action@v1.3.1
        with:
-          version: "2025.1"
+          version: "2024.1.1"
          install-go: false
          cache-key: ${{ matrix.go }}
--- a/cmd/cli/commands.go
+++ b/cmd/cli/commands.go
@@ -13,7 +13,6 @@ import (
 	"os/exec"
 	"path/filepath"
 	"runtime"
-	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -207,7 +206,6 @@ func initStartCmd() *cobra.Command {

 NOTE: running "ctrld start" without any arguments will start already installed ctrld service.`,
 		Args: func(cmd *cobra.Command, args []string) error {
-			args = filterEmptyStrings(args)
 			if len(args) > 0 {
 				return fmt.Errorf("'ctrld start' doesn't accept positional arguments\n" +
 					"Use flags instead (e.g. --cd, --iface) or see 'ctrld start --help' for all options")
@@ -221,7 +219,6 @@ NOTE: running "ctrld start" without any arguments will start already installed c
 			sc := &service.Config{}
 			*sc = *svcConfig
 			osArgs := os.Args[2:]
-			osArgs = filterEmptyStrings(osArgs)
 			if os.Args[1] == "service" {
 				osArgs = os.Args[3:]
 			}
@@ -569,7 +566,6 @@ NOTE: running "ctrld start" without any arguments will start already installed c

 NOTE: running "ctrld start" without any arguments will start already installed ctrld service.`,
 		Args: func(cmd *cobra.Command, args []string) error {
-			args = filterEmptyStrings(args)
 			if len(args) > 0 {
 				return fmt.Errorf("'ctrld start' doesn't accept positional arguments\n" +
 					"Use flags instead (e.g. --cd, --iface) or see 'ctrld start --help' for all options")
@@ -1385,11 +1381,3 @@ func initServicesCmd(commands ...*cobra.Command) *cobra.Command {

 	return serviceCmd
 }
-
-// filterEmptyStrings removes empty strings from a slice of strings.
-// It returns a new slice containing only non-empty strings.
-func filterEmptyStrings(slice []string) []string {
-	return slices.DeleteFunc(slice, func(s string) bool {
-		return s == ""
-	})
-}
--- a/cmd/cli/dns_proxy.go
+++ b/cmd/cli/dns_proxy.go
@@ -84,7 +84,13 @@ type upstreamForResult struct {
 	srcAddr        string
 }

-func (p *prog) serveDNS(listenerNum string) error {
+func (p *prog) serveDNS(mainCtx context.Context, listenerNum string) error {
+	// Start network monitoring
+	if err := p.monitorNetworkChanges(mainCtx); err != nil {
+		mainLog.Load().Error().Err(err).Msg("Failed to start network monitoring")
+		// Don't return here as we still want DNS service to run
+	}
+
 	listenerConfig := p.cfg.Listener[listenerNum]
 	// make sure ip is allocated
 	if allocErr := p.allocateIP(listenerConfig.IP); allocErr != nil {
@@ -1181,7 +1187,7 @@ func FlushDNSCache() error {
 }

 // monitorNetworkChanges starts monitoring for network interface changes
-func (p *prog) monitorNetworkChanges() error {
+func (p *prog) monitorNetworkChanges(ctx context.Context) error {
 	mon, err := netmon.New(func(format string, args ...any) {
 		// Always fetch the latest logger (and inject the prefix)
 		mainLog.Load().Printf("netmon: "+format, args...)
@@ -1400,6 +1406,9 @@ func (p *prog) checkUpstreamOnce(upstream string, uc *ctrld.UpstreamConfig) erro
 		return err
 	}

+	msg := new(dns.Msg)
+	msg.SetQuestion(".", dns.TypeNS)
+
 	timeout := 1000 * time.Millisecond
 	if uc.Timeout > 0 {
 		timeout = time.Millisecond * time.Duration(uc.Timeout)
@@ -1413,7 +1422,6 @@ func (p *prog) checkUpstreamOnce(upstream string, uc *ctrld.UpstreamConfig) erro
 	mainLog.Load().Debug().Msgf("Rebootstrapping resolver for upstream: %s", upstream)

 	start := time.Now()
-	msg := uc.VerifyMsg()
 	_, err = resolver.Resolve(ctx, msg)
 	duration := time.Since(start)

--- a/cmd/cli/prog.go
+++ b/cmd/cli/prog.go
@@ -35,7 +35,6 @@ import (
 	"github.com/Control-D-Inc/ctrld/internal/controld"
 	"github.com/Control-D-Inc/ctrld/internal/dnscache"
 	"github.com/Control-D-Inc/ctrld/internal/router"
-	"github.com/Control-D-Inc/ctrld/internal/router/dnsmasq"
 )

 const (
@@ -329,7 +328,7 @@ func (p *prog) apiConfigReload() {

 		// Performing self-upgrade check for production version.
 		if isStable {
-			_ = selfUpgradeCheck(resolverConfig.Ctrld.VersionTarget, curVer, &logger)
+			selfUpgradeCheck(resolverConfig.Ctrld.VersionTarget, curVer, &logger)
 		}

 		if resolverConfig.DeactivationPin != nil {
@@ -530,15 +529,6 @@ func (p *prog) run(reload bool, reloadCh chan struct{}) {
 		go p.watchLinkState(ctx)
 	}

-	if !reload {
-		go func() {
-			// Start network monitoring
-			if err := p.monitorNetworkChanges(); err != nil {
-				mainLog.Load().Error().Err(err).Msg("Failed to start network monitoring")
-			}
-		}()
-	}
-
 	for listenerNum := range p.cfg.Listener {
 		p.cfg.Listener[listenerNum].Init()
 		if !reload {
@@ -550,7 +540,7 @@ func (p *prog) run(reload bool, reloadCh chan struct{}) {
 				}
 				addr := net.JoinHostPort(listenerConfig.IP, strconv.Itoa(listenerConfig.Port))
 				mainLog.Load().Info().Msgf("starting DNS server on listener.%s: %s", listenerNum, addr)
-				if err := p.serveDNS(listenerNum); err != nil {
+				if err := p.serveDNS(ctx, listenerNum); err != nil {
 					mainLog.Load().Fatal().Err(err).Msgf("unable to start dns proxy on listener.%s", listenerNum)
 				}
 				mainLog.Load().Debug().Msgf("end of serveDNS listener.%s: %s", listenerNum, addr)
@@ -617,12 +607,6 @@ func (p *prog) setupClientInfoDiscover(selfIP string) {
 		format := ctrld.LeaseFileFormat(p.cfg.Service.DHCPLeaseFileFormat)
 		p.ciTable.AddLeaseFile(leaseFile, format)
 	}
-	if leaseFiles := dnsmasq.AdditionalLeaseFiles(); len(leaseFiles) > 0 {
-		mainLog.Load().Debug().Msgf("watching additional lease files: %v", leaseFiles)
-		for _, leaseFile := range leaseFiles {
-			p.ciTable.AddLeaseFile(leaseFile, ctrld.Dnsmasq)
-		}
-	}
 }

 // runClientInfoDiscover runs the client info discover.
@@ -1483,15 +1467,14 @@ func selfUninstallCheck(uninstallErr error, p *prog, logger zerolog.Logger) {
 	}
 }

-// shouldUpgrade checks if the version target vt is greater than the current one cv.
-// Major version upgrades are not allowed to prevent breaking changes.
+// selfUpgradeCheck checks if the version target vt is greater
+// than the current one cv, perform self-upgrade then.
 //
 // The callers must ensure curVer and logger are non-nil.
-// Returns true if upgrade is allowed, false otherwise.
-func shouldUpgrade(vt string, cv *semver.Version, logger *zerolog.Logger) bool {
+func selfUpgradeCheck(vt string, cv *semver.Version, logger *zerolog.Logger) {
 	if vt == "" {
 		logger.Debug().Msg("no version target set, skipped checking self-upgrade")
-		return false
+		return
 	}
 	vts := vt
 	if !strings.HasPrefix(vts, "v") {
@@ -1500,58 +1483,28 @@ func shouldUpgrade(vt string, cv *semver.Version, logger *zerolog.Logger) bool {
 	targetVer, err := semver.NewVersion(vts)
 	if err != nil {
 		logger.Warn().Err(err).Msgf("invalid target version, skipped self-upgrade: %s", vt)
-		return false
+		return
 	}
-
-	// Prevent major version upgrades to avoid breaking changes
-	if targetVer.Major() != cv.Major() {
-		logger.Warn().
-			Str("target", vt).
-			Str("current", cv.String()).
-			Msgf("major version upgrade not allowed (target: %d, current: %d), skipped self-upgrade", targetVer.Major(), cv.Major())
-		return false
-	}
-
 	if !targetVer.GreaterThan(cv) {
 		logger.Debug().
 			Str("target", vt).
 			Str("current", cv.String()).
 			Msgf("target version is not greater than current one, skipped self-upgrade")
-		return false
+		return
 	}

-	return true
-}
-
-// performUpgrade executes the self-upgrade command.
-// Returns true if upgrade was initiated successfully, false otherwise.
-func performUpgrade(vt string) bool {
 	exe, err := os.Executable()
 	if err != nil {
 		mainLog.Load().Error().Err(err).Msg("failed to get executable path, skipped self-upgrade")
-		return false
+		return
 	}
 	cmd := exec.Command(exe, "upgrade", "prod", "-vv")
 	cmd.SysProcAttr = sysProcAttrForDetachedChildProcess()
 	if err := cmd.Start(); err != nil {
 		mainLog.Load().Error().Err(err).Msg("failed to start self-upgrade")
-		return false
+		return
 	}
-	mainLog.Load().Debug().Msgf("self-upgrade triggered, version target: %s", vt)
-	return true
-}
-
-// selfUpgradeCheck checks if the version target vt is greater
-// than the current one cv, perform self-upgrade then.
-// Major version upgrades are not allowed to prevent breaking changes.
-//
-// The callers must ensure curVer and logger are non-nil.
-// Returns true if upgrade is allowed and should proceed, false otherwise.
-func selfUpgradeCheck(vt string, cv *semver.Version, logger *zerolog.Logger) bool {
-	if shouldUpgrade(vt, cv, logger) {
-		return performUpgrade(vt)
-	}
-	return false
+	mainLog.Load().Debug().Msgf("self-upgrade triggered, version target: %s", vts)
 }

 // leakOnUpstreamFailure reports whether ctrld should initiate a recovery flow
--- a/cmd/cli/prog_linux.go
+++ b/cmd/cli/prog_linux.go
@@ -14,6 +14,9 @@ import (
 )

 func init() {
+	if isAndroid() {
+		return
+	}
 	if r, err := newLoopbackOSConfigurator(); err == nil {
 		useSystemdResolved = r.Mode() == "systemd-resolved"
 	}
--- a/cmd/cli/prog_test.go
+++ b/cmd/cli/prog_test.go
@@ -1,15 +1,11 @@
 package cli

 import (
-	"runtime"
 	"testing"
 	"time"

-	"github.com/Masterminds/semver/v3"
-	"github.com/rs/zerolog"
-	"github.com/stretchr/testify/assert"
-
 	"github.com/Control-D-Inc/ctrld"
+	"github.com/stretchr/testify/assert"
 )

 func Test_prog_dnsWatchdogEnabled(t *testing.T) {
@@ -59,215 +55,3 @@ func Test_prog_dnsWatchdogInterval(t *testing.T) {
 		})
 	}
 }
-
-func Test_shouldUpgrade(t *testing.T) {
-	// Helper function to create a version
-	makeVersion := func(v string) *semver.Version {
-		ver, err := semver.NewVersion(v)
-		if err != nil {
-			t.Fatalf("failed to create version %s: %v", v, err)
-		}
-		return ver
-	}
-
-	tests := []struct {
-		name           string
-		versionTarget  string
-		currentVersion *semver.Version
-		shouldUpgrade  bool
-		description    string
-	}{
-		{
-			name:           "empty version target",
-			versionTarget:  "",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should skip upgrade when version target is empty",
-		},
-		{
-			name:           "invalid version target",
-			versionTarget:  "invalid-version",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should skip upgrade when version target is invalid",
-		},
-		{
-			name:           "same version",
-			versionTarget:  "v1.0.0",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should skip upgrade when target version equals current version",
-		},
-		{
-			name:           "older version",
-			versionTarget:  "v1.0.0",
-			currentVersion: makeVersion("v1.1.0"),
-			shouldUpgrade:  false,
-			description:    "should skip upgrade when target version is older than current version",
-		},
-		{
-			name:           "patch upgrade allowed",
-			versionTarget:  "v1.0.1",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  true,
-			description:    "should allow patch version upgrade within same major version",
-		},
-		{
-			name:           "minor upgrade allowed",
-			versionTarget:  "v1.1.0",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  true,
-			description:    "should allow minor version upgrade within same major version",
-		},
-		{
-			name:           "major upgrade blocked",
-			versionTarget:  "v2.0.0",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should block major version upgrade",
-		},
-		{
-			name:           "major downgrade blocked",
-			versionTarget:  "v1.0.0",
-			currentVersion: makeVersion("v2.0.0"),
-			shouldUpgrade:  false,
-			description:    "should block major version downgrade",
-		},
-		{
-			name:           "version without v prefix",
-			versionTarget:  "1.0.1",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  true,
-			description:    "should handle version target without v prefix",
-		},
-		{
-			name:           "complex version upgrade allowed",
-			versionTarget:  "v1.5.3",
-			currentVersion: makeVersion("v1.4.2"),
-			shouldUpgrade:  true,
-			description:    "should allow complex version upgrade within same major version",
-		},
-		{
-			name:           "complex major upgrade blocked",
-			versionTarget:  "v3.1.0",
-			currentVersion: makeVersion("v2.5.3"),
-			shouldUpgrade:  false,
-			description:    "should block complex major version upgrade",
-		},
-		{
-			name:           "pre-release version upgrade allowed",
-			versionTarget:  "v1.0.1-beta.1",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  true,
-			description:    "should allow pre-release version upgrade within same major version",
-		},
-		{
-			name:           "pre-release major upgrade blocked",
-			versionTarget:  "v2.0.0-alpha.1",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should block pre-release major version upgrade",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			// Create test logger
-			testLogger := zerolog.New(zerolog.NewTestWriter(t)).With().Logger()
-
-			// Call the function and capture the result
-			result := shouldUpgrade(tc.versionTarget, tc.currentVersion, &testLogger)
-
-			// Assert the expected result
-			assert.Equal(t, tc.shouldUpgrade, result, tc.description)
-		})
-	}
-}
-
-func Test_selfUpgradeCheck(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("skipped due to Windows file locking issue on Github Action runners")
-	}
-
-	// Helper function to create a version
-	makeVersion := func(v string) *semver.Version {
-		ver, err := semver.NewVersion(v)
-		if err != nil {
-			t.Fatalf("failed to create version %s: %v", v, err)
-		}
-		return ver
-	}
-
-	tests := []struct {
-		name           string
-		versionTarget  string
-		currentVersion *semver.Version
-		shouldUpgrade  bool
-		description    string
-	}{
-		{
-			name:           "upgrade allowed",
-			versionTarget:  "v1.0.1",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  true,
-			description:    "should allow upgrade and attempt to perform it",
-		},
-		{
-			name:           "upgrade blocked",
-			versionTarget:  "v2.0.0",
-			currentVersion: makeVersion("v1.0.0"),
-			shouldUpgrade:  false,
-			description:    "should block upgrade and not attempt to perform it",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			// Create test logger
-			testLogger := zerolog.New(zerolog.NewTestWriter(t)).With().Logger()
-
-			// Call the function and capture the result
-			result := selfUpgradeCheck(tc.versionTarget, tc.currentVersion, &testLogger)
-
-			// Assert the expected result
-			assert.Equal(t, tc.shouldUpgrade, result, tc.description)
-		})
-	}
-}
-
-func Test_performUpgrade(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		t.Skip("skipped due to Windows file locking issue on Github Action runners")
-	}
-
-	tests := []struct {
-		name           string
-		versionTarget  string
-		expectedResult bool
-		description    string
-	}{
-		{
-			name:           "valid version target",
-			versionTarget:  "v1.0.1",
-			expectedResult: true,
-			description:    "should attempt to perform upgrade with valid version target",
-		},
-		{
-			name:           "empty version target",
-			versionTarget:  "",
-			expectedResult: true,
-			description:    "should attempt to perform upgrade even with empty version target",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			// Call the function and capture the result
-			result := performUpgrade(tc.versionTarget)
-			assert.Equal(t, tc.expectedResult, result, tc.description)
-		})
-	}
-}
--- a/config.go
+++ b/config.go
@@ -358,15 +358,6 @@ func (uc *UpstreamConfig) Init() {
 	}
 }

-// VerifyMsg creates and returns a new DNS message could be used for testing upstream health.
-func (uc *UpstreamConfig) VerifyMsg() *dns.Msg {
-	msg := new(dns.Msg)
-	msg.RecursionDesired = true
-	msg.SetQuestion(".", dns.TypeNS)
-	msg.SetEdns0(4096, false) // ensure handling of large DNS response
-	return msg
-}
-
 // VerifyDomain returns the domain name that could be resolved by the upstream endpoint.
 // It returns empty for non-ControlD upstream endpoint.
 func (uc *UpstreamConfig) VerifyDomain() string {
--- a/internal/clientinfo/dhcp_lease_files.go
+++ b/internal/clientinfo/dhcp_lease_files.go
@@ -16,5 +16,4 @@ var clientInfoFiles = map[string]ctrld.LeaseFileFormat{
 	"/var/dhcpd/var/db/dhcpd.leases":           ctrld.IscDhcpd, // Pfsense
 	"/home/pi/.router/run/dhcp/dnsmasq.leases": ctrld.Dnsmasq,  // Firewalla
 	"/var/lib/kea/dhcp4.leases":                ctrld.KeaDHCP4, // Pfsense
-	"/var/db/dnsmasq.leases":                   ctrld.Dnsmasq,  // OPNsense
 }
--- a/internal/clientinfo/mdns.go
+++ b/internal/clientinfo/mdns.go
@@ -74,6 +74,7 @@ func (m *mdns) lookupIPByHostname(name string, v6 bool) string {
 		if value == name {
 			if addr, err := netip.ParseAddr(key.(string)); err == nil && addr.Is6() == v6 {
 				ip = addr.String()
+				//lint:ignore S1008 This is used for readable.
 				if addr.IsLoopback() { // Continue searching if this is loopback address.
 					return true
 				}
--- a/internal/clientinfo/ptr_lookup.go
+++ b/internal/clientinfo/ptr_lookup.go
@@ -104,6 +104,7 @@ func (p *ptrDiscover) lookupIPByHostname(name string, v6 bool) string {
 		if value == name {
 			if addr, err := netip.ParseAddr(key.(string)); err == nil && addr.Is6() == v6 {
 				ip = addr.String()
+				//lint:ignore S1008 This is used for readable.
 				if addr.IsLoopback() { // Continue searching if this is loopback address.
 					return true
 				}
@@ -119,7 +120,8 @@ func (p *ptrDiscover) lookupIPByHostname(name string, v6 bool) string {
 // is reachable, set p.serverDown to false, so p.lookupHostname can continue working.
 func (p *ptrDiscover) checkServer() {
 	bo := backoff.NewBackoff("ptrDiscover", func(format string, args ...any) {}, time.Minute*5)
-	m := (&ctrld.UpstreamConfig{}).VerifyMsg()
+	m := new(dns.Msg)
+	m.SetQuestion(".", dns.TypeNS)
 	ping := func() error {
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 		defer cancel()
--- a/internal/router/dnsmasq/conf.go
+++ b/internal/router/dnsmasq/conf.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"io"
 	"os"
-	"path/filepath"
 	"strings"
 )

@@ -29,62 +28,3 @@ func interfaceNameFromReader(r io.Reader) (string, error) {
 	}
 	return "", errors.New("not found")
 }
-
-// AdditionalConfigFiles returns a list of Dnsmasq configuration files found in the "/tmp/etc" directory.
-func AdditionalConfigFiles() []string {
-	if paths, err := filepath.Glob("/tmp/etc/dnsmasq-*.conf"); err == nil {
-		return paths
-	}
-	return nil
-}
-
-// AdditionalLeaseFiles returns a list of lease file paths corresponding to the Dnsmasq configuration files.
-func AdditionalLeaseFiles() []string {
-	cfgFiles := AdditionalConfigFiles()
-	if len(cfgFiles) == 0 {
-		return nil
-	}
-	leaseFiles := make([]string, 0, len(cfgFiles))
-	for _, cfgFile := range cfgFiles {
-		if leaseFile := leaseFileFromConfigFileName(cfgFile); leaseFile != "" {
-			leaseFiles = append(leaseFiles, leaseFile)
-
-		} else {
-			leaseFiles = append(leaseFiles, defaultLeaseFileFromConfigPath(cfgFile))
-		}
-	}
-	return leaseFiles
-}
-
-// leaseFileFromConfigFileName retrieves the DHCP lease file path by reading and parsing the provided configuration file.
-func leaseFileFromConfigFileName(cfgFile string) string {
-	if f, err := os.Open(cfgFile); err == nil {
-		return leaseFileFromReader(f)
-	}
-	return ""
-}
-
-// leaseFileFromReader parses the given io.Reader for the "dhcp-leasefile" configuration and returns its value as a string.
-func leaseFileFromReader(r io.Reader) string {
-	scanner := bufio.NewScanner(r)
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-		before, after, found := strings.Cut(line, "=")
-		if !found {
-			continue
-		}
-		if before == "dhcp-leasefile" {
-			return after
-		}
-	}
-	return ""
-}
-
-// defaultLeaseFileFromConfigPath generates the default lease file path based on the provided configuration file path.
-func defaultLeaseFileFromConfigPath(path string) string {
-	name := filepath.Base(path)
-	return filepath.Join("/var/lib/misc", strings.TrimSuffix(name, ".conf")+".leases")
-}
--- a/internal/router/dnsmasq/conf_test.go
+++ b/internal/router/dnsmasq/conf_test.go
@@ -1,7 +1,6 @@
 package dnsmasq

 import (
-	"io"
 	"strings"
 	"testing"
 )
@@ -45,49 +44,3 @@ interface=eth0
 		})
 	}
 }
-
-func Test_leaseFileFromReader(t *testing.T) {
-	tests := []struct {
-		name     string
-		in       io.Reader
-		expected string
-	}{
-		{
-			"default",
-			strings.NewReader(`
-dhcp-script=/sbin/dhcpc_lease
-dhcp-leasefile=/var/lib/misc/dnsmasq-1.leases
-script-arp
-`),
-			"/var/lib/misc/dnsmasq-1.leases",
-		},
-		{
-			"non-default",
-			strings.NewReader(`
-dhcp-script=/sbin/dhcpc_lease
-dhcp-leasefile=/tmp/var/lib/misc/dnsmasq-1.leases
-script-arp
-`),
-			"/tmp/var/lib/misc/dnsmasq-1.leases",
-		},
-		{
-			"missing",
-			strings.NewReader(`
-dhcp-script=/sbin/dhcpc_lease
-script-arp
-`),
-			"",
-		},
-	}
-
-	for _, tc := range tests {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-			if got := leaseFileFromReader(tc.in); got != tc.expected {
-				t.Errorf("leaseFileFromReader() = %v, want %v", got, tc.expected)
-			}
-		})
-	}
-
-}
--- a/internal/router/dnsmasq/dnsmasq.go
+++ b/internal/router/dnsmasq/dnsmasq.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 	"html/template"
 	"net"
-	"os"
 	"path/filepath"
 	"strings"

@@ -27,13 +26,9 @@ max-cache-ttl=0
 {{- end}}
 `

-const (
-	MerlinConfPath     = "/tmp/etc/dnsmasq.conf"
-	MerlinJffsConfDir  = "/jffs/configs"
-	MerlinJffsConfPath = "/jffs/configs/dnsmasq.conf"
-	MerlinPostConfPath = "/jffs/scripts/dnsmasq.postconf"
-)
-
+const MerlinConfPath = "/tmp/etc/dnsmasq.conf"
+const MerlinJffsConfPath = "/jffs/configs/dnsmasq.conf"
+const MerlinPostConfPath = "/jffs/scripts/dnsmasq.postconf"
 const MerlinPostConfMarker = `# GENERATED BY ctrld - EOF`
 const MerlinPostConfTmpl = `# GENERATED BY ctrld - DO NOT MODIFY

@@ -164,27 +159,3 @@ func FirewallaSelfInterfaces() []*net.Interface {
 	}
 	return ifaces
 }
-
-const (
-	ubios43ConfPath = "/run/dnsmasq.dhcp.conf.d"
-	ubios42ConfPath = "/run/dnsmasq.conf.d"
-	ubios43PidFile  = "/run/dnsmasq-main.pid"
-	ubios42PidFile  = "/run/dnsmasq.pid"
-	UbiosConfName   = "zzzctrld.conf"
-)
-
-// UbiosConfPath returns the appropriate configuration path based on the system's directory structure.
-func UbiosConfPath() string {
-	if st, _ := os.Stat(ubios43ConfPath); st != nil && st.IsDir() {
-		return ubios43ConfPath
-	}
-	return ubios42ConfPath
-}
-
-// UbiosPidFile returns the appropriate dnsmasq pid file based on the system's directory structure.
-func UbiosPidFile() string {
-	if st, _ := os.Stat(ubios43PidFile); st != nil && !st.IsDir() {
-		return ubios43PidFile
-	}
-	return ubios42PidFile
-}
--- a/internal/router/edgeos/edgeos.go
+++ b/internal/router/edgeos/edgeos.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"strings"

 	"github.com/kardianos/service"
@@ -182,7 +181,7 @@ func ContentFilteringEnabled() bool {
 // DnsShieldEnabled reports whether DNS Shield is enabled.
 // See: https://community.ui.com/releases/UniFi-OS-Dream-Machines-3-2-7/251dfc1e-f4dd-4264-a080-3be9d8b9e02b
 func DnsShieldEnabled() bool {
-	buf, err := os.ReadFile(filepath.Join(dnsmasq.UbiosConfPath(), "dns.conf"))
+	buf, err := os.ReadFile("/var/run/dnsmasq.conf.d/dns.conf")
 	if err != nil {
 		return false
 	}
--- a/internal/router/merlin/merlin.go
+++ b/internal/router/merlin/merlin.go
@@ -6,7 +6,6 @@ import (
 	"io"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"strings"
 	"time"
 	"unicode"
@@ -21,18 +20,10 @@ import (

 const Name = "merlin"

-// nvramKvMap is a map of NVRAM key-value pairs used to configure and manage Merlin-specific settings.
 var nvramKvMap = map[string]string{
 	"dnspriv_enable": "0", // Ensure Merlin native DoT disabled.
 }

-// dnsmasqConfig represents configuration paths for dnsmasq operations in Merlin firmware.
-type dnsmasqConfig struct {
-	confPath     string
-	jffsConfPath string
-}
-
-// Merlin represents a configuration handler for setting up and managing ctrld on Merlin routers.
 type Merlin struct {
 	cfg *ctrld.Config
 }
@@ -42,22 +33,18 @@ func New(cfg *ctrld.Config) *Merlin {
 	return &Merlin{cfg: cfg}
 }

-// ConfigureService configures the service based on the provided configuration. It returns an error if the configuration fails.
 func (m *Merlin) ConfigureService(config *service.Config) error {
 	return nil
 }

-// Install sets up the necessary configurations and services required for the Merlin instance to function properly.
 func (m *Merlin) Install(_ *service.Config) error {
 	return nil
 }

-// Uninstall removes the ctrld-related configurations and services from the Merlin router and reverts to the original state.
 func (m *Merlin) Uninstall(_ *service.Config) error {
 	return nil
 }

-// PreRun prepares the Merlin instance for operation by waiting for essential services and directories to become available.
 func (m *Merlin) PreRun() error {
 	// Wait NTP ready.
 	_ = m.Cleanup()
@@ -79,7 +66,6 @@ func (m *Merlin) PreRun() error {
 	return nil
 }

-// Setup initializes and configures the Merlin instance for use, including setting up dnsmasq and necessary nvram settings.
 func (m *Merlin) Setup() error {
 	if m.cfg.FirstListener().IsDirectDnsListener() {
 		return nil
@@ -93,10 +79,35 @@ func (m *Merlin) Setup() error {
 		return err
 	}

-	for _, cfg := range getDnsmasqConfigs() {
-		if err := m.setupDnsmasq(cfg); err != nil {
-			return fmt.Errorf("failed to setup dnsmasq: config: %s, error: %w", cfg.confPath, err)
-		}
+	// Copy current dnsmasq config to /jffs/configs/dnsmasq.conf,
+	// Then we will run postconf script on this file.
+	//
+	// Normally, adding postconf script is enough. However, we see
+	// reports on some Merlin devices that postconf scripts does not
+	// work, but manipulating the config directly via /jffs/configs does.
+	src, err := os.Open(dnsmasq.MerlinConfPath)
+	if err != nil {
+		return fmt.Errorf("failed to open dnsmasq config: %w", err)
+	}
+	defer src.Close()
+
+	dst, err := os.Create(dnsmasq.MerlinJffsConfPath)
+	if err != nil {
+		return fmt.Errorf("failed to create %s: %w", dnsmasq.MerlinJffsConfPath, err)
+	}
+	defer dst.Close()
+
+	if _, err := io.Copy(dst, src); err != nil {
+		return fmt.Errorf("failed to copy current dnsmasq config: %w", err)
+	}
+	if err := dst.Close(); err != nil {
+		return fmt.Errorf("failed to save %s: %w", dnsmasq.MerlinJffsConfPath, err)
+	}
+
+	// Run postconf script on /jffs/configs/dnsmasq.conf directly.
+	cmd := exec.Command("/bin/sh", dnsmasq.MerlinPostConfPath, dnsmasq.MerlinJffsConfPath)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		return fmt.Errorf("failed to run post conf: %s: %w", string(out), err)
 	}

 	// Restart dnsmasq service.
@@ -111,7 +122,6 @@ func (m *Merlin) Setup() error {
 	return nil
 }

-// Cleanup restores the original dnsmasq and nvram configurations and restarts dnsmasq if necessary.
 func (m *Merlin) Cleanup() error {
 	if m.cfg.FirstListener().IsDirectDnsListener() {
 		return nil
@@ -133,11 +143,9 @@ func (m *Merlin) Cleanup() error {
 	if err := os.WriteFile(dnsmasq.MerlinPostConfPath, merlinParsePostConf(buf), 0750); err != nil {
 		return err
 	}
-
-	for _, cfg := range getDnsmasqConfigs() {
-		if err := m.cleanupDnsmasqJffs(cfg); err != nil {
-			return fmt.Errorf("failed to cleanup jffs dnsmasq: config: %s, error: %w", cfg.confPath, err)
-		}
+	// Remove /jffs/configs/dnsmasq.conf file.
+	if err := os.Remove(dnsmasq.MerlinJffsConfPath); err != nil && !os.IsNotExist(err) {
+		return err
 	}
 	// Restart dnsmasq service.
 	if err := restartDNSMasq(); err != nil {
@@ -146,54 +154,6 @@ func (m *Merlin) Cleanup() error {
 	return nil
 }

-// setupDnsmasq sets up dnsmasq configuration by writing postconf, copying configuration, and running a postconf script.
-func (m *Merlin) setupDnsmasq(cfg *dnsmasqConfig) error {
-	src, err := os.Open(cfg.confPath)
-	if os.IsNotExist(err) {
-		return nil // nothing to do if conf file does not exist.
-	}
-	if err != nil {
-		return fmt.Errorf("failed to open dnsmasq config: %w", err)
-	}
-	defer src.Close()
-
-	// Copy current dnsmasq config to cfg.jffsConfPath,
-	// Then we will run postconf script on this file.
-	//
-	// Normally, adding postconf script is enough. However, we see
-	// reports on some Merlin devices that postconf scripts does not
-	// work, but manipulating the config directly via /jffs/configs does.
-	dst, err := os.Create(cfg.jffsConfPath)
-	if err != nil {
-		return fmt.Errorf("failed to create %s: %w", cfg.jffsConfPath, err)
-	}
-	defer dst.Close()
-
-	if _, err := io.Copy(dst, src); err != nil {
-		return fmt.Errorf("failed to copy current dnsmasq config: %w", err)
-	}
-	if err := dst.Close(); err != nil {
-		return fmt.Errorf("failed to save %s: %w", cfg.jffsConfPath, err)
-	}
-
-	// Run postconf script on cfg.jffsConfPath directly.
-	cmd := exec.Command("/bin/sh", dnsmasq.MerlinPostConfPath, cfg.jffsConfPath)
-	if out, err := cmd.CombinedOutput(); err != nil {
-		return fmt.Errorf("failed to run post conf: %s: %w", string(out), err)
-	}
-	return nil
-}
-
-// cleanupDnsmasqJffs removes the JFFS configuration file specified in the given dnsmasqConfig, if it exists.
-func (m *Merlin) cleanupDnsmasqJffs(cfg *dnsmasqConfig) error {
-	// Remove cfg.jffsConfPath file.
-	if err := os.Remove(cfg.jffsConfPath); err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	return nil
-}
-
-// writeDnsmasqPostconf writes the requireddnsmasqConfigs post-configuration for dnsmasq to enable custom DNS settings with ctrld.
 func (m *Merlin) writeDnsmasqPostconf() error {
 	buf, err := os.ReadFile(dnsmasq.MerlinPostConfPath)
 	// Already setup.
@@ -219,8 +179,6 @@ func (m *Merlin) writeDnsmasqPostconf() error {
 	return os.WriteFile(dnsmasq.MerlinPostConfPath, []byte(data), 0750)
 }

-// restartDNSMasq restarts the dnsmasq service by executing the appropriate system command using "service".
-// Returns an error if the command fails or if there is an issue processing the command output.
 func restartDNSMasq() error {
 	if out, err := exec.Command("service", "restart_dnsmasq").CombinedOutput(); err != nil {
 		return fmt.Errorf("restart_dnsmasq: %s, %w", string(out), err)
@@ -228,22 +186,6 @@ func restartDNSMasq() error {
 	return nil
 }

-// getDnsmasqConfigs retrieves a list of dnsmasqConfig containing configuration and JFFS paths for dnsmasq operations.
-func getDnsmasqConfigs() []*dnsmasqConfig {
-	cfgs := []*dnsmasqConfig{
-		{dnsmasq.MerlinConfPath, dnsmasq.MerlinJffsConfPath},
-	}
-	for _, path := range dnsmasq.AdditionalConfigFiles() {
-		jffsConfPath := filepath.Join(dnsmasq.MerlinJffsConfDir, filepath.Base(path))
-		cfgs = append(cfgs, &dnsmasqConfig{path, jffsConfPath})
-	}
-
-	return cfgs
-}
-
-// merlinParsePostConf parses the dnsmasq post configuration by removing content after the MerlinPostConfMarker, if present.
-// If no marker is found, the original buffer is returned unmodified.
-// Returns nil if the input buffer is empty.
 func merlinParsePostConf(buf []byte) []byte {
 	if len(buf) == 0 {
 		return nil
@@ -255,7 +197,6 @@ func merlinParsePostConf(buf []byte) []byte {
 	return buf
 }

-// waitDirExists waits until the specified directory exists, polling its existence every second.
 func waitDirExists(dir string) {
 	for {
 		if _, err := os.Stat(dir); !os.IsNotExist(err) {
--- a/internal/router/service_ubios.go
+++ b/internal/router/service_ubios.go
@@ -13,13 +13,14 @@ import (
 	"time"

 	"github.com/kardianos/service"
-
-	"github.com/Control-D-Inc/ctrld/internal/router/dnsmasq"
 )

 // This is a copy of https://github.com/kardianos/service/blob/v1.2.1/service_sysv_linux.go,
 // with modification for supporting ubios v1 init system.

+// Keep in sync with ubios.ubiosDNSMasqConfigPath
+const ubiosDNSMasqConfigPath = "/run/dnsmasq.conf.d/zzzctrld.conf"
+
 type ubiosSvc struct {
 	i        service.Interface
 	platform string
@@ -85,7 +86,7 @@ func (s *ubiosSvc) Install() error {
 	}{
 		s.Config,
 		path,
-		filepath.Join(dnsmasq.UbiosConfPath(), dnsmasq.UbiosConfName),
+		ubiosDNSMasqConfigPath,
 	}

 	if err := s.template().Execute(f, to); err != nil {
--- a/internal/router/ubios/ubios.go
+++ b/internal/router/ubios/ubios.go
@@ -3,7 +3,6 @@ package ubios
 import (
 	"bytes"
 	"os"
-	"path/filepath"
 	"strconv"

 	"github.com/kardianos/service"
@@ -13,19 +12,19 @@ import (
 	"github.com/Control-D-Inc/ctrld/internal/router/edgeos"
 )

-const Name = "ubios"
+const (
+	Name                      = "ubios"
+	ubiosDNSMasqConfigPath    = "/run/dnsmasq.conf.d/zzzctrld.conf"
+	ubiosDNSMasqDnsConfigPath = "/run/dnsmasq.conf.d/dns.conf"
+)

 type Ubios struct {
-	cfg             *ctrld.Config
-	dnsmasqConfPath string
+	cfg *ctrld.Config
 }

 // New returns a router.Router for configuring/setup/run ctrld on Ubios routers.
 func New(cfg *ctrld.Config) *Ubios {
-	return &Ubios{
-		cfg:             cfg,
-		dnsmasqConfPath: filepath.Join(dnsmasq.UbiosConfPath(), dnsmasq.UbiosConfName),
-	}
+	return &Ubios{cfg: cfg}
 }

 func (u *Ubios) ConfigureService(config *service.Config) error {
@@ -60,7 +59,7 @@ func (u *Ubios) Setup() error {
 	if err != nil {
 		return err
 	}
-	if err := os.WriteFile(u.dnsmasqConfPath, []byte(data), 0600); err != nil {
+	if err := os.WriteFile(ubiosDNSMasqConfigPath, []byte(data), 0600); err != nil {
 		return err
 	}
 	// Restart dnsmasq service.
@@ -75,7 +74,7 @@ func (u *Ubios) Cleanup() error {
 		return nil
 	}
 	// Remove the custom dnsmasq config
-	if err := os.Remove(u.dnsmasqConfPath); err != nil {
+	if err := os.Remove(ubiosDNSMasqConfigPath); err != nil {
 		return err
 	}
 	// Restart dnsmasq service.
@@ -86,7 +85,7 @@ func (u *Ubios) Cleanup() error {
 }

 func restartDNSMasq() error {
-	buf, err := os.ReadFile(dnsmasq.UbiosPidFile())
+	buf, err := os.ReadFile("/run/dnsmasq.pid")
 	if err != nil {
 		return err
 	}
--- a/nameservers_windows.go
+++ b/nameservers_windows.go
@@ -23,17 +23,20 @@ import (
 )

 const (
-	maxDNSAdapterRetries     = 5
-	retryDelayDNSAdapter     = 1 * time.Second
-	defaultDNSAdapterTimeout = 10 * time.Second
-	minDNSServers            = 1 // Minimum number of DNS servers we want to find
-
-	DS_FORCE_REDISCOVERY          = 0x00000001
-	DS_DIRECTORY_SERVICE_REQUIRED = 0x00000010
-	DS_BACKGROUND_ONLY            = 0x00000100
-	DS_IP_REQUIRED                = 0x00000200
-	DS_IS_DNS_NAME                = 0x00020000
-	DS_RETURN_DNS_NAME            = 0x40000000
+	maxDNSAdapterRetries                 = 5
+	retryDelayDNSAdapter                 = 1 * time.Second
+	defaultDNSAdapterTimeout             = 10 * time.Second
+	minDNSServers                        = 1 // Minimum number of DNS servers we want to find
+	NetSetupUnknown               uint32 = 0
+	NetSetupWorkgroup             uint32 = 1
+	NetSetupDomain                uint32 = 2
+	NetSetupCloudDomain           uint32 = 3
+	DS_FORCE_REDISCOVERY                 = 0x00000001
+	DS_DIRECTORY_SERVICE_REQUIRED        = 0x00000010
+	DS_BACKGROUND_ONLY                   = 0x00000100
+	DS_IP_REQUIRED                       = 0x00000200
+	DS_IS_DNS_NAME                       = 0x00020000
+	DS_RETURN_DNS_NAME                   = 0x40000000
 )

 type DomainControllerInfo struct {
@@ -155,7 +158,7 @@ func getDNSServers(ctx context.Context) ([]string, error) {
 					0,                                    // DomainGuid - not needed
 					0,                                    // SiteName - not needed
 					uintptr(flags),                       // Flags
-					uintptr(unsafe.Pointer(&info)))       // DomainControllerInfo - output
+					uintptr(unsafe.Pointer(&info))) // DomainControllerInfo - output

 				if ret != 0 {
 					switch ret {
@@ -340,28 +343,27 @@ func checkDomainJoined() bool {
 	var domain *uint16
 	var status uint32

-	if err := windows.NetGetJoinInformation(nil, &domain, &status); err != nil {
-		Log(context.Background(), logger.Debug(), "Failed to get domain join status: %v", err)
+	err := windows.NetGetJoinInformation(nil, &domain, &status)
+	if err != nil {
+		Log(context.Background(), logger.Debug(),
+			"Failed to get domain join status: %v", err)
 		return false
 	}
 	defer windows.NetApiBufferFree((*byte)(unsafe.Pointer(domain)))

-	// NETSETUP_JOIN_STATUS constants from Microsoft Windows API
-	// See: https://learn.microsoft.com/en-us/windows/win32/api/lmjoin/ne-lmjoin-netsetup_join_status
-	//
-	// NetSetupUnknownStatus         uint32 = 0 // The status is unknown
-	// NetSetupUnjoined              uint32 = 1 // The computer is not joined to a domain or workgroup
-	// NetSetupWorkgroupName         uint32 = 2 // The computer is joined to a workgroup
-	// NetSetupDomainName            uint32 = 3 // The computer is joined to a domain
-	//
-	// We only care about NetSetupDomainName.
 	domainName := windows.UTF16PtrToString(domain)
 	Log(context.Background(), logger.Debug(),
-		"Domain join status: domain=%s status=%d (UnknownStatus=0, Unjoined=1, WorkgroupName=2, DomainName=3)",
+		"Domain join status: domain=%s status=%d (Unknown=0, Workgroup=1, Domain=2, CloudDomain=3)",
 		domainName, status)

-	isDomain := status == syscall.NetSetupDomainName
-	Log(context.Background(), logger.Debug(), "Is domain joined? status=%d, result=%v", status, isDomain)
+	// Consider domain or cloud domain as domain-joined
+	isDomain := status == NetSetupDomain || status == NetSetupCloudDomain
+	Log(context.Background(), logger.Debug(),
+		"Is domain joined? status=%d, traditional=%v, cloud=%v, result=%v",
+		status,
+		status == NetSetupDomain,
+		status == NetSetupCloudDomain,
+		isDomain)

 	return isDomain
 }
--- a/resolver_test.go
+++ b/resolver_test.go
@@ -282,35 +282,6 @@ func Test_Edns0_CacheReply(t *testing.T) {
 	}
 }

-// https://github.com/Control-D-Inc/ctrld/issues/255
-func Test_legacyResolverWithBigExtraSection(t *testing.T) {
-	lanPC, err := net.ListenPacket("udp", "127.0.0.1:0") // 127.0.0.1 is considered LAN (loopback)
-	if err != nil {
-		t.Fatalf("failed to listen on LAN address: %v", err)
-	}
-	lanServer, lanAddr, err := runLocalPacketConnTestServer(t, lanPC, bigExtraSectionHandler())
-	if err != nil {
-		t.Fatalf("failed to run LAN test server: %v", err)
-	}
-	defer lanServer.Shutdown()
-
-	uc := &UpstreamConfig{
-		Name:     "Legacy",
-		Type:     ResolverTypeLegacy,
-		Endpoint: lanAddr,
-	}
-	uc.Init()
-	r, err := NewResolver(uc)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = r.Resolve(context.Background(), uc.VerifyMsg())
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
 func Test_upstreamTypeFromEndpoint(t *testing.T) {
 	tests := []struct {
 		name         string
@@ -399,68 +370,6 @@ func countHandler(call *atomic.Int64) dns.HandlerFunc {
 	}
 }

-func mustRR(s string) dns.RR {
-	r, err := dns.NewRR(s)
-	if err != nil {
-		panic(err)
-	}
-	return r
-}
-
-func bigExtraSectionHandler() dns.HandlerFunc {
-	return func(w dns.ResponseWriter, msg *dns.Msg) {
-		m := &dns.Msg{
-			Answer: []dns.RR{
-				mustRR(".			7149	IN	NS	m.root-servers.net."),
-				mustRR(".			7149	IN	NS	c.root-servers.net."),
-				mustRR(".			7149	IN	NS	e.root-servers.net."),
-				mustRR(".			7149	IN	NS	j.root-servers.net."),
-				mustRR(".			7149	IN	NS	g.root-servers.net."),
-				mustRR(".			7149	IN	NS	k.root-servers.net."),
-				mustRR(".			7149	IN	NS	l.root-servers.net."),
-				mustRR(".			7149	IN	NS	d.root-servers.net."),
-				mustRR(".			7149	IN	NS	h.root-servers.net."),
-				mustRR(".			7149	IN	NS	b.root-servers.net."),
-				mustRR(".			7149	IN	NS	a.root-servers.net."),
-				mustRR(".			7149	IN	NS	f.root-servers.net."),
-				mustRR(".			7149	IN	NS	i.root-servers.net."),
-			},
-			Extra: []dns.RR{
-				mustRR("m.root-servers.net.	656	IN	A	202.12.27.33"),
-				mustRR("m.root-servers.net.	656	IN	AAAA	2001:dc3::35"),
-				mustRR("c.root-servers.net.	656	IN	A	192.33.4.12"),
-				mustRR("c.root-servers.net.	656	IN	AAAA	2001:500:2::c"),
-				mustRR("e.root-servers.net.	656	IN	A	192.203.230.10"),
-				mustRR("e.root-servers.net.	656	IN	AAAA	2001:500:a8::e"),
-				mustRR("j.root-servers.net.	656	IN	A	192.58.128.30"),
-				mustRR("j.root-servers.net.	656	IN	AAAA	2001:503:c27::2:30"),
-				mustRR("g.root-servers.net.	656	IN	A	192.112.36.4"),
-				mustRR("g.root-servers.net.	656	IN	AAAA	2001:500:12::d0d"),
-				mustRR("k.root-servers.net.	656	IN	A	193.0.14.129"),
-				mustRR("k.root-servers.net.	656	IN	AAAA	2001:7fd::1"),
-				mustRR("l.root-servers.net.	656	IN	A	199.7.83.42"),
-				mustRR("l.root-servers.net.	656	IN	AAAA	2001:500:9f::42"),
-				mustRR("d.root-servers.net.	656	IN	A	199.7.91.13"),
-				mustRR("d.root-servers.net.	656	IN	AAAA	2001:500:2d::d"),
-				mustRR("h.root-servers.net.	656	IN	A	198.97.190.53"),
-				mustRR("h.root-servers.net.	656	IN	AAAA	2001:500:1::53"),
-				mustRR("b.root-servers.net.	656	IN	A	170.247.170.2"),
-				mustRR("b.root-servers.net.	656	IN	AAAA	2801:1b8:10::b"),
-				mustRR("a.root-servers.net.	656	IN	A	198.41.0.4"),
-				mustRR("a.root-servers.net.	656	IN	AAAA	2001:503:ba3e::2:30"),
-				mustRR("f.root-servers.net.	656	IN	A	192.5.5.241"),
-				mustRR("f.root-servers.net.	656	IN	AAAA	2001:500:2f::f"),
-				mustRR("i.root-servers.net.	656	IN	A	192.36.148.17"),
-				mustRR("i.root-servers.net.	656	IN	AAAA	2001:7fe::53"),
-			},
-		}
-
-		m.Compress = true
-		m.SetReply(msg)
-		w.WriteMsg(m)
-	}
-}
-
 func generateEdns0ClientCookie() string {
 	cookie := make([]byte, 8)
 	if _, err := rand.Read(cookie); err != nil {