feat: Windows DNS configuration via netsh (#28)

* feat: Windows DNS configuration via netsh numa install/uninstall now set/restore system DNS on Windows via netsh. Parses ipconfig /all per-interface (adapter name, DHCP status, DNS servers), saves backup to %APPDATA%\numa\original-dns.json, and restores on uninstall (DHCP or static with secondary servers). Handles localization (German adapter/DHCP/DNS labels), disconnected adapters, multiple interfaces, and missing admin privileges. Adds IP validation to discover_windows() for consistency. No Windows Service or CA trust yet — user runs numa in a terminal. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ci: add cargo test to Windows CI job Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci: upload Windows binary as artifact for testing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: SRTT decay tests panic on Windows due to Instant underflow On Windows, Instant starts near boot time — subtracting large durations panics. Use checked_sub with a process-start fallback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: SRTT decay tests use binary search for max Instant age Replace age() helper with set_age_secs() on SrttCache that binary-searches for the maximum subtractable duration. Prevents panic on Windows (Instant starts at boot) while still producing the oldest representable instant for correct decay calculations. Also removes ephemeral test-ubuntu.sh from git. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: use ProgramData for Windows DNS backup path APPDATA differs between user and admin contexts — install runs as admin but uninstall might resolve a different APPDATA. Use ProgramData which is consistent across elevation contexts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: disable Dnscache on Windows install, re-enable on uninstall Windows DNS Client (Dnscache) holds port 53 at kernel level and can't be stopped via sc/net stop. Disable via registry during install (requires reboot), re-enable on uninstall. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: rewrite SRTT decay tests as pure functions Decay tests manipulated Instant timestamps which panics on Windows (Instant can't go before boot time). Rewrite to test decay_for_age() directly — a pure function taking srtt_ms and age_secs, no platform dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: use Quad9 IP (9.9.9.9) for DoH fallback, not hostname DoH to dns.quad9.net requires DNS to resolve the hostname, which creates a chicken-and-egg loop when numa IS the system resolver (e.g. after numa install on Windows). Using the IP directly avoids the bootstrap dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: extract DOH_FALLBACK constant Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: extract QUAD9_IP constant Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: remove dead test helpers, fix constant placement Remove unused get_srtt_ms() and saturated_penalty_cache() left over from SRTT test rewrite. Move QUAD9_IP/DOH_FALLBACK after use block. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: ignore ConnectionReset on UDP socket (Windows ICMP error) Windows delivers ICMP port-unreachable as ConnectionReset on the next UDP recv_from, crashing numa. Linux/macOS silently ignore these. Catch and continue the recv loop. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: auto-start numa on Windows boot via registry Run key Without a Windows Service, rebooting after numa install leaves DNS broken (pointing at 127.0.0.1 with nothing listening). Register numa in HKLM\...\Run so it starts automatically. Removed on uninstall. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update README, Windows plan, and launch drafts for Windows support - README: platform-specific Quick Start, install/uninstall table - Windows plan: Phase 2 complete, Phase 3 scoped - Launch drafts: updated "Does it support Windows?" response Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: remove docs from git tracking (already gitignored) docs/ is in .gitignore but files were force-added. Remove from tracking — files remain on disk. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-01 18:17:52 +03:00
parent 7f46f6271e
commit 0b883d1c0d
5 changed files with 475 additions and 76 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -20,6 +20,9 @@ use numa::system_dns::{
    discover_system_dns, install_service, restart_service, service_status, uninstall_service,
 };

+const QUAD9_IP: &str = "9.9.9.9";
+const DOH_FALLBACK: &str = "https://9.9.9.9/dns-query";
+
 #[tokio::main]
 async fn main() -> numa::Result<()> {
    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("info"))
@@ -126,7 +129,7 @@ async fn main() -> numa::Result<()> {
                    .use_rustls_tls()
                    .build()
                    .unwrap_or_default();
-                let url = "https://dns.quad9.net/dns-query".to_string();
+                let url = DOH_FALLBACK.to_string();
                let label = url.clone();
                (
                    numa::config::UpstreamMode::Forward,
@@ -152,7 +155,7 @@ async fn main() -> numa::Result<()> {
                    .or_else(numa::system_dns::detect_dhcp_dns)
                    .unwrap_or_else(|| {
                        info!("could not detect system DNS, falling back to Quad9 DoH");
-                        "https://dns.quad9.net/dns-query".to_string()
+                        DOH_FALLBACK.to_string()
                    })
            } else {
                config.upstream.address.clone()
@@ -478,7 +481,14 @@ async fn main() -> numa::Result<()> {
    #[allow(clippy::infinite_loop)]
    loop {
        let mut buffer = BytePacketBuffer::new();
-        let (_, src_addr) = ctx.socket.recv_from(&mut buffer.buf).await?;
+        let (_, src_addr) = match ctx.socket.recv_from(&mut buffer.buf).await {
+            Ok(r) => r,
+            Err(e) if e.kind() == std::io::ErrorKind::ConnectionReset => {
+                // Windows delivers ICMP port-unreachable as ConnectionReset on UDP sockets
+                continue;
+            }
+            Err(e) => return Err(e.into()),
+        };

        let ctx = Arc::clone(&ctx);
        tokio::spawn(async move {
@@ -521,7 +531,7 @@ async fn network_watch_loop(ctx: Arc<numa::ctx::ServerCtx>) {
            let new_addr = dns_info
                .default_upstream
                .or_else(numa::system_dns::detect_dhcp_dns)
-                .unwrap_or_else(|| "9.9.9.9".to_string());
+                .unwrap_or_else(|| QUAD9_IP.to_string());
            if let Ok(new_sock) =
                format!("{}:{}", new_addr, ctx.upstream_port).parse::<SocketAddr>()
            {