From 7cc9ae66202219b2fe7b13f04b35aad57aa9fe13 Mon Sep 17 00:00:00 2001
From: Razvan Dimescu <ssaricu@gmail.com>
Date: Sat, 11 Apr 2026 01:39:15 +0300
Subject: [PATCH] chore: document multi-forwarder and cache warming in config
 and README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 2 ++
 numa.toml | 8 +++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 69ecd80..44b8aa4 100644
--- a/README.md
+++ b/README.md
@@ -139,6 +139,8 @@ From Machine B: `curl http://api.numa` → proxied to Machine A's port 8000. Ena
 - [x] DNS-over-TLS listener — encrypted client connections (RFC 7858, ALPN strict)
 - [x] Recursive resolution + DNSSEC — chain-of-trust, NSEC/NSEC3
 - [x] SRTT-based nameserver selection
+- [x] Multi-forwarder failover — multiple upstreams with SRTT ranking, fallback pool
+- [x] Cache warming — proactive resolution for configured domains
 - [x] Mobile onboarding — `setup-phone` QR flow, mobile API, mobileconfig profiles
 - [ ] pkarr integration — self-sovereign DNS via Mainline DHT
 - [ ] Global `.numa` names — DHT-backed, no registrar
diff --git a/numa.toml b/numa.toml
index 4389fdb..5ca95f8 100644
--- a/numa.toml
+++ b/numa.toml
@@ -12,10 +12,11 @@ api_port = 5380
 # [upstream]
 # mode = "forward"                              # "forward" (default) — relay to upstream
 #                                               # "recursive" — resolve from root hints (no address needed)
+# address = "9.9.9.9"                           # single upstream (plain UDP)
+# address = ["192.168.1.1", "9.9.9.9:5353"]    # multiple upstreams — SRTT picks fastest
 # address = "https://dns.quad9.net/dns-query"   # DNS-over-HTTPS (encrypted)
-# address = "https://cloudflare-dns.com/dns-query"  # Cloudflare DoH
-# address = "9.9.9.9"                           # plain UDP
-# port = 53                                     # only for forward mode, plain UDP
+# fallback = ["8.8.8.8", "1.1.1.1"]            # tried only when all primaries fail
+# port = 53                                     # default port for addresses without :port
 # timeout_ms = 3000
 # root_hints = [                                # only used in recursive mode
 #     "198.41.0.4",      # a.root-servers.net (Verisign)
@@ -54,6 +55,7 @@ api_port = 5380
 max_entries = 10000
 min_ttl = 60
 max_ttl = 86400
+# warm = ["google.com", "github.com"]  # resolve at startup, refresh before TTL expiry
 
 [proxy]
 enabled = true