fix: accept tls:// and https:// in [[forwarding]] upstreams

Config-level forwarding rules were parsed with the UDP-only `parse_upstream_addr` helper, silently rejecting the DoT/DoH schemes that the rest of the forwarding pipeline already supports. Widen `ForwardingRule.upstream` from `SocketAddr` to `Upstream` so config rules reuse the same parser as `[upstream].address` and `fallback`. Demote `parse_upstream_addr` to `pub(crate)` to prevent the same mistake recurring. Closes #100.
2026-04-14 09:22:24 +03:00
parent 9a85e271ec
commit b4b939c78b
5 changed files with 75 additions and 15 deletions
--- a/numa.toml
+++ b/numa.toml
@@ -58,6 +58,14 @@ api_port = 5380
 # [[forwarding]]
 # suffix = ["home.local", "home.arpa"]             # multiple suffixes → same upstream
 # upstream = "10.0.0.1"                            # port 53 default
+#
+# [[forwarding]]                                    # DoT upstream: tls://IP[:port]#hostname
+# suffix = ["google.com", "goog"]                   # hostname is the TLS SNI / cert name
+# upstream = "tls://9.9.9.9#dns.quad9.net"          # port 853 default
+#
+# [[forwarding]]                                    # DoH upstream: full https:// URL
+# suffix = "example.corp"
+# upstream = "https://dns.quad9.net/dns-query"

 # [blocking]
 # enabled = true               # set to false to disable ad blocking