fix: macOS install health check, harden recursive probe

Verify numa is listening (API port) before redirecting system DNS on macOS — if the service fails to start (e.g. port 53 in use), unload the service and abort instead of breaking DNS. Probe up to 3 root hints before declaring recursive mode unavailable. Validate IPs from resolvectl to avoid IPv6 fragment extraction. Extract DEFAULT_API_PORT constant. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 06:54:30 +03:00
parent f1266ee263
commit da7bb3fb69
4 changed files with 36 additions and 17 deletions
--- a/src/recursive.rs
+++ b/src/recursive.rs
@@ -65,18 +65,19 @@ pub async fn probe_udp(root_hints: &[SocketAddr]) {
    }
 }

-/// Probe whether recursive resolution works by querying a root server.
+/// Probe whether recursive resolution works by querying root servers.
+/// Tries up to 3 hints before declaring failure.
 pub async fn probe_recursive(root_hints: &[SocketAddr]) -> bool {
-    let hint = match root_hints.first() {
-        Some(h) => *h,
-        None => return false,
-    };
    let mut probe = DnsPacket::query(next_id(), ".", QueryType::NS);
    probe.header.recursion_desired = false;
-    match forward_udp(&probe, hint, Duration::from_secs(3)).await {
-        Ok(resp) => !resp.answers.is_empty() || !resp.authorities.is_empty(),
-        Err(_) => false,
+    for hint in root_hints.iter().take(3) {
+        if let Ok(resp) = forward_udp(&probe, *hint, Duration::from_secs(3)).await {
+            if !resp.answers.is_empty() || !resp.authorities.is_empty() {
+                return true;
+            }
+        }
    }
+    false
 }

 pub async fn prime_tld_cache(