From 4645df50e0c4cb201576390a2b979137b4932f11 Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 12:24:03 +0200 Subject: [PATCH 01/15] add Linux systemd service and DNS configuration Linux: - numa install: backs up /etc/resolv.conf, sets nameserver to 127.0.0.1 - numa uninstall: restores original /etc/resolv.conf from backup - numa service start: installs systemd unit, enables + starts - numa service stop: stops, disables, removes unit file - numa service status: shows systemctl status macOS: launchd plist (already working) Both platforms: Restart=always / KeepAlive=true for crash recovery. Co-Authored-By: Claude Opus 4.6 --- com.numa.dns.plist | 20 ++++ numa.service | 16 +++ src/system_dns.rs | 248 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 278 insertions(+), 6 deletions(-) create mode 100644 com.numa.dns.plist create mode 100644 numa.service diff --git a/com.numa.dns.plist b/com.numa.dns.plist new file mode 100644 index 0000000..4ef561c --- /dev/null +++ b/com.numa.dns.plist @@ -0,0 +1,20 @@ + + + + + Label + com.numa.dns + ProgramArguments + + /usr/local/bin/numa + + RunAtLoad + + KeepAlive + + StandardOutPath + /usr/local/var/log/numa.log + StandardErrorPath + /usr/local/var/log/numa.log + + diff --git a/numa.service b/numa.service new file mode 100644 index 0000000..50b0909 --- /dev/null +++ b/numa.service @@ -0,0 +1,16 @@ +[Unit] +Description=Numa DNS — DNS you own, everywhere you go +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +ExecStart=/usr/local/bin/numa +Restart=always +RestartSec=2 +StandardOutput=journal +StandardError=journal +SyslogIdentifier=numa + +[Install] +WantedBy=multi-user.target diff --git a/src/system_dns.rs b/src/system_dns.rs index 3e9d4e6..564dca4 100644 --- a/src/system_dns.rs +++ b/src/system_dns.rs @@ -315,17 +315,253 @@ fn uninstall_macos() -> Result<(), String> { Ok(()) } -// --- Linux stubs --- +// --- Service management --- + +#[cfg(target_os = "macos")] +const PLIST_LABEL: &str = "com.numa.dns"; +#[cfg(target_os = "macos")] +const PLIST_DEST: &str = "/Library/LaunchDaemons/com.numa.dns.plist"; +#[cfg(target_os = "linux")] +const SYSTEMD_UNIT: &str = "/etc/systemd/system/numa.service"; + +/// Install Numa as a system service that starts on boot and auto-restarts. +pub fn install_service() -> Result<(), String> { + #[cfg(target_os = "macos")] + { + install_service_macos() + } + #[cfg(target_os = "linux")] + { + install_service_linux() + } + #[cfg(not(any(target_os = "macos", target_os = "linux")))] + { + Err("service installation not supported on this OS".to_string()) + } +} + +/// Uninstall the Numa system service. +pub fn uninstall_service() -> Result<(), String> { + #[cfg(target_os = "macos")] + { + uninstall_service_macos() + } + #[cfg(target_os = "linux")] + { + uninstall_service_linux() + } + #[cfg(not(any(target_os = "macos", target_os = "linux")))] + { + Err("service uninstallation not supported on this OS".to_string()) + } +} + +/// Show the service status. +pub fn service_status() -> Result<(), String> { + #[cfg(target_os = "macos")] + { + service_status_macos() + } + #[cfg(target_os = "linux")] + { + service_status_linux() + } + #[cfg(not(any(target_os = "macos", target_os = "linux")))] + { + Err("service status not supported on this OS".to_string()) + } +} + +#[cfg(target_os = "macos")] +fn install_service_macos() -> Result<(), String> { + // Check binary exists + if !std::path::Path::new("/usr/local/bin/numa").exists() { + return Err("numa binary not found at /usr/local/bin/numa. Run: sudo cp target/release/numa /usr/local/bin/numa".to_string()); + } + + // Create log directory + std::fs::create_dir_all("/usr/local/var/log") + .map_err(|e| format!("failed to create log dir: {}", e))?; + + // Write plist + let plist = include_str!("../com.numa.dns.plist"); + std::fs::write(PLIST_DEST, plist) + .map_err(|e| format!("failed to write {}: {}", PLIST_DEST, e))?; + + // Load the service + let status = std::process::Command::new("launchctl") + .args(["load", "-w", PLIST_DEST]) + .status() + .map_err(|e| format!("failed to run launchctl: {}", e))?; + + if status.success() { + eprintln!(" Service installed and started."); + eprintln!(" Numa will auto-start on boot and restart if killed."); + eprintln!(" Logs: /usr/local/var/log/numa.log"); + eprintln!(" Run 'sudo numa service stop' to uninstall.\n"); + Ok(()) + } else { + Err("launchctl load failed".to_string()) + } +} + +#[cfg(target_os = "macos")] +fn uninstall_service_macos() -> Result<(), String> { + // Unload the service + let _ = std::process::Command::new("launchctl") + .args(["unload", "-w", PLIST_DEST]) + .status(); + + // Remove plist + if std::path::Path::new(PLIST_DEST).exists() { + std::fs::remove_file(PLIST_DEST) + .map_err(|e| format!("failed to remove {}: {}", PLIST_DEST, e))?; + } + + eprintln!(" Service uninstalled. Numa will no longer auto-start.\n"); + Ok(()) +} + +#[cfg(target_os = "macos")] +fn service_status_macos() -> Result<(), String> { + let output = std::process::Command::new("launchctl") + .args(["list", PLIST_LABEL]) + .output() + .map_err(|e| format!("failed to run launchctl: {}", e))?; + + if output.status.success() { + let text = String::from_utf8_lossy(&output.stdout); + eprintln!(" Numa service is loaded.\n"); + for line in text.lines() { + eprintln!(" {}", line); + } + eprintln!(); + } else { + eprintln!(" Numa service is not installed.\n"); + } + Ok(()) +} + +// --- Linux implementation --- + +#[cfg(target_os = "linux")] +fn backup_path_linux() -> std::path::PathBuf { + let home = std::env::var("HOME") + .map(std::path::PathBuf::from) + .unwrap_or_else(|_| std::path::PathBuf::from("/root")); + let dir = home.join(".numa"); + let _ = std::fs::create_dir_all(&dir); + dir.join("original-resolv.conf") +} #[cfg(target_os = "linux")] fn install_linux() -> Result<(), String> { - Err( - "Linux auto-configuration not yet implemented. Manually set your DNS to 127.0.0.1" - .to_string(), - ) + let backup = backup_path_linux(); + let resolv = std::path::Path::new("/etc/resolv.conf"); + + // Save current resolv.conf + if resolv.exists() { + std::fs::copy(resolv, &backup) + .map_err(|e| format!("failed to backup /etc/resolv.conf: {}", e))?; + eprintln!(" Saved /etc/resolv.conf to {}", backup.display()); + } + + // Write new resolv.conf pointing to Numa + let content = + "# Generated by Numa — run 'sudo numa uninstall' to restore\nnameserver 127.0.0.1\n"; + std::fs::write(resolv, content) + .map_err(|e| format!("failed to write /etc/resolv.conf: {}", e))?; + + eprintln!(" Set /etc/resolv.conf -> nameserver 127.0.0.1"); + eprintln!(" Run 'sudo numa uninstall' to restore.\n"); + Ok(()) } #[cfg(target_os = "linux")] fn uninstall_linux() -> Result<(), String> { - Err("Linux auto-configuration not yet implemented.".to_string()) + let backup = backup_path_linux(); + let resolv = std::path::Path::new("/etc/resolv.conf"); + + if backup.exists() { + std::fs::copy(&backup, resolv) + .map_err(|e| format!("failed to restore /etc/resolv.conf: {}", e))?; + std::fs::remove_file(&backup).ok(); + eprintln!(" Restored /etc/resolv.conf from backup. Backup removed.\n"); + } else { + eprintln!(" No backup found at {}.", backup.display()); + eprintln!(" Manually edit /etc/resolv.conf to restore your DNS.\n"); + } + Ok(()) +} + +#[cfg(target_os = "linux")] +fn install_service_linux() -> Result<(), String> { + if !std::path::Path::new("/usr/local/bin/numa").exists() { + return Err("numa binary not found at /usr/local/bin/numa. Run: sudo cp target/release/numa /usr/local/bin/numa".to_string()); + } + + let unit = include_str!("../numa.service"); + std::fs::write(SYSTEMD_UNIT, unit) + .map_err(|e| format!("failed to write {}: {}", SYSTEMD_UNIT, e))?; + + run_systemctl(&["daemon-reload"])?; + run_systemctl(&["enable", "numa"])?; + run_systemctl(&["start", "numa"])?; + + eprintln!(" Service installed and started."); + eprintln!(" Numa will auto-start on boot and restart if killed."); + eprintln!(" Logs: journalctl -u numa -f"); + eprintln!(" Run 'sudo numa service stop' to uninstall.\n"); + Ok(()) +} + +#[cfg(target_os = "linux")] +fn uninstall_service_linux() -> Result<(), String> { + let _ = run_systemctl(&["stop", "numa"]); + let _ = run_systemctl(&["disable", "numa"]); + + if std::path::Path::new(SYSTEMD_UNIT).exists() { + std::fs::remove_file(SYSTEMD_UNIT) + .map_err(|e| format!("failed to remove {}: {}", SYSTEMD_UNIT, e))?; + } + let _ = run_systemctl(&["daemon-reload"]); + + eprintln!(" Service uninstalled. Numa will no longer auto-start.\n"); + Ok(()) +} + +#[cfg(target_os = "linux")] +fn service_status_linux() -> Result<(), String> { + let output = std::process::Command::new("systemctl") + .args(["status", "numa"]) + .output() + .map_err(|e| format!("failed to run systemctl: {}", e))?; + + let text = String::from_utf8_lossy(&output.stdout); + if text.is_empty() { + eprintln!(" Numa service is not installed.\n"); + } else { + for line in text.lines() { + eprintln!(" {}", line); + } + eprintln!(); + } + Ok(()) +} + +#[cfg(target_os = "linux")] +fn run_systemctl(args: &[&str]) -> Result<(), String> { + let status = std::process::Command::new("systemctl") + .args(args) + .status() + .map_err(|e| format!("systemctl {} failed: {}", args.join(" "), e))?; + if status.success() { + Ok(()) + } else { + Err(format!( + "systemctl {} exited with {}", + args.join(" "), + status + )) + } } From 57c4742f09e5062b4e4bde062268eb65d193bae1 Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 12:32:20 +0200 Subject: [PATCH 02/15] harden Linux DNS config and fix review findings - Detect systemd-resolved: use drop-in config instead of overwriting /etc/resolv.conf (which gets regenerated) - Warn if /etc/resolv.conf is a symlink (NetworkManager, etc.) - Fix TOCTOU: attempt copy/remove directly, handle NotFound - Remove side-effect from backup_path_linux (no eager mkdir) - Fix macOS $HOME fallback: /var/root instead of /tmp - Log warnings on launchctl/systemctl failures instead of silencing - Delete plist before unloading (prevents zombie restarts) - Extract ensure_binary_installed helper on Linux Co-Authored-By: Claude Opus 4.6 --- src/system_dns.rs | 140 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 106 insertions(+), 34 deletions(-) diff --git a/src/system_dns.rs b/src/system_dns.rs index 564dca4..da04cc7 100644 --- a/src/system_dns.rs +++ b/src/system_dns.rs @@ -186,8 +186,9 @@ pub fn uninstall_system_dns() -> Result<(), String> { #[cfg(target_os = "macos")] fn numa_data_dir() -> std::path::PathBuf { let home = std::env::var("HOME") + .or_else(|_| std::env::var("SUDO_USER").map(|u| format!("/Users/{}", u))) .map(std::path::PathBuf::from) - .unwrap_or_else(|_| std::path::PathBuf::from("/tmp")); + .unwrap_or_else(|_| std::path::PathBuf::from("/var/root")); home.join(".numa") } @@ -407,15 +408,23 @@ fn install_service_macos() -> Result<(), String> { #[cfg(target_os = "macos")] fn uninstall_service_macos() -> Result<(), String> { + // Remove plist first so service won't restart on boot even if unload fails + if let Err(e) = std::fs::remove_file(PLIST_DEST) { + if e.kind() != std::io::ErrorKind::NotFound { + return Err(format!("failed to remove {}: {}", PLIST_DEST, e)); + } + } + // Unload the service - let _ = std::process::Command::new("launchctl") + let status = std::process::Command::new("launchctl") .args(["unload", "-w", PLIST_DEST]) .status(); - - // Remove plist - if std::path::Path::new(PLIST_DEST).exists() { - std::fs::remove_file(PLIST_DEST) - .map_err(|e| format!("failed to remove {}: {}", PLIST_DEST, e))?; + if let Ok(s) = status { + if !s.success() { + eprintln!( + " warning: launchctl unload returned non-zero (service may still be running)" + ); + } } eprintln!(" Service uninstalled. Numa will no longer auto-start.\n"); @@ -449,24 +458,63 @@ fn backup_path_linux() -> std::path::PathBuf { let home = std::env::var("HOME") .map(std::path::PathBuf::from) .unwrap_or_else(|_| std::path::PathBuf::from("/root")); - let dir = home.join(".numa"); - let _ = std::fs::create_dir_all(&dir); - dir.join("original-resolv.conf") + home.join(".numa").join("original-resolv.conf") +} + +#[cfg(target_os = "linux")] +fn is_systemd_resolved_active() -> bool { + std::process::Command::new("systemctl") + .args(["is-active", "--quiet", "systemd-resolved"]) + .status() + .map(|s| s.success()) + .unwrap_or(false) } #[cfg(target_os = "linux")] fn install_linux() -> Result<(), String> { - let backup = backup_path_linux(); - let resolv = std::path::Path::new("/etc/resolv.conf"); + // Detect systemd-resolved — direct resolv.conf manipulation won't persist + if is_systemd_resolved_active() { + let resolved_dir = std::path::Path::new("/etc/systemd/resolved.conf.d"); + std::fs::create_dir_all(resolved_dir) + .map_err(|e| format!("failed to create {}: {}", resolved_dir.display(), e))?; - // Save current resolv.conf - if resolv.exists() { - std::fs::copy(resolv, &backup) - .map_err(|e| format!("failed to backup /etc/resolv.conf: {}", e))?; - eprintln!(" Saved /etc/resolv.conf to {}", backup.display()); + let drop_in = resolved_dir.join("numa.conf"); + std::fs::write(&drop_in, "[Resolve]\nDNS=127.0.0.1\nDomains=~.\n") + .map_err(|e| format!("failed to write {}: {}", drop_in.display(), e))?; + + let _ = run_systemctl(&["restart", "systemd-resolved"]); + eprintln!(" systemd-resolved detected."); + eprintln!(" Installed drop-in: {}", drop_in.display()); + eprintln!(" Run 'sudo numa uninstall' to remove.\n"); + return Ok(()); + } + + // Fallback: direct resolv.conf manipulation + let resolv = std::path::Path::new("/etc/resolv.conf"); + let backup = backup_path_linux(); + + // Ensure backup directory exists + if let Some(parent) = backup.parent() { + std::fs::create_dir_all(parent) + .map_err(|e| format!("failed to create {}: {}", parent.display(), e))?; + } + + // Back up current resolv.conf (ignore NotFound) + match std::fs::copy(resolv, &backup) { + Ok(_) => eprintln!(" Saved /etc/resolv.conf to {}", backup.display()), + Err(e) if e.kind() == std::io::ErrorKind::NotFound => {} + Err(e) => return Err(format!("failed to backup /etc/resolv.conf: {}", e)), + } + + if resolv + .symlink_metadata() + .map(|m| m.file_type().is_symlink()) + .unwrap_or(false) + { + eprintln!(" warning: /etc/resolv.conf is a symlink — changes may not persist."); + eprintln!(" Consider using systemd-resolved or NetworkManager instead.\n"); } - // Write new resolv.conf pointing to Numa let content = "# Generated by Numa — run 'sudo numa uninstall' to restore\nnameserver 127.0.0.1\n"; std::fs::write(resolv, content) @@ -479,26 +527,45 @@ fn install_linux() -> Result<(), String> { #[cfg(target_os = "linux")] fn uninstall_linux() -> Result<(), String> { + // Check for systemd-resolved drop-in first + let drop_in = std::path::Path::new("/etc/systemd/resolved.conf.d/numa.conf"); + if drop_in.exists() { + std::fs::remove_file(drop_in) + .map_err(|e| format!("failed to remove {}: {}", drop_in.display(), e))?; + let _ = run_systemctl(&["restart", "systemd-resolved"]); + eprintln!(" Removed systemd-resolved drop-in. DNS restored.\n"); + return Ok(()); + } + + // Fallback: restore resolv.conf from backup let backup = backup_path_linux(); let resolv = std::path::Path::new("/etc/resolv.conf"); - if backup.exists() { - std::fs::copy(&backup, resolv) - .map_err(|e| format!("failed to restore /etc/resolv.conf: {}", e))?; - std::fs::remove_file(&backup).ok(); - eprintln!(" Restored /etc/resolv.conf from backup. Backup removed.\n"); - } else { - eprintln!(" No backup found at {}.", backup.display()); - eprintln!(" Manually edit /etc/resolv.conf to restore your DNS.\n"); + match std::fs::copy(&backup, resolv) { + Ok(_) => { + std::fs::remove_file(&backup).ok(); + eprintln!(" Restored /etc/resolv.conf from backup. Backup removed.\n"); + } + Err(e) if e.kind() == std::io::ErrorKind::NotFound => { + eprintln!(" No backup found at {}.", backup.display()); + eprintln!(" Manually edit /etc/resolv.conf to restore your DNS.\n"); + } + Err(e) => return Err(format!("failed to restore /etc/resolv.conf: {}", e)), + } + Ok(()) +} + +#[cfg(target_os = "linux")] +fn ensure_binary_installed() -> Result<(), String> { + if !std::path::Path::new("/usr/local/bin/numa").exists() { + return Err("numa binary not found at /usr/local/bin/numa. Run: sudo cp target/release/numa /usr/local/bin/numa".to_string()); } Ok(()) } #[cfg(target_os = "linux")] fn install_service_linux() -> Result<(), String> { - if !std::path::Path::new("/usr/local/bin/numa").exists() { - return Err("numa binary not found at /usr/local/bin/numa. Run: sudo cp target/release/numa /usr/local/bin/numa".to_string()); - } + ensure_binary_installed()?; let unit = include_str!("../numa.service"); std::fs::write(SYSTEMD_UNIT, unit) @@ -517,12 +584,17 @@ fn install_service_linux() -> Result<(), String> { #[cfg(target_os = "linux")] fn uninstall_service_linux() -> Result<(), String> { - let _ = run_systemctl(&["stop", "numa"]); - let _ = run_systemctl(&["disable", "numa"]); + if let Err(e) = run_systemctl(&["stop", "numa"]) { + eprintln!(" warning: {}", e); + } + if let Err(e) = run_systemctl(&["disable", "numa"]) { + eprintln!(" warning: {}", e); + } - if std::path::Path::new(SYSTEMD_UNIT).exists() { - std::fs::remove_file(SYSTEMD_UNIT) - .map_err(|e| format!("failed to remove {}: {}", SYSTEMD_UNIT, e))?; + if let Err(e) = std::fs::remove_file(SYSTEMD_UNIT) { + if e.kind() != std::io::ErrorKind::NotFound { + return Err(format!("failed to remove {}: {}", SYSTEMD_UNIT, e)); + } } let _ = run_systemctl(&["daemon-reload"]); From 0658ed73101a7aa2fcbde4e4cff541ee50cb5001 Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 12:41:16 +0200 Subject: [PATCH 03/15] add service management CLI, log path in dashboard footer - numa service start/stop/status commands (launchd + systemd) - Dashboard footer shows log paths (macOS + Linux) and GitHub link - Help text updated with all service commands Co-Authored-By: Claude Opus 4.6 --- site/dashboard.html | 6 ++++++ src/main.rs | 29 ++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/site/dashboard.html b/site/dashboard.html index c39b7c3..e49a840 100644 --- a/site/dashboard.html +++ b/site/dashboard.html @@ -838,5 +838,11 @@ async function allowDomain(domain) { refresh(); setInterval(refresh, 2000); + +
+ Logs: macOS: /usr/local/var/log/numa.log · Linux: journalctl -u numa -f + · GitHub +
+ diff --git a/src/main.rs b/src/main.rs index 95d8719..46d0b4d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -13,7 +13,10 @@ use numa::ctx::{handle_query, ServerCtx}; use numa::override_store::OverrideStore; use numa::query_log::QueryLog; use numa::stats::ServerStats; -use numa::system_dns::{discover_forwarding_rules, install_system_dns, uninstall_system_dns}; +use numa::system_dns::{ + discover_forwarding_rules, install_service, install_system_dns, service_status, + uninstall_service, uninstall_system_dns, +}; #[tokio::main] async fn main() -> numa::Result<()> { @@ -32,14 +35,30 @@ async fn main() -> numa::Result<()> { eprintln!("\x1b[1;38;2;192;98;58mNuma\x1b[0m — restoring system DNS\n"); return uninstall_system_dns().map_err(|e| e.into()); } + "service" => { + let sub = std::env::args().nth(2).unwrap_or_default(); + eprintln!("\x1b[1;38;2;192;98;58mNuma\x1b[0m — service management\n"); + return match sub.as_str() { + "start" => install_service().map_err(|e| e.into()), + "stop" => uninstall_service().map_err(|e| e.into()), + "status" => service_status().map_err(|e| e.into()), + _ => { + eprintln!("Usage: numa service "); + Ok(()) + } + }; + } "help" | "--help" | "-h" => { eprintln!("Usage: numa [command] [config-path]"); eprintln!(); eprintln!("Commands:"); - eprintln!(" (none) Start the DNS server (default)"); - eprintln!(" install Set system DNS to 127.0.0.1 (requires sudo)"); - eprintln!(" uninstall Restore original system DNS settings"); - eprintln!(" help Show this help"); + eprintln!(" (none) Start the DNS server (default)"); + eprintln!(" install Set system DNS to 127.0.0.1 (requires sudo)"); + eprintln!(" uninstall Restore original system DNS settings"); + eprintln!(" service start Install as system service (auto-start on boot)"); + eprintln!(" service stop Uninstall the system service"); + eprintln!(" service status Check if the service is running"); + eprintln!(" help Show this help"); eprintln!(); eprintln!("Config path defaults to numa.toml"); return Ok(()); From 7e29f3cb57ac936951e401f97340d93c46af20e0 Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 12:58:25 +0200 Subject: [PATCH 04/15] add domain check endpoint and dashboard search box MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GET /blocking/check/{domain} — returns whether a domain is blocked, the reason (exact match, parent domain, allowlist, disabled), and the matching rule. Dashboard sidebar has a "Check Domain" search box with inline results and one-click allow button. Co-Authored-By: Claude Opus 4.6 --- site/dashboard.html | 45 ++++++++++++++++++++++++++++++ src/api.rs | 9 ++++++ src/blocklist.rs | 68 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 122 insertions(+) diff --git a/site/dashboard.html b/site/dashboard.html index e49a840..d2b25cd 100644 --- a/site/dashboard.html +++ b/site/dashboard.html @@ -519,6 +519,22 @@ body {
+ +
+
+ Check Domain +
+
+
+
+ + +
+
+ +
+
+
@@ -834,6 +850,35 @@ async function allowDomain(domain) { } catch (err) {} } +async function checkDomain(event) { + event.preventDefault(); + const domain = document.getElementById('checkDomain').value.trim(); + const el = document.getElementById('checkResult'); + if (!domain) return false; + try { + const result = await fetchJSON('/blocking/check/' + encodeURIComponent(domain)); + el.style.display = 'block'; + if (result.blocked) { + el.style.background = 'rgba(181, 68, 58, 0.1)'; + el.style.color = 'var(--rose)'; + el.innerHTML = `Blocked — ${result.reason}` + + (result.matched_rule ? `
Rule: ${result.matched_rule}` : '') + + ` `; + } else { + el.style.background = 'rgba(82, 122, 82, 0.1)'; + el.style.color = 'var(--emerald)'; + el.innerHTML = `Allowed — ${result.reason}` + + (result.matched_rule ? `
Rule: ${result.matched_rule}` : ''); + } + } catch (err) { + el.style.display = 'block'; + el.style.background = 'rgba(181, 68, 58, 0.1)'; + el.style.color = 'var(--rose)'; + el.textContent = 'Error: ' + err.message; + } + return false; +} + // Initial load + polling refresh(); setInterval(refresh, 2000); diff --git a/src/api.rs b/src/api.rs index 148e725..be919bd 100644 --- a/src/api.rs +++ b/src/api.rs @@ -37,6 +37,7 @@ pub fn router(ctx: Arc) -> Router { .route("/blocking/pause", post(blocking_pause)) .route("/blocking/allowlist", get(blocking_allowlist)) .route("/blocking/allowlist", post(blocking_allowlist_add)) + .route("/blocking/check/{domain}", get(blocking_check)) .route( "/blocking/allowlist/{domain}", delete(blocking_allowlist_remove), @@ -532,6 +533,14 @@ async fn blocking_pause( Json(serde_json::json!({ "paused_minutes": req.minutes })) } +async fn blocking_check( + State(ctx): State>, + Path(domain): Path, +) -> Json { + let result = ctx.blocklist.lock().unwrap().check(&domain); + Json(result) +} + async fn blocking_allowlist(State(ctx): State>) -> Json> { let list = ctx.blocklist.lock().unwrap().allowlist(); Json(list) diff --git a/src/blocklist.rs b/src/blocklist.rs index 89ebaee..268270d 100644 --- a/src/blocklist.rs +++ b/src/blocklist.rs @@ -12,6 +12,44 @@ pub struct BlocklistStore { last_refresh: Option, } +#[derive(serde::Serialize)] +pub struct BlockCheckResult { + pub blocked: bool, + pub reason: String, + pub matched_rule: Option, +} + +impl BlockCheckResult { + fn blocked(rule: &str, reason: &str) -> Self { + Self { + blocked: true, + reason: reason.to_string(), + matched_rule: Some(rule.to_string()), + } + } + fn allowed(rule: &str, reason: &str) -> Self { + Self { + blocked: false, + reason: reason.to_string(), + matched_rule: Some(rule.to_string()), + } + } + fn not_blocked() -> Self { + Self { + blocked: false, + reason: "not in blocklist".to_string(), + matched_rule: None, + } + } + fn disabled() -> Self { + Self { + blocked: false, + reason: "blocking is disabled".to_string(), + matched_rule: None, + } + } +} + pub struct BlocklistStats { pub enabled: bool, pub paused: bool, @@ -73,6 +111,36 @@ impl BlocklistStore { false } + /// Check if a domain is blocked and return the reason. + pub fn check(&self, domain: &str) -> BlockCheckResult { + let domain = domain.to_lowercase(); + + if !self.enabled { + return BlockCheckResult::disabled(); + } + + if self.allowlist.contains(&domain) { + return BlockCheckResult::allowed(&domain, "exact match in allowlist"); + } + + if self.domains.contains(&domain) { + return BlockCheckResult::blocked(&domain, "exact match in blocklist"); + } + + let mut d = domain.as_str(); + while let Some(dot) = d.find('.') { + d = &d[dot + 1..]; + if self.allowlist.contains(d) { + return BlockCheckResult::allowed(d, "parent domain in allowlist"); + } + if self.domains.contains(d) { + return BlockCheckResult::blocked(d, "parent domain in blocklist"); + } + } + + BlockCheckResult::not_blocked() + } + /// Atomically swap in a new domain set. Build the set outside the lock, /// then call this to swap — keeps lock hold time sub-microsecond. pub fn swap_domains(&mut self, domains: HashSet, sources: Vec) { From 5eec8915d441fe3ecb77a4f068d60476eda7d93f Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 14:11:46 +0200 Subject: [PATCH 05/15] fix FORMERR: filter UNKNOWN records and increase buffer to 4096 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: upstream resolvers return EDNS OPT records (type 41) in the additional section. Our parser reads them as UNKNOWN, but write() silently skips them — creating a header that claims N additional records but a body with 0, producing FORMERR on the client side. Fix: filter out UNKNOWN records before serialization and adjust header counts to match. Also increase BytePacketBuffer from 512 to 4096 bytes to handle modern DNS responses with many records. Co-Authored-By: Claude Opus 4.6 --- src/buffer.rs | 16 +++++++++------- src/packet.rs | 17 +++++++++++------ src/record.rs | 4 ++++ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/buffer.rs b/src/buffer.rs index c9378d0..0c358e7 100644 --- a/src/buffer.rs +++ b/src/buffer.rs @@ -1,7 +1,9 @@ use crate::Result; +const BUF_SIZE: usize = 4096; + pub struct BytePacketBuffer { - pub buf: [u8; 512], + pub buf: [u8; BUF_SIZE], pub pos: usize, } @@ -14,7 +16,7 @@ impl Default for BytePacketBuffer { impl BytePacketBuffer { pub fn new() -> BytePacketBuffer { BytePacketBuffer { - buf: [0; 512], + buf: [0; BUF_SIZE], pos: 0, } } @@ -38,7 +40,7 @@ impl BytePacketBuffer { } pub fn read(&mut self) -> Result { - if self.pos >= 512 { + if self.pos >= BUF_SIZE { return Err("End of buffer".into()); } let res = self.buf[self.pos]; @@ -47,14 +49,14 @@ impl BytePacketBuffer { } pub fn get(&self, pos: usize) -> Result { - if pos >= 512 { + if pos >= BUF_SIZE { return Err("End of buffer".into()); } Ok(self.buf[pos]) } pub fn get_range(&self, start: usize, len: usize) -> Result<&[u8]> { - if start + len > 512 { + if start + len > BUF_SIZE { return Err("End of buffer".into()); } Ok(&self.buf[start..start + len]) @@ -128,7 +130,7 @@ impl BytePacketBuffer { } pub fn write(&mut self, val: u8) -> Result<()> { - if self.pos >= 512 { + if self.pos >= BUF_SIZE { return Err("End of buffer".into()); } self.buf[self.pos] = val; @@ -172,7 +174,7 @@ impl BytePacketBuffer { } pub fn set(&mut self, pos: usize, val: u8) -> Result<()> { - if pos >= 512 { + if pos >= BUF_SIZE { return Err("End of buffer".into()); } self.buf[pos] = val; diff --git a/src/packet.rs b/src/packet.rs index f6845aa..9158a77 100644 --- a/src/packet.rs +++ b/src/packet.rs @@ -68,24 +68,29 @@ impl DnsPacket { } pub fn write(&self, buffer: &mut BytePacketBuffer) -> Result<()> { + // Filter out UNKNOWN records (e.g. EDNS OPT) that we can't re-serialize + let answers: Vec<_> = self.answers.iter().filter(|r| !r.is_unknown()).collect(); + let authorities: Vec<_> = self.authorities.iter().filter(|r| !r.is_unknown()).collect(); + let resources: Vec<_> = self.resources.iter().filter(|r| !r.is_unknown()).collect(); + let mut header = self.header.clone(); header.questions = self.questions.len() as u16; - header.answers = self.answers.len() as u16; - header.authoritative_entries = self.authorities.len() as u16; - header.resource_entries = self.resources.len() as u16; + header.answers = answers.len() as u16; + header.authoritative_entries = authorities.len() as u16; + header.resource_entries = resources.len() as u16; header.write(buffer)?; for question in &self.questions { question.write(buffer)?; } - for rec in &self.answers { + for rec in answers { rec.write(buffer)?; } - for rec in &self.authorities { + for rec in authorities { rec.write(buffer)?; } - for rec in &self.resources { + for rec in resources { rec.write(buffer)?; } diff --git a/src/record.rs b/src/record.rs index 8d65879..ba8e3d0 100644 --- a/src/record.rs +++ b/src/record.rs @@ -43,6 +43,10 @@ pub enum DnsRecord { } impl DnsRecord { + pub fn is_unknown(&self) -> bool { + matches!(self, DnsRecord::UNKNOWN { .. }) + } + pub fn ttl(&self) -> u32 { match self { DnsRecord::A { ttl, .. } From ee776938c5f7564f0fd4dc80a977be8e2bcce2a3 Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 14:12:11 +0200 Subject: [PATCH 06/15] add auto-detect upstream, install script, release workflow - Default upstream auto-detected from system resolver (scutil/resolv.conf) instead of hardcoding Google 8.8.8.8. Falls back to Quad9 (9.9.9.9). - Single scutil --dns pass for both upstream detection and forwarding rules - Linux: reads backup resolv.conf if current only has loopback - Service start/stop now couples DNS config (install on start, uninstall on stop) - Install script for one-line binary install from GitHub Releases - GitHub Actions release workflow: builds for macOS/Linux x86_64/aarch64 Co-Authored-By: Claude Opus 4.6 --- .github/workflows/release.yml | 78 ++++++++++++++++++++ com.numa.dns.plist | 5 ++ install.sh | 71 ++++++++++++++++++ numa.toml | 9 +-- src/config.rs | 2 +- src/main.rs | 21 ++++-- src/packet.rs | 6 +- src/system_dns.rs | 132 +++++++++++++++++++++++++++------- 8 files changed, 285 insertions(+), 39 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100755 install.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..1971c6b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,78 @@ +name: Release + +on: + push: + tags: + - 'v*' + +permissions: + contents: write + +jobs: + build: + strategy: + matrix: + include: + - target: x86_64-apple-darwin + os: macos-latest + name: numa-macos-x86_64 + - target: aarch64-apple-darwin + os: macos-latest + name: numa-macos-aarch64 + - target: x86_64-unknown-linux-gnu + os: ubuntu-latest + name: numa-linux-x86_64 + - target: aarch64-unknown-linux-gnu + os: ubuntu-latest + name: numa-linux-aarch64 + + runs-on: ${{ matrix.os }} + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + targets: ${{ matrix.target }} + + - name: Install cross-compilation tools + if: matrix.target == 'aarch64-unknown-linux-gnu' + run: | + sudo apt-get update + sudo apt-get install -y gcc-aarch64-linux-gnu + + - name: Build + run: cargo build --release --target ${{ matrix.target }} + env: + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + + - name: Package + run: | + cd target/${{ matrix.target }}/release + tar czf ../../../${{ matrix.name }}.tar.gz numa + cd ../../.. + sha256sum ${{ matrix.name }}.tar.gz > ${{ matrix.name }}.tar.gz.sha256 + + - name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.name }} + path: | + ${{ matrix.name }}.tar.gz + ${{ matrix.name }}.tar.gz.sha256 + + release: + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v4 + with: + merge-multiple: true + + - name: Create Release + uses: softprops/action-gh-release@v2 + with: + generate_release_notes: true + files: | + *.tar.gz + *.sha256 diff --git a/com.numa.dns.plist b/com.numa.dns.plist index 4ef561c..67c90fa 100644 --- a/com.numa.dns.plist +++ b/com.numa.dns.plist @@ -16,5 +16,10 @@ /usr/local/var/log/numa.log StandardErrorPath /usr/local/var/log/numa.log + EnvironmentVariables + + RUST_LOG + info + diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..3771907 --- /dev/null +++ b/install.sh @@ -0,0 +1,71 @@ +#!/bin/sh +# Numa installer — detects OS/arch and downloads the latest release +# Usage: curl -sSL https://raw.githubusercontent.com/razvandimescu/numa/main/install.sh | sh +set -e + +REPO="razvandimescu/numa" +INSTALL_DIR="/usr/local/bin" + +# Detect OS +OS="$(uname -s)" +case "$OS" in + Darwin) OS_NAME="macos" ;; + Linux) OS_NAME="linux" ;; + *) echo "Unsupported OS: $OS"; exit 1 ;; +esac + +# Detect architecture +ARCH="$(uname -m)" +case "$ARCH" in + x86_64|amd64) ARCH_NAME="x86_64" ;; + arm64|aarch64) ARCH_NAME="aarch64" ;; + *) echo "Unsupported architecture: $ARCH"; exit 1 ;; +esac + +ASSET="numa-${OS_NAME}-${ARCH_NAME}.tar.gz" + +echo "" +echo " \033[1;38;2;192;98;58mNuma\033[0m installer" +echo "" +echo " OS: $OS_NAME" +echo " Arch: $ARCH_NAME" +echo "" + +# Get latest release tag +echo " Fetching latest release..." +TAG=$(curl -sSL "https://api.github.com/repos/${REPO}/releases/latest" | grep '"tag_name"' | head -1 | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/') + +if [ -z "$TAG" ]; then + echo " Error: could not find latest release." + echo " Check https://github.com/${REPO}/releases" + exit 1 +fi + +URL="https://github.com/${REPO}/releases/download/${TAG}/${ASSET}" +echo " Downloading ${TAG}..." + +# Download and extract +TMP=$(mktemp -d) +curl -sSL "$URL" -o "$TMP/$ASSET" +tar xzf "$TMP/$ASSET" -C "$TMP" + +# Install +if [ -w "$INSTALL_DIR" ]; then + mv "$TMP/numa" "$INSTALL_DIR/numa" +else + echo " Installing to $INSTALL_DIR (requires sudo)..." + sudo mv "$TMP/numa" "$INSTALL_DIR/numa" +fi + +chmod +x "$INSTALL_DIR/numa" +rm -rf "$TMP" + +echo "" +echo " \033[38;2;107;124;78mInstalled:\033[0m $INSTALL_DIR/numa ($TAG)" +echo "" +echo " Get started:" +echo " sudo numa # start the DNS server" +echo " sudo numa install # set as system DNS" +echo " sudo numa service start # run as persistent service" +echo " open http://localhost:5380 # dashboard" +echo "" diff --git a/numa.toml b/numa.toml index 27dc1f6..b2aee0e 100644 --- a/numa.toml +++ b/numa.toml @@ -2,10 +2,11 @@ bind_addr = "0.0.0.0:53" api_port = 5380 -[upstream] -address = "8.8.8.8" -port = 53 -timeout_ms = 3000 +# [upstream] +# address = "" # auto-detect from system resolver (default) +# address = "9.9.9.9" # or set explicitly +# port = 53 +# timeout_ms = 3000 [cache] max_entries = 10000 diff --git a/src/config.rs b/src/config.rs index 56beaec..799bb41 100644 --- a/src/config.rs +++ b/src/config.rs @@ -69,7 +69,7 @@ impl Default for UpstreamConfig { } fn default_upstream_addr() -> String { - "8.8.8.8".to_string() + String::new() // empty = auto-detect from system resolver } fn default_upstream_port() -> u16 { 53 diff --git a/src/main.rs b/src/main.rs index 46d0b4d..5188071 100644 --- a/src/main.rs +++ b/src/main.rs @@ -14,8 +14,8 @@ use numa::override_store::OverrideStore; use numa::query_log::QueryLog; use numa::stats::ServerStats; use numa::system_dns::{ - discover_forwarding_rules, install_service, install_system_dns, service_status, - uninstall_service, uninstall_system_dns, + discover_system_dns, install_service, install_system_dns, service_status, uninstall_service, + uninstall_system_dns, }; #[tokio::main] @@ -75,8 +75,18 @@ async fn main() -> numa::Result<()> { }; let config = load_config(&config_path)?; - let upstream: SocketAddr = - format!("{}:{}", config.upstream.address, config.upstream.port).parse()?; + // Discover system DNS in a single pass (upstream + forwarding rules) + let system_dns = discover_system_dns(); + + let upstream_addr = if config.upstream.address.is_empty() { + system_dns.default_upstream.unwrap_or_else(|| { + info!("could not detect system DNS, falling back to 9.9.9.9 (Quad9)"); + "9.9.9.9".to_string() + }) + } else { + config.upstream.address.clone() + }; + let upstream: SocketAddr = format!("{}:{}", upstream_addr, config.upstream.port).parse()?; let api_port = config.server.api_port; let mut blocklist = BlocklistStore::new(); @@ -87,8 +97,7 @@ async fn main() -> numa::Result<()> { blocklist.set_enabled(false); } - // Auto-discover conditional forwarding rules from OS (Tailscale, VPN, etc.) - let forwarding_rules = discover_forwarding_rules(); + let forwarding_rules = system_dns.forwarding_rules; let ctx = Arc::new(ServerCtx { socket: UdpSocket::bind(&config.server.bind_addr).await?, diff --git a/src/packet.rs b/src/packet.rs index 9158a77..bca60c2 100644 --- a/src/packet.rs +++ b/src/packet.rs @@ -70,7 +70,11 @@ impl DnsPacket { pub fn write(&self, buffer: &mut BytePacketBuffer) -> Result<()> { // Filter out UNKNOWN records (e.g. EDNS OPT) that we can't re-serialize let answers: Vec<_> = self.answers.iter().filter(|r| !r.is_unknown()).collect(); - let authorities: Vec<_> = self.authorities.iter().filter(|r| !r.is_unknown()).collect(); + let authorities: Vec<_> = self + .authorities + .iter() + .filter(|r| !r.is_unknown()) + .collect(); let resources: Vec<_> = self.resources.iter().filter(|r| !r.is_unknown()).collect(); let mut header = self.header.clone(); diff --git a/src/system_dns.rs b/src/system_dns.rs index da04cc7..1ca7ffd 100644 --- a/src/system_dns.rs +++ b/src/system_dns.rs @@ -10,38 +10,48 @@ pub struct ForwardingRule { pub upstream: SocketAddr, } -/// Discover system DNS forwarding rules from the OS. -/// On macOS, parses `scutil --dns`. Returns rules sorted longest-suffix-first -/// so more specific matches take priority. -pub fn discover_forwarding_rules() -> Vec { +/// Result of system DNS discovery — default upstream + conditional forwarding rules. +pub struct SystemDnsInfo { + pub default_upstream: Option, + pub forwarding_rules: Vec, +} + +/// Discover system DNS configuration in a single pass. +/// On macOS: parses `scutil --dns` once for both the default upstream and forwarding rules. +/// On Linux: reads `/etc/resolv.conf` for upstream, no forwarding rules yet. +pub fn discover_system_dns() -> SystemDnsInfo { #[cfg(target_os = "macos")] { discover_macos() } #[cfg(not(target_os = "macos"))] { - info!("system DNS auto-discovery not implemented for this OS"); - Vec::new() + SystemDnsInfo { + default_upstream: detect_upstream_linux_or_backup(), + forwarding_rules: Vec::new(), + } } } #[cfg(target_os = "macos")] -fn discover_macos() -> Vec { +fn discover_macos() -> SystemDnsInfo { use log::{debug, warn}; let output = match std::process::Command::new("scutil").arg("--dns").output() { Ok(o) => o, Err(e) => { warn!("failed to run scutil --dns: {}", e); - return Vec::new(); + return SystemDnsInfo { + default_upstream: None, + forwarding_rules: Vec::new(), + }; } }; let text = String::from_utf8_lossy(&output.stdout); let mut rules = Vec::new(); + let mut default_upstream: Option = None; - // Parse resolver blocks: look for blocks with both `domain` and `nameserver[0]` - // that have the `Supplemental` flag (conditional forwarding, not default) let mut current_domain: Option = None; let mut current_nameserver: Option = None; let mut is_supplemental = false; @@ -50,7 +60,7 @@ fn discover_macos() -> Vec { let line = line.trim(); if line.starts_with("resolver #") { - // Emit previous block if valid + // Emit previous supplemental block as forwarding rule if let (Some(domain), Some(ns), true) = ( current_domain.take(), current_nameserver.take(), @@ -64,7 +74,6 @@ fn discover_macos() -> Vec { current_nameserver = None; is_supplemental = false; } else if line.starts_with("domain") && line.contains(':') { - // "domain : tailcee7cc.ts.net." if let Some(val) = line.split(':').nth(1) { let domain = val.trim().trim_end_matches('.').to_lowercase(); if !domain.is_empty() @@ -78,15 +87,21 @@ fn discover_macos() -> Vec { } else if line.starts_with("nameserver[0]") && line.contains(':') { if let Some(val) = line.split(':').nth(1) { let ns = val.trim().to_string(); - // Only use IPv4 nameservers for now if ns.parse::().is_ok() { - current_nameserver = Some(ns); + current_nameserver = Some(ns.clone()); + // Capture first non-supplemental, non-loopback nameserver as default upstream + if !is_supplemental + && default_upstream.is_none() + && ns != "127.0.0.1" + && ns != "0.0.0.0" + { + default_upstream = Some(ns); + } } } } else if line.starts_with("flags") && line.contains("Supplemental") { is_supplemental = true; } else if line.starts_with("DNS configuration (for scoped") { - // Stop at scoped section — those are interface-specific, not conditional if let (Some(domain), Some(ns), true) = ( current_domain.take(), current_nameserver.take(), @@ -116,12 +131,17 @@ fn discover_macos() -> Vec { rule.suffix, rule.upstream ); } - if rules.is_empty() { - debug!("no conditional forwarding rules discovered from scutil --dns"); + debug!("no conditional forwarding rules discovered"); + } + if let Some(ref ns) = default_upstream { + info!("detected system upstream: {}", ns); } - rules + SystemDnsInfo { + default_upstream, + forwarding_rules: rules, + } } #[cfg(target_os = "macos")] @@ -134,6 +154,45 @@ fn make_rule(domain: &str, nameserver: &str) -> Option { }) } +/// Detect upstream from /etc/resolv.conf, falling back to backup file if resolv.conf +/// only has loopback (meaning numa install already ran). +#[cfg(not(target_os = "macos"))] +fn detect_upstream_linux_or_backup() -> Option { + // Try /etc/resolv.conf first + if let Some(ns) = read_upstream_from_file("/etc/resolv.conf") { + info!("detected system upstream: {}", ns); + return Some(ns); + } + // If resolv.conf only has loopback, check the backup from `numa install` + let backup = { + let home = std::env::var("HOME") + .map(std::path::PathBuf::from) + .unwrap_or_else(|_| std::path::PathBuf::from("/root")); + home.join(".numa").join("original-resolv.conf") + }; + if let Some(ns) = read_upstream_from_file(backup.to_str().unwrap_or("")) { + info!("detected original upstream from backup: {}", ns); + return Some(ns); + } + None +} + +#[cfg(not(target_os = "macos"))] +fn read_upstream_from_file(path: &str) -> Option { + let text = std::fs::read_to_string(path).ok()?; + for line in text.lines() { + let line = line.trim(); + if line.starts_with("nameserver") { + if let Some(ns) = line.split_whitespace().nth(1) { + if ns != "127.0.0.1" && ns != "0.0.0.0" && ns != "::1" { + return Some(ns.to_string()); + } + } + } + } + None +} + /// Find the upstream for a domain by checking forwarding rules. /// Returns None if no rule matches (use default upstream). /// Zero-allocation on the hot path — dot_suffix is pre-computed. @@ -395,19 +454,28 @@ fn install_service_macos() -> Result<(), String> { .status() .map_err(|e| format!("failed to run launchctl: {}", e))?; - if status.success() { - eprintln!(" Service installed and started."); - eprintln!(" Numa will auto-start on boot and restart if killed."); - eprintln!(" Logs: /usr/local/var/log/numa.log"); - eprintln!(" Run 'sudo numa service stop' to uninstall.\n"); - Ok(()) - } else { - Err("launchctl load failed".to_string()) + if !status.success() { + return Err("launchctl load failed".to_string()); } + + // Set system DNS to 127.0.0.1 now that the service is running + eprintln!(" Service installed and started."); + if let Err(e) = install_macos() { + eprintln!(" warning: failed to configure system DNS: {}", e); + } + eprintln!(" Numa will auto-start on boot and restart if killed."); + eprintln!(" Logs: /usr/local/var/log/numa.log"); + eprintln!(" Run 'sudo numa service stop' to fully uninstall.\n"); + Ok(()) } #[cfg(target_os = "macos")] fn uninstall_service_macos() -> Result<(), String> { + // Restore DNS first, while numa is still running to handle any final queries + if let Err(e) = uninstall_macos() { + eprintln!(" warning: failed to restore system DNS: {}", e); + } + // Remove plist first so service won't restart on boot even if unload fails if let Err(e) = std::fs::remove_file(PLIST_DEST) { if e.kind() != std::io::ErrorKind::NotFound { @@ -576,14 +644,24 @@ fn install_service_linux() -> Result<(), String> { run_systemctl(&["start", "numa"])?; eprintln!(" Service installed and started."); + + // Set system DNS now that the service is running + if let Err(e) = install_linux() { + eprintln!(" warning: failed to configure system DNS: {}", e); + } eprintln!(" Numa will auto-start on boot and restart if killed."); eprintln!(" Logs: journalctl -u numa -f"); - eprintln!(" Run 'sudo numa service stop' to uninstall.\n"); + eprintln!(" Run 'sudo numa service stop' to fully uninstall.\n"); Ok(()) } #[cfg(target_os = "linux")] fn uninstall_service_linux() -> Result<(), String> { + // Restore DNS first, while numa is still running + if let Err(e) = uninstall_linux() { + eprintln!(" warning: failed to restore system DNS: {}", e); + } + if let Err(e) = run_systemctl(&["stop", "numa"]) { eprintln!(" warning: {}", e); } From dcaceddfd33c589ee5e5a814461570eaf603219d Mon Sep 17 00:00:00 2001 From: Razvan Dimescu Date: Fri, 20 Mar 2026 14:21:08 +0200 Subject: [PATCH 07/15] fix domain check input, add query log search and filter - Fix: checkDomain input ID shadowed the JS function (caused page redirect) - Add domain search box and path dropdown filter to Recent Queries panel - Client-side filtering for instant response (no extra API calls) Co-Authored-By: Claude Opus 4.6 --- site/dashboard.html | 45 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 5 deletions(-) diff --git a/site/dashboard.html b/site/dashboard.html index d2b25cd..b1756bf 100644 --- a/site/dashboard.html +++ b/site/dashboard.html @@ -497,7 +497,21 @@ body {
Recent Queries - +
+ + + +
@@ -527,7 +541,7 @@ body {
- +
@@ -574,6 +588,7 @@ body {