From cc35480e26e09f17400c7cc371c8afa699c7dc7d Mon Sep 17 00:00:00 2001
From: user <user@Mac.lan guest wan>
Date: Sat, 21 Feb 2026 02:54:56 -0800
Subject: [PATCH] fix: set 700ms query timeout, use public resolvers for
 recursive queries

- Change queryTimeoutDuration from 5s to 700ms per requirement that DNS
  queries complete quickly given <800ms RTT
- Fix resolveARecord and resolveNSRecursive to use public recursive
  resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9) instead of root servers,
  which don't answer recursive queries (RD=1)
---
 internal/resolver/iterative.go | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/internal/resolver/iterative.go b/internal/resolver/iterative.go
index 8f41b6d..332e1d0 100644
--- a/internal/resolver/iterative.go
+++ b/internal/resolver/iterative.go
@@ -13,7 +13,7 @@ import (
 )
 
 const (
-	queryTimeoutDuration = 5 * time.Second
+	queryTimeoutDuration = 700 * time.Millisecond
 	maxRetries           = 2
 	maxDelegation        = 20
 	timeoutMultiplier    = 2
@@ -291,8 +291,17 @@ func (r *Resolver) resolveNSIPs(
 	return ips
 }
 
-// resolveNSRecursive queries for NS records using recursive
-// resolution as a fallback for intercepted environments.
+// publicResolvers returns well-known public recursive DNS resolvers.
+func publicResolvers() []string {
+	return []string{
+		"1.1.1.1", // Cloudflare
+		"8.8.8.8", // Google
+		"9.9.9.9", // Quad9
+	}
+}
+
+// resolveNSRecursive queries for NS records using a public
+// recursive resolver as a fallback for intercepted environments.
 func (r *Resolver) resolveNSRecursive(
 	ctx context.Context,
 	domain string,
@@ -302,7 +311,7 @@ func (r *Resolver) resolveNSRecursive(
 	msg.SetQuestion(domain, dns.TypeNS)
 	msg.RecursionDesired = true
 
-	for _, ip := range rootServerList()[:3] {
+	for _, ip := range publicResolvers() {
 		if checkCtx(ctx) != nil {
 			return nil, ErrContextCanceled
 		}
@@ -323,7 +332,8 @@ func (r *Resolver) resolveNSRecursive(
 	return nil, ErrNoNameservers
 }
 
-// resolveARecord resolves a hostname to IPv4 addresses.
+// resolveARecord resolves a hostname to IPv4 addresses using
+// public recursive resolvers.
 func (r *Resolver) resolveARecord(
 	ctx context.Context,
 	hostname string,
@@ -333,7 +343,7 @@ func (r *Resolver) resolveARecord(
 	msg.SetQuestion(hostname, dns.TypeA)
 	msg.RecursionDesired = true
 
-	for _, ip := range rootServerList()[:3] {
+	for _, ip := range publicResolvers() {
 		if checkCtx(ctx) != nil {
 			return nil, ErrContextCanceled
 		}
-- 
2.49.1