ip_cidr and ip_is_private are Response Match Fields in new mode,
same as response_rcode/answer/ns/extra. Use a single consistent
error message when any of them appear without match_response.
Remove resolveDNSRoute indirection from evaluate action since
evaluate+fakeip is already rejected at build time, making the
dnsRouteStatusSkipped branch dead code. Inline transport lookup
directly instead.
Also remove the context-cancellation early return that was not
part of the design spec, and fix test naming to avoid newMode.
Use concrete feature names per design spec: "Legacy Address Filter
Fields", "Legacy `strategy` DNS rule action option", "Legacy
`ip_accept_any` DNS rule item", "Legacy `rule_set_ip_cidr_accept_empty`
DNS rule item" for deprecated features, and "Response Match Fields" for
the new response matching section.
Remove all user-facing references to the internal `legacyDNSMode` variable
name. Error messages now reuse the deprecated.Note.MessageWithLink() method
to provide consistent deprecation text with migration URLs. Other internal
jargon ("consume response state", "response_*") is replaced with
user-friendly descriptions.
Add two migration guide entries under 1.14.0: one for strategy → rule items,
one for address filter fields → evaluate with match_response.
- dns/router: add r.closing guard in registerRuleSetCallbacks to
prevent callback leak when Close() races with Start() in daemon path
- adapter/inbound: validate addr.IsValid() in DNSResponseAddresses
before appending to guard against zero-RDATA DNS records
- adapter/rule: add evaluate to non-final actions in IsFinalAction
- Rename nested_action.go to rule_nested_action.go for naming consistency
- Export error message constants from option package to deduplicate
- Fix RuleActionRouteOptions.Descriptions using wrong field for fallback-network-type
Add config-time validation in NewDNSRule that rejects
RejectMethodReply for both default and logical DNS rules,
matching the existing TCP/UDP validation in route/route.go.
- Add EnvName to four new deprecation constants so users can suppress
warnings via ENABLE_DEPRECATED_* environment variables
- Add comment explaining why applyDNSRouteOptions skips Strategy
- Use dns.RcodeToString in DNSResponseRCodeItem.String() for readability
- Remove redundant Fqdn(FqdnToDomain(domain)) round-trip
- Use standard !!! failure block for strategy deprecation notice
- Add Legacy DNS Mode section explaining automatic mode detection
- Reorder ip_accept_any/rule_set_ip_cidr_accept_empty in Chinese docs
to match English
The legacy path returned predefined responses early, bypassing the
reverse mapping cache. Use goto to reach the shared post-exchange
block so both legacy and new paths record predefined A/AAAA answers.
The field was never set to true after the legacy pre-match refactor
in 3549c02b8. Remove the declaration, guard check, and redundant
false assignments.
Exchange and Lookup held rulesAccess.RLock across all DNS network I/O,
blocking rebuildRules from swapping in new rules until every in-flight
query finished. Replace the RWMutex with an atomic pointer to a
refcounted rulesSnapshot so queries only hold a snapshot reference
during execution, allowing concurrent rule rebuilds.
Remove SetIncludeAllowed(true) from the DNS record zone parser.
The $INCLUDE directive allows opening arbitrary files via os.Open,
which is unnecessary and dangerous when parsing a single record string
from configuration (especially remote profiles).
Fix displayRuleIndex arithmetic in dns/router.go that computed
2*index+1 instead of the correct 0-based index. This was a
reintroduction of a bug previously fixed in be8ee370a. Both
matchDNS and logRuleMatch now use the index directly, matching
the pattern in route/route.go.
