Pull request 2114: 6480 upd proxy

Updates #6480.

Squashed commit of the following:

commit 03d73fe8f6637b88d11cb331a71c78a0bc79ac7e
Merge: b6f9bd5af 1511fabee
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Dec 25 14:50:08 2023 +0300

    Merge branch 'master' into 6480-upd-proxy

commit b6f9bd5af43c55ec37133fae42f80adc58092f39
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 19 19:31:14 2023 +0300

    dnsforward: imp code, docs

commit db0356cd4c4f4183604ce29b01e05f655519646a
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 19 17:21:53 2023 +0300

    all: log changes

commit 0cbb0e8a6b525088f1f739b777229547fdd1dccb
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Tue Dec 19 16:26:34 2023 +0300

    all: upd proxy

internal/dnsforward/dnsforward.go

@@ -81,6 +81,7 @@ type DHCP interface {
 	Enabled() (ok bool)
 }
 
+// SystemResolvers is an interface for accessing the OS-provided resolvers.
 type SystemResolvers interface {
 	// Addrs returns the list of system resolvers' addresses.
 	Addrs() (addrs []netip.AddrPort)
@@ -469,13 +470,15 @@ func (s *Server) startLocked() error {
 	return err
 }
 
-// setupLocalResolvers initializes the resolvers for local addresses.  It
-// assumes s.serverLock is locked or the Server not running.
-func (s *Server) setupLocalResolvers(boot upstream.Resolver) (err error) {
+// prepareLocalResolvers initializes the local upstreams configuration using
+// boot as bootstrap.  It assumes that s.serverLock is locked or s not running.
+func (s *Server) prepareLocalResolvers(
+	boot upstream.Resolver,
+) (uc *proxy.UpstreamConfig, err error) {
 	set, err := s.conf.ourAddrsSet()
 	if err != nil {
 		// Don't wrap the error because it's informative enough as is.
-		return err
+		return nil, err
 	}
 
 	resolvers := s.conf.LocalPTRResolvers
@@ -492,29 +495,46 @@ func (s *Server) setupLocalResolvers(boot upstream.Resolver) (err error) {
 
 	log.Debug("dnsforward: upstreams to resolve ptr for local addresses: %v", resolvers)
 
-	uc, err := s.prepareUpstreamConfig(resolvers, nil, &upstream.Options{
+	uc, err = s.prepareUpstreamConfig(resolvers, nil, &upstream.Options{
 		Bootstrap: boot,
 		Timeout:   defaultLocalTimeout,
 		// TODO(e.burkov): Should we verify server's certificates?
 		PreferIPv6: s.conf.BootstrapPreferIPv6,
 	})
 	if err != nil {
-		return fmt.Errorf("preparing private upstreams: %w", err)
+		return nil, fmt.Errorf("preparing private upstreams: %w", err)
 	}
 
 	if confNeedsFiltering {
 		err = filterOutAddrs(uc, set)
 		if err != nil {
-			return fmt.Errorf("filtering private upstreams: %w", err)
+			return nil, fmt.Errorf("filtering private upstreams: %w", err)
 		}
 	}
 
+	return uc, nil
+}
+
+// setupLocalResolvers initializes and sets the resolvers for local addresses.
+// It assumes s.serverLock is locked or s not running.
+func (s *Server) setupLocalResolvers(boot upstream.Resolver) (err error) {
+	uc, err := s.prepareLocalResolvers(boot)
+	if err != nil {
+		// Don't wrap the error because it's informative enough as is.
+		return err
+	}
+
 	s.localResolvers = &proxy.Proxy{
 		Config: proxy.Config{
 			UpstreamConfig: uc,
 		},
 	}
 
+	err = s.localResolvers.Init()
+	if err != nil {
+		return fmt.Errorf("initializing proxy: %w", err)
+	}
+
 	// TODO(e.burkov):  Should we also consider the DNS64 usage?
 	if s.conf.UsePrivateRDNS &&
 		// Only set the upstream config if there are any upstreams.  It's safe
@@ -700,7 +720,7 @@ func (s *Server) prepareInternalProxy() (err error) {
 		CacheEnabled:   true,
 		CacheSizeBytes: 4096,
 		UpstreamConfig: srvConf.UpstreamConfig,
-		MaxGoroutines:  int(s.conf.MaxGoroutines),
+		MaxGoroutines:  s.conf.MaxGoroutines,
 	}
 
 	err = setProxyUpstreamMode(conf, srvConf.UpstreamMode, srvConf.FastestTimeout.Duration)