feat(service): add smart_dns_pool — local DNS server fronting many upstreams

[hiddifyafk]

Adds a sing-box service type: smart_dns_pool that listens on a local UDP+TCP address and fans incoming DNS queries out to many configured recursive resolvers (UDP / TCP / DoT / DoH) using github.com/hiddify/hmrd_multi_resolver_dns under the hood.

Replaces the closed #19 (which targeted the wrong layer). Integration shape now matches what was clarified offline: instead of dnstt asking sing-box's own DNS subsystem to resolve, you stand up this service locally and point dnstt's resolvers at udp://127.0.0.1:<listen_port> instead of 8.8.8.8.

Why this exists

dnstt's tunnel sends DNS queries to a single recursive resolver. When that resolver gets rate-limited or blocked by the censor, the tunnel stalls until the operator rotates manually. With this service the operator configures the recursive resolvers they want to distribute load across once, then sets dnstt's resolvers to the local listen address. dnstt sees a normal local resolver; the pool transparently handles:

• Per-query failover within the overall deadline — if the first selected upstream fails inside the per-attempt timeout, the next candidate is tried before the deadline expires.
• AIMD rate-limit throttling — Rcode REFUSED / Rcode SERVFAIL / HTTP 429 (DoH) all decrement the upstream's RPM cap (multiplicative-decrease); sustained success grows it back (additive-increase).
• Recovery probing — when an upstream is marked down (after N consecutive timeouts/network failures), a background prober re-issues the offending query every probe_interval until it answers, then promotes it back to healthy.
• Pluggable LB — roundrobin (default) / weighted / lowest_latency. weight: 0 means the upstream is a pure fallback (only reached when every weighted candidate is unavailable).

Sample config

{
  "services": [
    {
      "type": "smart_dns_pool",
      "tag":  "dnstt-pool",
      "listen": "127.0.0.1",
      "listen_port": 19876,
      "load_balance": "weighted",
      "upstreams": [
        { "type": "udp",   "address": "1.1.1.1:53",                              "weight": 5 },
        { "type": "doh",   "address": "https://cloudflare-dns.com/dns-query",    "weight": 3 },
        { "type": "tls",   "address": "1.1.1.1:853",                             "weight": 2 },
        { "type": "udp",   "address": "8.8.8.8:53",                              "weight": 0 }
      ]
    }
  ],
  "outbounds": [
    { "type": "dnstt", "tag": "dnstt-out",
      "resolvers": [ { "type": "udp", "address": "127.0.0.1:19876" } ],
      "...": "..."
    }
  ]
}

Plumbing

File	Change
constant/proxy.go	new TypeSmartDNSPool = "smart_dns_pool"
option/smart_dns_pool.go	SmartDNSPoolServiceOptions + SmartDNSPoolUpstreamOptions (listen + upstreams + LB / timeout knobs)
service/smart_dns_pool/service.go	Service implementing adapter.Service: Start binds the listener and starts the multidns.Manager with all upstreams; Close shuts the server and the manager cleanly
service/smart_dns_pool/service_test.go	full integration tests (see below)
include/registry.go	smartdnspool.RegisterService(registry)
go.mod	adds github.com/hiddify/hmrd_multi_resolver_dns require

Test plan

• go vet ./service/smart_dns_pool/ ./include/ ./option/ ./constant/ clean
• go build ./service/smart_dns_pool/ ./include/ clean
• go test -race -count=1 ./service/smart_dns_pool/:
  • TestSmartDNSPool_EndToEnd — builds service from real option.SmartDNSPoolServiceOptions, sends an A query to 127.0.0.1:<port>, verifies the answer routed through one of the configured upstreams. Round-robin reaches both upstreams over 10 queries.
  • TestSmartDNSPool_FailoverWithinDeadline — one dropping + one healthy upstream; queries through the local listener still get answered (the headline dnstt failure mode).
  • TestSmartDNSPool_RejectsBadConfig — validation surfaces at NewService time (no upstreams, missing port, unsupported upstream type).
• Library carries 46 tests of its own under go test -race covering failover, AIMD, prober recovery, custom dialer on every protocol, and the net.PacketConn server path this service relies on.

Dependency note

go.mod pins:

github.com/hiddify/hmrd_multi_resolver_dns v0.0.0-20260427043414-4f1e2d512cf6

That's the tip of feat/packetconn-surface — the open library PR adding the net.PacketConn surface this service uses. Once that PR merges (and ideally a tag is cut on the library), this require can bump to the real version.

Merge order

1. hiddify/hmrd_multi_resolver_dns#4 — adds the net.PacketConn surface to the library
2. (Optional) tag a release on the library
3. This PR — bump the require to the tagged version, then merge into extended