Add configurable DNS query timeout by comebackto2021 · Pull Request #4079 · SagerNet/sing-box

comebackto2021 · 2026-04-26T04:47:01Z

Summary

Adds a timeout field to DNS configuration so the DNS exchange timeout can
be tuned per-deployment via JSON config. Previously hardcoded to
C.DNSTimeout = 10s in dns/client.go.

The Client.timeout field is already parameterized in code — NewClient()
accepts options.Timeout and falls back to C.DNSTimeout when zero. This
PR only wires up the JSON option and threads it through dns.NewRouter.

Motivation

On unstable mobile networks (carrier-grade NAT with aggressive timeouts,
DPI middleboxes on TCP/53), plain TCP DNS sockets can become "zombies"
after long idle periods — bytes are silently dropped while the kernel
still considers the socket valid. The full 10-second timeout is then
user-visible latency on the first query after inactivity.

Industry comparison for DNS exchange/per-attempt timeouts:

System	Default
Microsoft Windows DNS client	1s first retry (5 attempts in 10s budget)
Microsoft Windows Server forwarder	3s
ThousandEyes DNS resolution test	3s measurement
Linux glibc `RES_TIMEOUT`	5s default, community recommends 1-3s
sing-box	10s, single attempt, not configurable

Operators deploying sing-box across many users on heterogeneous networks
have no way to tune this without forking and shipping custom libbox builds
to every client platform (Android AAR, Apple framework, Windows DLL).

Changes

option/dns.go: add Timeout badoption.Duration to DNSClientOptions
dns/router.go: pass it to dns.NewClient via existing ClientOptions.Timeout
docs/configuration/dns/index.md and index.zh.md: document the new field

Backward compatibility

Field is omitempty. When unset (time.Duration(0)), dns/client.go:80-82
falls back to C.DNSTimeout = 10s, preserving existing behavior. No
migration needed.

Example

{
  "dns": {
    "timeout": "3s",
    "servers": [...]
  }
}

Verification

go build ./... — passes
go vet ./option/... ./dns/... — clean
go test ./option/... ./dns/... — all green
Config validation: "timeout": "3s" accepted, invalid duration string rejected
with clear error pointing to dns.timeout JSON path
Backward compatibility: configs without the field validate and run as before

`SecTrustEvaluateWithError` is serial

…rval backoff

This reverts commit 62cb06c.

DNS rules referencing rule-sets that contain only ip_cidr predicates silently stopped matching when legacy DNS mode was disabled, because the IP-CIDR branch cannot match against an in-flight DNS query. The existing validation intentionally let every rule_set through on the premise that mixed sets still work via their non-IP branches, which is only true when such a branch exists. Track whether a rule-set carries any non-IP-CIDR predicate and reject pure-IP references the same way bare ip_cidr fields are already rejected.

Serialize probe rounds in startProber to eliminate unbounded fan-out of fire-and-forget probe goroutines (up to 100/sec per direction), and close HTTP/3 transports via transport.Close() in addition to CloseIdleConnections.

nekohasekai added 30 commits April 23, 2026 07:48

Add MAC and hostname rule items

27ca71f

Add Android support for MAC and hostname rule items

a9decac

Add macOS support for MAC and hostname rule items

92310b4

documentation: Update descriptions for neighbor rules

027f11c

Refactor ACME support to certificate provider

47df58f

Add BBR profile and hop interval randomization for Hysteria2

ed165ee

platform: Add OOM Report & Crash Report

d89a712

Also enable certificate store by default on Apple platforms

82d590a

`SecTrustEvaluateWithError` is serial

Add evaluate DNS rule action and related rule items

144a3fb

platform: Fix set local

df5f2cc

Fix deprecated warning double-formatting on localized clients

f02472a

oom-killer: Free memory on pressure notification and use gradual inte…

bc6d0fe

…rval backoff

tools: Network Quality & STUN

34a5ae7

platform: Fix darwin signal handler

48e18c7

tools: Tailscale status

5eec1a2

Revert "Also enable certificate store by default on Apple platforms"

c669743

This reverts commit 62cb06c.

Fix rules lock

84b5c2f

Fix darwin local DNS transport

69b9198

tools: Tailscale status

10f4481

Un-deprecate ip_accept_any DNS rule item

eb2b0f4

documentation: Fixes

c884f9d

Add package_name_regex route, DNS and headless rule item

7b70e4c

platform: Wrap command RPC error returns with E.Cause

4413b5e

Fix lint errors

2be423b

Add cloudflared inbound

01207b2

documentation: Fix missing update for ip_version and query_type

c680b4a

Fix stun test

8389026

Fix darwin cgo DNS again

70aaf29

Fix tailscale error

3fe2687

Add optimistic DNS cache

c6b3161

nekohasekai and others added 24 commits April 23, 2026 07:49

Fix use-after-free of pooled value buffers in bbolt Batch writes

dd087f9

Reject IP literal server name with TLS spoof

4cc9404

Fix macOS tlsspoof

227df81

Scope HTTP/2 fallback and HTTP/3 broken state per authority

4bc13fc

Defer implicit default HTTP client fallback to first use

b96ef82

Strip EDNS padding from upstream DNS responses

32bcf1a

Fix Apple TLS metadata capture

b771448

Fix tls-spoof

2e3d20d

Add search domain support for Tailscale DNS

fa791ae

Log DNS optimistic background refresh outcomes

87b8007

Fix Tailscale search domain response name mismatch

2640dd9

Fix goroutine leak in networkquality tool

6904d91

Serialize probe rounds in startProber to eliminate unbounded fan-out of fire-and-forget probe goroutines (up to 100/sec per direction), and close HTTP/3 transports via transport.Close() in addition to CloseIdleConnections.

Add ACME profile support for IP address certificates

986c7f8

Fix ACME HTTP-01 challenge for IPv6 literal addresses

a20f5fd

platform: Improve oom-killer

cd4a4e6

Fix darwin cgo DNS again

a8bd2e2

Bump version

76a2201

Fix stderr deprecated manager

0899318

Improve UDP batch support

1955522

Add Windows TLS engine

7ce5b6c

tun: Add compatibility with docker bridge

75f0c0f

Bump version

b2d5fb6

Add configurable DNS query timeout

659e3c7

comebackto2021 mentioned this pull request Apr 26, 2026

Add DNS retry intervals #4081

Open

nekohasekai force-pushed the testing branch 5 times, most recently from 1b0e6c5 to abedea4 Compare April 28, 2026 07:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add configurable DNS query timeout#4079

Add configurable DNS query timeout#4079
comebackto2021 wants to merge 59 commits intoSagerNet:testingfrom
comebackto2021:feat-configurable-dns-timeout

comebackto2021 commented Apr 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

comebackto2021 commented Apr 26, 2026

Summary

Motivation

Changes

Backward compatibility

Example

Verification

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants