Improve recursive DNS tunnel stability

[Udjin79]

Summary

• make QUIC idle timeout configurable on both client and server and enable server-side keep-alive
• add nonce/cache-busting labels for DNS query transport while keeping server decode compatibility
• improve recursive DNS path handling: rotate stalled handshakes, avoid disabling merely slow paths, keep alternate paths usable, honor cooldown during refresh, and lengthen cooldown for flapping paths
• improve close/error labels and document the new options

Validation

Local checks:

• cargo fmt --check
• cargo test -p slipstream-dns -p slipstream-client
• cargo test -p slipstream-client
• cargo clippy -p slipstream-dns -p slipstream-client -p slipstream-server --all-targets -- -D warnings
• cargo clippy -p slipstream-client -p slipstream-server --all-targets -- -D warnings
• cargo build --release -p slipstream-client -p slipstream-server

Production smoke test over public recursive DNS resolvers (Selectel client -> Hetzner server, domain delegated through Cloudflare):

• previous behavior: fast bursts were possible, but later transfers often stalled at 0 bytes, reset, or closed on idle timeout
• with a stable public recursive pool (1.1.1.1, 1.0.0.1, 9.9.9.9, 149.112.112.112): 6 x 10 MB transfers completed with http=200 and curl_exit=0
• observed throughput is stable but modest (~125-152 KB/s), so this PR improves reliability rather than solving throughput optimization completely

Notes

Some public resolvers tested from the production client were not suitable for this transport profile: Yandex stalled after a few KB, Google-only failed to become ready reliably, and UltraDNS-only stalled mid-transfer. The longer cooldown avoids repeatedly spending probe/poll work on flapping recursive paths.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1463d2414c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[aminvakil]

Disclaimer: Not a maintainer here.

[tannisroot]

Was this written with AI? How involved was it in this PR?

[Udjin79]

Was this written with AI? How involved was it in this PR?

Yes. I was testing and stabilizing build, in order to be more steady and reliable in work.
Any problems with it?

[Mygod]

I can't speak for this PR but just so you know, this repo is 100% AI. You are welcome to leave.

[tannisroot]

I can't speak for this PR but just so you know, this repo is 100% AI. You are welcome to leave.

Oh I wasn't implying it's an inherently bad thing, your project is evidence it isn't, I was just curious.

[tannisroot]

Was this written with AI? How involved was it in this PR?

Yes. I was testing and stabilizing build, in order to be more steady and reliable in work.
Any problems with it?

Not at all!