fix(mdns): respect IPv4/IPv6 listen flags and drop dead exports

Cursorbot review on jetkvm#1454 flagged two issues:

1. hashicorp/mdns.NewServer always binds both 224.0.0.251:5353 and
   [ff02::fb]:5353 with no toggle, so MDNSMode=ipv4_only/ipv6_only
   was silently ignored — clients on the disabled family could still
   browse and discover a service whose A/AAAA they cannot resolve.
   Replace the call with a small custom responder that only binds
   the requested transports. Record generation still uses
   hashicorp/mdns.MDNSService via the existing jetkvmZone, and the
   query/response loop mirrors hashicorp/mdns to keep on-the-wire
   behavior identical otherwise.

2. DefaultAddressIPv4 / DefaultAddressIPv6 were leftover unused
   exports from the pion era. Removed.

Also corrected misleading comments that claimed Stop() emits DNS-SD
goodbye packets — neither hashicorp/mdns nor this responder do; we
rely on TTL expiry like before.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: mcuelenaere

internal/mdns/mdns.go

@@ -7,11 +7,12 @@
 //     clients (NWBrowser, dns-sd, avahi-browse) can discover the
 //     device.
 //
-// Implementation: hashicorp/mdns. We previously used pion/mdns/v2,
-// which is hostname-only and does not support DNS-SD. Running both
-// in the same process would mean two responders binding to
-// 224.0.0.251:5353 and producing duplicate A/AAAA replies, so the
-// pion responder was replaced rather than supplemented.
+// Implementation: a small custom server in server.go that handles
+// the multicast transport, plus hashicorp/mdns.MDNSService for
+// DNS-SD record generation. We previously used pion/mdns/v2, which
+// is hostname-only. We don't use hashicorp/mdns.NewServer directly
+// because it has no toggle for binding to IPv4 vs IPv6 multicast,
+// which would silently ignore MDNSMode=ipv4_only / ipv6_only.
 package mdns
 
 import (
@@ -28,11 +29,6 @@ import (
 	"github.com/rs/zerolog"
 )
 
-const (
-	DefaultAddressIPv4 = "224.0.0.251:5353"
-	DefaultAddressIPv6 = "[ff02::fb]:5353"
-)
-
 type MDNSListenOptions struct {
 	IPv4 bool
 	IPv6 bool
@@ -62,7 +58,7 @@ type MDNSOptions struct {
 }
 
 type MDNS struct {
-	server *hashicorp_mdns.Server
+	server *jetkvmServer
 	lock   sync.Mutex
 	l      *zerolog.Logger
 
@@ -286,7 +282,7 @@ func (m *MDNS) start(allowRestart bool) error {
 		service:   hashSvc,
 	}
 
-	server, err := hashicorp_mdns.NewServer(&hashicorp_mdns.Config{Zone: zone})
+	server, err := newJetkvmServer(zone, m.listenOptions.IPv4, m.listenOptions.IPv6)
 	if err != nil {
 		scopeLogger.Warn().Err(err).Msg("failed to start mDNS server")
 		return err
@@ -308,8 +304,9 @@ func (m *MDNS) Restart() error {
 	return m.start(true)
 }
 
-// Stop stops the mDNS server. It sends DNS-SD goodbye packets so
-// browsers remove the device promptly instead of waiting for TTL.
+// Stop stops the mDNS server by closing the multicast sockets.
+// Browsers age the device out via record TTL (we do not currently
+// emit explicit goodbye packets).
 func (m *MDNS) Stop() error {
 	m.lock.Lock()
 	defer m.lock.Unlock()

internal/mdns/server.go

@@ -0,0 +1,170 @@
+package mdns
+
+import (
+	"fmt"
+	"net"
+	"sync/atomic"
+
+	hashicorp_mdns "github.com/hashicorp/mdns"
+	"github.com/miekg/dns"
+)
+
+// jetkvmServer is a minimal mDNS responder. We use it instead of
+// hashicorp/mdns.NewServer because the upstream Server always binds
+// to BOTH 224.0.0.251:5353 and [ff02::fb]:5353 with no toggle, which
+// silently ignores the user's MDNSMode=ipv4_only / ipv6_only setting.
+// Record generation (PTR / SRV / TXT / A / AAAA) is still delegated
+// to a hashicorp/mdns.Zone (so we don't reinvent DNS-SD); we only
+// re-implement the transport + query loop.
+//
+// The query/response handling here mirrors hashicorp/mdns's
+// server.go closely so the on-the-wire behavior is the same. RFC
+// 6762 §18 is the relevant spec.
+type jetkvmServer struct {
+	zone hashicorp_mdns.Zone
+
+	ipv4List *net.UDPConn
+	ipv6List *net.UDPConn
+
+	shutdown   int32
+	shutdownCh chan struct{}
+}
+
+var (
+	multicastAddrIPv4 = &net.UDPAddr{IP: net.ParseIP("224.0.0.251"), Port: 5353}
+	multicastAddrIPv6 = &net.UDPAddr{IP: net.ParseIP("ff02::fb"), Port: 5353}
+)
+
+// newJetkvmServer starts an mDNS responder on the requested
+// transports. At least one of listenIPv4/listenIPv6 must be true.
+func newJetkvmServer(zone hashicorp_mdns.Zone, listenIPv4, listenIPv6 bool) (*jetkvmServer, error) {
+	s := &jetkvmServer{zone: zone, shutdownCh: make(chan struct{})}
+
+	if listenIPv4 {
+		c, err := net.ListenMulticastUDP("udp4", nil, multicastAddrIPv4)
+		if err == nil {
+			s.ipv4List = c
+			go s.recv(c)
+		}
+	}
+	if listenIPv6 {
+		c, err := net.ListenMulticastUDP("udp6", nil, multicastAddrIPv6)
+		if err == nil {
+			s.ipv6List = c
+			go s.recv(c)
+		}
+	}
+
+	if s.ipv4List == nil && s.ipv6List == nil {
+		return nil, fmt.Errorf("no multicast listeners could be started")
+	}
+	return s, nil
+}
+
+// Shutdown stops the server. Goroutines spawned by recv exit when
+// the underlying socket is closed.
+func (s *jetkvmServer) Shutdown() error {
+	if !atomic.CompareAndSwapInt32(&s.shutdown, 0, 1) {
+		return nil
+	}
+	close(s.shutdownCh)
+	if s.ipv4List != nil {
+		_ = s.ipv4List.Close()
+	}
+	if s.ipv6List != nil {
+		_ = s.ipv6List.Close()
+	}
+	return nil
+}
+
+func (s *jetkvmServer) recv(c *net.UDPConn) {
+	buf := make([]byte, 65536)
+	for {
+		n, from, err := c.ReadFrom(buf)
+		if err != nil {
+			select {
+			case <-s.shutdownCh:
+				return
+			default:
+				continue
+			}
+		}
+		s.handlePacket(buf[:n], from)
+	}
+}
+
+func (s *jetkvmServer) handlePacket(packet []byte, from net.Addr) {
+	var msg dns.Msg
+	if err := msg.Unpack(packet); err != nil {
+		return
+	}
+	// RFC 6762: silently ignore non-zero opcode/rcode and truncated
+	// queries (we don't implement the known-answer continuation).
+	if msg.Opcode != dns.OpcodeQuery || msg.Rcode != 0 || msg.Truncated {
+		return
+	}
+
+	var unicastAnswer, multicastAnswer []dns.RR
+	for _, q := range msg.Question {
+		recs := s.zone.Records(q)
+		if len(recs) == 0 {
+			continue
+		}
+		// RFC 6762 §18.12: top bit of qclass = "unicast response preferred".
+		if q.Qclass&(1<<15) != 0 {
+			unicastAnswer = append(unicastAnswer, recs...)
+		} else {
+			multicastAnswer = append(multicastAnswer, recs...)
+		}
+	}
+
+	if len(multicastAnswer) > 0 {
+		s.sendResponse(multicastAnswer, from, msg.Id, false)
+	}
+	if len(unicastAnswer) > 0 {
+		s.sendResponse(unicastAnswer, from, msg.Id, true)
+	}
+}
+
+func (s *jetkvmServer) sendResponse(answers []dns.RR, from net.Addr, queryID uint16, unicast bool) {
+	// 18.1: ID is 0 for multicast responses, query.Id for unicast.
+	id := uint16(0)
+	if unicast {
+		id = queryID
+	}
+	resp := &dns.Msg{
+		MsgHdr: dns.MsgHdr{
+			Id:            id,
+			Response:      true,
+			Opcode:        dns.OpcodeQuery,
+			Authoritative: true,
+		},
+		Compress: true,
+		Answer:   answers,
+	}
+	buf, err := resp.Pack()
+	if err != nil {
+		return
+	}
+
+	// Match hashicorp/mdns: send back via the same transport family
+	// the query came in on. (Their TODO notes this isn't strictly
+	// RFC 6762 §6 compliant — multicast responses should go to the
+	// multicast group — but in practice clients re-query periodically
+	// so the unicast-back behavior works.)
+	addr, ok := from.(*net.UDPAddr)
+	if !ok {
+		return
+	}
+	if addr.IP.To4() != nil {
+		if s.ipv4List == nil {
+			return
+		}
+		_, _ = s.ipv4List.WriteToUDP(buf, addr)
+	} else {
+		if s.ipv6List == nil {
+			return
+		}
+		_, _ = s.ipv6List.WriteToUDP(buf, addr)
+	}
+}

main.go

@@ -190,8 +190,8 @@ func Main() {
 	logger.Log().Msg("JetKVM Shutting Down")
 
 	if mDNS != nil {
-		// Send DNS-SD goodbye so Bonjour browsers drop the device
-		// immediately instead of waiting for the record TTL.
+		// Close the multicast sockets so we stop responding to
+		// browses immediately. Browsers age the entry out by TTL.
 		if err := mDNS.Stop(); err != nil {
 			logger.Warn().Err(err).Msg("failed to stop mDNS server")
 		}