From 93149aeb09a1641be37d6fc62846a244d957b81a Mon Sep 17 00:00:00 2001
From: Shulhan <ms@kilabit.info>
Date: Tue, 27 Jan 2026 14:18:03 +0700
Subject: lib/dns: use separate ServeMux for handling DoH

Using the [http.DefaultServeMux] will cause panic when the server
restarted automatically.
---
 CHANGELOG.adoc    |  5 +++++
 lib/dns/dns.go    |  4 ----
 lib/dns/server.go | 32 ++++++++++++--------------------
 3 files changed, 17 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
index 9bcaa223..523aa2a6 100644
--- a/CHANGELOG.adoc
+++ b/CHANGELOG.adoc
@@ -38,6 +38,11 @@ Legend,
 [#v0_61_0]
 == pakakeh.go v0.61.0 (2026-xx-xx)
 
+**🌼 lib/dns: use separate ServeMux for handling DoH**
+
+Using the [http.DefaultServeMux] will cause panic when the server
+restarted automatically.
+
 **🌼 lib/dns: skip caching empty answer only for query type A**
 
 Previously, we did not store response with empty RR answer for all record
diff --git a/lib/dns/dns.go b/lib/dns/dns.go
index 8e13200d..d6563adc 100644
--- a/lib/dns/dns.go
+++ b/lib/dns/dns.go
@@ -46,10 +46,6 @@ const (
 	rdataIPv6Size    = 16
 	// sectionHeaderSize define the size of section header in DNS message.
 	sectionHeaderSize = 12
-
-	dohHeaderKeyAccept      = "accept"
-	dohHeaderKeyContentType = "content-type"
-	dohHeaderValDNSMessage  = "application/dns-message"
 )
 
 // List of error messages.
diff --git a/lib/dns/server.go b/lib/dns/server.go
index 075eecb9..32fd8241 100644
--- a/lib/dns/server.go
+++ b/lib/dns/server.go
@@ -15,7 +15,6 @@ import (
 	"log"
 	"net"
 	"net/http"
-	"strings"
 	"sync"
 	"time"
 )
@@ -246,18 +245,20 @@ func (srv *Server) serveDoH() {
 	var (
 		logp = `serveDoH`
 		addr = srv.opts.getHTTPAddress().String()
-
-		err error
 	)
 
+	var mux = http.NewServeMux()
+
+	mux.Handle(`/dns-query`, srv)
+
 	srv.doh = &http.Server{
 		Addr:              addr,
 		IdleTimeout:       srv.opts.HTTPIdleTimeout,
 		ReadHeaderTimeout: 5 * time.Second,
+		Handler:           mux,
 	}
 
-	http.Handle("/dns-query", srv)
-
+	var err error
 	if srv.tlsConfig != nil && !srv.opts.DoHBehindProxy {
 		log.Printf(`%s: listening at %s`, logp, addr)
 		srv.doh.TLSConfig = srv.tlsConfig
@@ -399,26 +400,17 @@ func (srv *Server) serveUDP() {
 	}
 }
 
+// ServeHTTP the main handle for DNS-over-HTTPS.
 func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	var (
-		hdr = w.Header()
-
-		hdrAcceptValue string
-	)
-
-	hdr.Set(dohHeaderKeyContentType, dohHeaderValDNSMessage)
-
-	hdrAcceptValue = r.Header.Get(dohHeaderKeyAccept)
-	if len(hdrAcceptValue) == 0 {
+	const acceptDNSMessage = `application/dns-message`
+	var hdrAcceptValue = r.Header.Get(`Accept`)
+	if hdrAcceptValue != acceptDNSMessage {
 		w.WriteHeader(http.StatusUnsupportedMediaType)
 		return
 	}
 
-	hdrAcceptValue = strings.ToLower(hdrAcceptValue)
-	if hdrAcceptValue != dohHeaderValDNSMessage {
-		w.WriteHeader(http.StatusUnsupportedMediaType)
-		return
-	}
+	var hdr = w.Header()
+	hdr.Set(`Content-Type`, acceptDNSMessage)
 
 	if r.Method == http.MethodGet {
 		srv.handleDoHGet(w, r)
-- 
cgit v1.3