MasterHttpRelayVPN-RUST/docs/changelog/v1.9.11.md

<!-- see docs/changelog/v1.1.0.md for the file format: Persian, then `---`, then English. -->
• Block DoH by default (PR [#763](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/763) از @yyoyoian-pixel): مرورگرها روی DoH (chrome.cloudflare-dns.com، dns.google، …) به‌طور پیش‌فرض هر name lookup را از طریق tunnel می‌فرستند که ~۱.۵ثانیه overhead به هر page load اضافه می‌کنه. حالا با `block_doh: true` (پیش‌فرض)، CONNECTهای DoH فوراً rd می‌شن — مرورگر به system DNS fallback می‌کنه که `tun2proxy` با virtual DNS فوراً resolve می‌کنه. روی Android UI: Block DoH و Bypass DoH toggle در Advanced. Block over Bypass تقدم داره. همچنین fix bug Android: `tunnelDoh` در Android default `false` بود و در Rust `true`، باعث می‌شد config mismatch بشه و `bypass_doh_hosts` روی Android خاموش بمونه — اکنون default‌ها synced.
• TLS connection pool tuning (PR [#751](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/751) از @yyoyoian-pixel):
  - **Pool refill loop:** background task که دائماً ≥۸ connection ready نگه می‌داره، یکی یکی (نه burst) باز می‌کنه با ۵ ثانیه interval check
  - **Freshest-first acquire:** به‌جای pop کردن آخرین entry، connection با بیشترین TTL باقی‌مانده انتخاب می‌شه
  - **Pool TTL ۴۵→۶۰ ثانیه:** connection‌ها بیشتر زنده می‌مونن، churn کاهش
  - **Coalesce step ۱۰→۲۰۰ms:** Full mode batch packing تنظیم — bottleneck dominant ~۱.۵s Apps Script round-trip است، 200ms wait نسبت به اون نامحسوس و ۳-۵× ops per batch بیشتر pack می‌کنه روی page load. (مقدار قبلی 10ms از v1.9.8 بود — این revert محافظه‌کارانه‌تر است.)
• Fronting groups example: `github.io` به Fastly group اضافه شد (PR [#747](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/747) از @Shjpr9). GitHub Pages روی Fastly anycast `151.101.x.x` است.
• تست: ۱۷۹ lib + ۳۵ tunnel-node test همه pass.
---
• Block DoH by default (PR [#763](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/763) from @yyoyoian-pixel): browsers' DoH (chrome.cloudflare-dns.com, dns.google, …) was sending every name lookup through the tunnel by default, adding ~1.5s overhead per page load. With `block_doh: true` (now default), DoH CONNECTs are rejected immediately — the browser falls back to system DNS, which `tun2proxy` resolves instantly via virtual DNS. Android UI: Block DoH and Bypass DoH toggles in Advanced settings; Block takes priority over Bypass. Also fixes an Android config bug where `tunnelDoh` defaulted to `false` Android-side but `true` in Rust — the field was never serialized so `bypass_doh_hosts` matching was silently broken on every fresh Android install. Defaults are now synced.
• TLS connection pool tuning (PR [#751](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/751) from @yyoyoian-pixel):
  - **Pool refill loop:** background task that maintains ≥8 ready connections, opening them one at a time (no burst) with a 5s interval check
  - **Freshest-first acquire:** picks the connection with the most remaining TTL instead of popping whatever is on top
  - **Pool TTL 45→60s:** connections live longer, less churn
  - **Coalesce step 10→200ms:** Full mode batch packing; the dominant bottleneck is the ~1.5s Apps Script round-trip, so 200ms wait is negligible against it but packs 3–5× more ops per batch during page loads. (The previous 10ms value was the v1.9.8 default — this is a more conservative revert.)
• Fronting groups example: added `github.io` to the Fastly group (PR [#747](https://github.com/therealaleph/MasterHttpRelayVPN-RUST/pull/747) from @Shjpr9). GitHub Pages is on the same Fastly anycast `151.101.x.x` as the other entries in that group.
• Tests: 179 lib + 35 tunnel-node tests passing.