Instead of raising, moving a Default single-family instance to an explicit
interface set now demotes its dual-use listen/responder socket to a pure
listener and rebuilds it clean, then adds per-interface responders for the
whole desired set. Rebuilding releases the dual-use socket's existing group
memberships so the new joins do not collide (EADDRINUSE) when the desired
set overlaps the interface it served, and demoting it first prevents double
announcements.

… of recomputing

Add a _without_transport helper for the repeated 'filter wrappers whose
transport is not X' list comprehension, used by _async_remove_transport and
the dual-use demote. In the demote, pop the known listen key from current
instead of rebuilding the whole dict.

Add regression guards the diff structurally couldn't fail on: re-announce
over multiple registrations with one failing, an interface IP change handled
as remove+add in one rescan, and the IPv6 leave packing the join interface
index. Document that re-announcement is best-effort.

A bare except OSError in _listen_socket_supports masked a getsockopt failure
on any platform into 'dual-stack supported', which could suppress a needed
listen-socket rebuild and leave an added address family unreceivable. Narrow
the fallback to win32 (where the read legitimately fails) and re-raise
elsewhere, mirroring make_wrapped_transport.

The re-announce warning now identifies which registration failed (zipped back
to its ServiceInfo) so a partial failure is actionable. The sync
update_interfaces wrapper awaits the announce inline (to keep per-service
failure logging), so widen its timeout to cover the full announce window plus
reconcile overhead rather than leaving a thin margin under EventLoopBlocked.

make_wrapped_transport runs on the startup/connection path; re-raising a
failed IPV6_MULTICAST_IF read there could abort instance startup to protect
multicast_index, which only selects the interface for a benign group leave
that drop_multicast_member already tolerates. Fall back to the default index
with a debug log instead. Apply the same graceful fallback to
_listen_socket_supports (assume dual-stack) so a getsockopt failure can't
abort a rescan, and the two paths agree. Soften the _core config-commit
comment, which overstated the invariant on a partial reconcile failure.

…rt bring-up

A failed IPV6_V6ONLY read assumes dual-stack (returning False could loop
rebuilds when the rebuilt socket's read also fails), but if the socket really
were v6-only that skips a needed rebuild and strands an added IPv4 family, so
log it at warning rather than debug. Document that interface bring-up is
best-effort, and note the benign group leave on the rebuilt listen socket.

… bind failure

normalize_interface_choice raises RuntimeError for an All/Default instance
that transiently resolves to zero addresses during adapter churn; catch it as
a logged no-op so a momentary down state doesn't crash a caller's
adapter-change handler. Make a per-interface endpoint-creation failure roll
back and skip (log_warning_once) rather than abort the whole reconcile, so
other interfaces still come up and get re-announced, matching the documented
best-effort contract. Log a non-Windows IPV6_MULTICAST_IF read failure at
warning (Windows WSAEINVAL stays debug) since a wrong-index leave leaks the
membership.

Best-effort bring-up should downgrade an expected socket-level failure, not a
real bug. Roll back on any wrap failure, but re-raise anything that is not an
OSError so a TypeError/AttributeError surfaces instead of being deduped into a
one-time 'interface not added' warning.

The Default dual-use conversion demoted the socket from senders before the
fallible rebuild, so a rebuild failure left it pulled from senders but not
replaced (instance stops responding) and propagated into the caller's handler.
The explicit demote was redundant; the rebuild removes the old transport from
senders itself, but only after the new socket succeeds. Drop the pre-demote
(keep only the diff-view pop) so a failed rebuild leaves senders intact, and
catch the rebuild failure as a logged no-op to honor the best-effort contract.

gather(return_exceptions=True) also captures BaseExceptions like
CancelledError, which the isinstance(result, Exception) check skipped, so a
cancelled re-announce vanished silently; re-raise a captured BaseException
instead of swallowing it. Document on the public update_interfaces methods
that apple_p2p on a non-Apple platform raises RuntimeError.