Skip to content

feat: real DNS egress test + AI domain tunnel probe#3

Open
kevinchen797 wants to merge 2 commits into
stormzhang:mainfrom
kevinchen797:feat/real-dns-leak-test
Open

feat: real DNS egress test + AI domain tunnel probe#3
kevinchen797 wants to merge 2 commits into
stormzhang:mainfrom
kevinchen797:feat/real-dns-leak-test

Conversation

@kevinchen797

@kevinchen797 kevinchen797 commented Jun 5, 2026

Copy link
Copy Markdown

Motivation

The current DNS check reads the machine's configured resolver IPs and matches them against a hardcoded public-DNS country table (KNOWN_DNS). On setups that use fake-ip + per-domain DoH (common with modern proxy clients), this:

  • false-positives — a configured 223.5.5.5 is flagged as a leak even though it never participates in actual resolution, and
  • false-negatives — any Chinese resolver not in the table passes.

In other words it tests configuration, not where DNS actually egresses.

What this adds

  1. Real DNS egress test (bash.ws randomized-subdomain method): resolves unique subdomains to force recursive resolvers to hit an authoritative server, which records the resolver IPs/countries that actually resolved. Run on the direct (OS) and proxy paths separately. Auto-retries on failure/timeout.
  2. AI domain tunnel probe: resolves 10 mainstream foreign AI domains and checks whether the resolved IP is reachable through the proxy tunnel. A routing signal that complements the egress signal — and it surfaces DNS poisoning (a polluted IP won't be tunnel-reachable).
  3. Two-part verdict: Claude 专用风险 (IPv6 / exit-IP reputation / timezone / Claude core-domain reachability) vs 通用环境风险 (general DNS egress / other AI domains). Avoids flagging Claude as high-risk when only non-allowlisted traffic leaks.
  4. KNOWN_DNS kept as a label + as the fallback when the egress test is off.
  5. --no-leak / --fast to skip the network-heavy tests.

Things to weigh (happy to adjust)

  • I saw in ROADMAP.md that DNS-domestic-provider was recently downgraded to a yellow hint by design. This PR re-surfaces DNS, but as a measured signal under its own 通用环境风险 line — it does not push Claude-specific risk to high. Glad to gate the whole block behind a flag (default off) if you prefer.
  • It introduces a dependency on the public bash.ws dnsleak service for the egress test. If you'd rather not depend on an external service, I can switch to a self-hostable resolver-echo (e.g. whoami.akamai.net) or make the block fully opt-in.
  • New code is stdlib-only (adds random, concurrent.futures). The proxy-path parts lean on the existing macOS get_system_proxy(); on Linux/Windows the proxy-path test is best-effort.

Testing

Verified on macOS (Darwin 23.6) against a fake-ip + per-domain-DoH proxy: the static check false-positived (configured AliDNS) while the egress test correctly showed the generic path leaking to CN and the Claude domains resolving to real IPs + tunnel-reachable. --no-leak falls back cleanly. Not yet verified on Linux/Windows.

See CHANGELOG.md for the full summary. Happy to adjust scope / wording / flags / dependency per your direction.

kevinchen797 and others added 2 commits June 5, 2026 16:40
@kevinchen797 @claude
feat: real DNS egress test + AI domain tunnel probe
1dffbba 
Replace the static resolver-IP-vs-country-table DNS check with an actual
egress test, and split the verdict into Claude-specific vs general-env risk.

- Real DNS leak test (bash.ws randomized subdomains): measures the resolver
  IPs/countries that actually perform resolution, on the direct (OS) and
  proxy paths separately; auto-retries on failure/timeout.
- AI domain tunnel probe: resolves 10 mainstream foreign AI domains and
  checks whether the resolved IP is reachable through the proxy tunnel
  (routing signal that complements DNS egress; also surfaces DNS poisoning
  when a polluted IP is unreachable).
- Two-part conclusion: "Claude 专用风险" (IPv6 / exit-IP reputation / tz /
  Claude core-domain reachability) vs "通用环境风险" (general DNS egress /
  other AI domains). Avoids false "Claude high-risk" from a generic DNS leak.
- KNOWN_DNS static table demoted to labeling + fallback when leak test is off.
- --no-leak / --fast to skip network-heavy tests.
- Add CHANGELOG.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kevinchen797 @claude
fix: keep table aligned when values overflow column width
8f99a0f 
The new DNS-egress / probe rows can produce values longer than the value
column (long ASN org names), which pushed the right border out and broke
the box alignment.

- Add display-width-aware clip() that truncates to the column width,
  preserving ANSI color codes and appending an ellipsis.
- Apply it in tbl_row so any value (current or future) stays within the box.
- Shorten the over-long DNS-consistency verdict (drop country enumeration).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevinchen797