feat(proxy): recover hostnames from IP-only SOCKS5 requests via DNS cache by nnemirovsky · Pull Request #2 · nnemirovsky/sluice

nnemirovsky · 2026-04-07T12:41:34Z

Summary

Add ReverseDNSCache that maps IPs back to hostnames from DNS response records
DNS interceptor populates the cache as queries pass through
SOCKS5 handler uses cache to recover hostname before policy evaluation
Telegram approval messages now show hostnames instead of raw IPs
Hostname-based policy rules match correctly for tun2proxy connections

…ache tun2proxy operates at the network level and sends SOCKS5 CONNECT with resolved IPs, losing the original hostname. This causes approval messages to show IPs instead of hostnames and hostname-based policy rules to miss. Add ReverseDNSCache that populates from DNS response A/AAAA records as they pass through sluice's DNS interceptor. The SOCKS5 handler uses this cache to recover the hostname before policy evaluation, so Telegram approval messages show "auth.openai.com:443" instead of "172.64.146.15:443" and hostname-based allow/deny rules match correctly.

nnemirovsky merged commit f07f454 into main Apr 7, 2026

nnemirovsky deleted the feat/hostname-recovery branch April 7, 2026 12:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(proxy): recover hostnames from IP-only SOCKS5 requests via DNS cache#2

feat(proxy): recover hostnames from IP-only SOCKS5 requests via DNS cache#2
nnemirovsky merged 1 commit intomainfrom
feat/hostname-recovery

nnemirovsky commented Apr 7, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

nnemirovsky commented Apr 7, 2026

Summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant