#!/usr/bin/env python3 """ DNS-over-HTTPS resolver for HF Spaces. HF Spaces containers cannot resolve certain domains (e.g. web.whatsapp.com) via the default DNS resolver. This script resolves key domains using Cloudflare DoH (DNS-over-HTTPS) and writes results to a JSON file for the Node.js DNS fix script to consume. Usage: python3 dns-resolve.py [output-file] """ import json import os import ssl import sys import urllib.request DOH_ENDPOINTS = [ "https://1.1.1.1/dns-query", # Cloudflare "https://8.8.8.8/resolve", # Google "https://dns.google/resolve", # Google (hostname) ] # Domains that WhatsApp/Baileys and Telegram need to connect to DOMAINS = [ # WhatsApp / Baileys "web.whatsapp.com", "g.whatsapp.net", "mmg.whatsapp.net", "pps.whatsapp.net", "static.whatsapp.net", "media.fmed1-1.fna.whatsapp.net", # Telegram Bot API "api.telegram.org", ] def resolve_via_doh(domain: str, endpoint: str, timeout: int = 10) -> list[str]: """Resolve a domain via DNS-over-HTTPS, return list of IPv4 addresses.""" url = f"{endpoint}?name={domain}&type=A" req = urllib.request.Request(url, headers={"Accept": "application/dns-json"}) ctx = ssl.create_default_context() resp = urllib.request.urlopen(req, timeout=timeout, context=ctx) data = json.loads(resp.read().decode()) ips = [] for answer in data.get("Answer", []): if answer.get("type") == 1: # A record ips.append(answer["data"]) elif answer.get("type") == 5: # CNAME — follow chain continue return ips def resolve_domain(domain: str) -> list[str]: """Try multiple DoH endpoints until one succeeds.""" for endpoint in DOH_ENDPOINTS: try: ips = resolve_via_doh(domain, endpoint) if ips: return ips except Exception: continue return [] def main() -> None: output_file = sys.argv[1] if len(sys.argv) > 1 else "/tmp/dns-resolved.json" # First check if system DNS works at all try: import socket socket.getaddrinfo("web.whatsapp.com", 443, socket.AF_INET) socket.getaddrinfo("api.telegram.org", 443, socket.AF_INET) print("[dns] System DNS works for WhatsApp & Telegram — DoH not needed") # Write empty file so dns-fix.cjs knows it's not needed with open(output_file, "w") as f: json.dump({}, f) return except (socket.gaierror, OSError) as e: print(f"[dns] System DNS failed ({e}) — using DoH fallback") results = {} for domain in DOMAINS: ips = resolve_domain(domain) if ips: results[domain] = ips[0] print(f"[dns] {domain} -> {ips[0]}") else: print(f"[dns] WARNING: could not resolve {domain}") with open(output_file, "w") as f: json.dump(results, f, indent=2) # Also write to /etc/hosts so undici/fetch (which bypasses dns.lookup) works if results: try: with open("/etc/hosts", "a") as f: f.write("\n# === HuggingClaw DoH resolved domains ===\n") for domain, ip in results.items(): f.write(f"{ip} {domain}\n") print(f"[dns] Wrote {len(results)} entries to /etc/hosts") except PermissionError: print("[dns] WARNING: cannot write /etc/hosts (permission denied)") print(f"[dns] Resolved {len(results)}/{len(DOMAINS)} domains -> {output_file}") if __name__ == "__main__": main()