Add DNS ECS and split-horizon leakage gates by malb200710-dev · Pull Request #2276 · UnitOneAI/SecuritySkills

malb200710-dev · 2026-06-10T18:33:56Z

Summary

Distinguishes approved enterprise resolver forwarding from unmanaged public resolver bypass.
Adds EDNS Client Subnet minimization/risk-acceptance evidence gates.
Adds split-horizon/internal suffix and private reverse-zone leakage checks.
Expands the DNS security output tables with resolver forwarding and leakage evidence.

Confirmed �ersion: "1.1.0" is present.
Confirmed ECS, split-horizon, approved resolver, RFC 7871, and leakage evidence markers are present.
Confirmed Markdown code fences are balanced.

Closes #2269.

Requesting Improver - Moderate bounty consideration if accepted. Payment details can be provided privately after acceptance.

Add DNS ECS and split-horizon leakage gates

c63c536