myip determines a host's public IP address by collecting answers from multiple independent reflection mechanisms and choosing the most credible result through ASN-aware consensus rather than trusting a single endpoint.
It combines two methods:
- DNS reflection: the resolver queries several public DNS services that return the caller's observed address.
- STUN reflection: it sends RFC 5389 Binding Requests to a pool of STUN servers and extracts the mapped address from the response.
The core algorithm is designed to reduce false confidence from local filtering, broken resolvers, or regionally biased infrastructure:
- Responses are counted by distinct ASN, not by raw server count, so multiple servers from the same network do not dominate the result.
- STUN servers are sampled in batches with at most one server per ASN per batch.
- Server batches are prioritised by a tiered list, preferring servers outside a small set of high-censorship countries.
- After each batch, the resolver runs a quorum evaluation that looks for a candidate IP with enough independent ASN support and a minimum agreement ratio.
- It also detects ambiguity when the top two IP candidates are too close, and flags regional bias when disagreeing answers cluster heavily in one country.
- If strong quorum is not reached before timeout, it still returns the best available candidate with a confidence level of
high,medium, orlow.
The project also includes stunprep, a companion utility that prepares STUN server lists. It resolves each server hostname, enriches it with ASN and country metadata from a MaxMind database, classifies it into a tier, and writes the result as NDJSON for the resolver to consume.
Print the resolved public IP:
go run ./cmd/myipPrint the full result as JSON:
go run ./cmd/myip -json