When “AI Search Is Slow” Is Really a Routing Maze
Open Perplexity, ask a long question, and watch the UI: the page shell loads, then a spinner hangs while tokens should stream. Or launch Google NotebookLM, upload a PDF, and the progress bar stalls between “uploaded” and “indexed.” Your instinct says “bad node” or “overloaded cloud,” and sometimes that is true—but a surprising share of these failures are ordinary split-routing mistakes. The browser session is not one hostname; it is a fan-out of API hosts, static asset domains, optional analytics endpoints, and—critically—authentication callbacks that must share a coherent path with the app.
Unlike a single git clone to github.com, AI search workloads behave like a micro-SaaS dashboard inside a tab. One request might hit a primary app origin, another pulls fonts and scripts from a global CDN, a third opens a long-lived connection for partial JSON or Server-Sent Events, and a fourth talks to Google identity if you are signed into Workspace. If your Clash profile sends the HTML document through a fast exit but leaves an API subdomain on a congested default route, the user-visible symptom is “the AI is broken,” not “rule 37 matched wrong.”
This article is intentionally not another repeat of editor marketplace routing. If you need Cursor, Copilot-class APIs, and GitHub split-tunnel patterns, read the dedicated developer guide first, then return here—we will reference it only to contrast scope, not to duplicate YAML. Your goal here is a tidy rule configuration slice for research tools you use in the browser or lightweight desktop shells, with emphasis on multi-domain coverage and sign-in alignment.
How Research AI Differs from IDE Traffic
Developer stacks usually stress package registries, large binary deltas, and long TLS sessions to a handful of recognizable vendors. NotebookLM and Perplexity stress interactive latency and many short parallel connections that must complete in a tight window for the interface to feel alive. A proxy group that works for cloning repositories might still starve an answer stream if its url-test policy flaps between exits mid-response, or if HTTP/2 prioritization fights bufferbloat on an oversubscribed chain.
Another difference is identity coupling. NotebookLM rides Google account flows; blocking or misrouting accounts.google.com while sending only notebooklm.google through a tunnel produces half-logged-in ghosts—pages render, backend calls 401, the UI retries until you blame “AI quality.” Perplexity’s surface is more self-contained on paper, yet still mixes first-party APIs with third-party CDNs and optional embeds. Treat every research session as a bundle of domains, not a single bookmark.
Finally, research users often toggle between domestic general browsing and global AI tabs. A blunt global mode fixes demos and ruins latency for everything else. The sustainable approach is the same Clash philosophy you already know—ordered rules and explicit groups—applied to a fresh hostname inventory gathered from logs, not from a stale gist titled “all AI sites 2024.txt.”
Build a Hostname Inventory From Logs, Not Rumors
Start with observation. Reload the product, reproduce the slow path once, and read your client’s live connection log. Promote repeated SNI names into explicit DOMAIN or DOMAIN-SUFFIX lines ahead of broad catch-alls. The list below is a starter hypothesis to validate, not a warranty about tomorrow’s infrastructure.
For Perplexity, expect strong signals on perplexity.ai and related first-party subdomains your log reveals. Third-party CDNs may appear as separate suffixes; do not assume they share the parent certificate chain you see in the address bar. If the app migrates an API from one cloud front to another, your static YAML will lag until you look at fresh logs—another reason to keep this block in its own section you can edit weekly.
For NotebookLM, the visible app hostname is only the lobby sign—typically notebooklm.google.com and related Google backends. Static content often loads from gstatic.com, scripts and APIs from regions under googleapis.com or product-specific hosts, and authentication from accounts.google.com plus OAuth redirect endpoints. Routing only the pretty URL while direct-connecting OAuth often yields intermittent “refresh token” loops that look like AI outages. If your household policy normally keeps Google properties direct for latency, you may need a narrow exception: same exit for NotebookLM and the handful of identity hosts its session touches, rather than a blanket DOMAIN-SUFFIX,google.com that drags every Google product through a tunnel you did not intend.
If you maintain remote lists, encapsulate this research bundle as its own rule-provider file you control; the mechanics of RULE-SET ordering are covered in our rule providers guide, which pairs well with a small personal YAML fragment for fast edits.
Create a Dedicated AISearch Proxy Group
Naming is part of maintainability. Define a proxy group—call it AISearch, Research, or anything boring and unique—and give it a policy that favors session stability over winning micro-benchmarks. A url-test group that switches nodes every few seconds feels clever until it severs half-written streams. Consider fallback with stickiness, or a hand-picked node you trust for interactive HTTP/2, then fall back to auto selection only when health checks fail.
Keep this group separate from a DevProxy bucket if you run both. Mixing “everything intellectual” into one pool makes debugging noisy: when Perplexity lags, you will not know whether the culprit is a git LFS burst or your answer API. Separation also lets you attach different dial time-outs or TCP profiles if your client exposes them—some users tune smaller handshake margins for APIs than for bulk downloads.
Document in a one-line comment (outside machine blocks if your toolchain strips YAML comments) why AISearch exists. Future you will otherwise merge it with Streaming during a late-night cleanup and wonder why OAuth broke on Tuesday.
Starter rules: Fragment for Research AI
Assume you already have domestic shortcuts and a final MATCH you like. Insert a compact block above broad GEOIP or mega-RULE-SET lines that might swallow your exceptions. The following illustrates structure; replace suffixes with names your own logs confirm, and reconcile duplicates if your template already matches some Google properties elsewhere.
# Research / AI search — verify hostnames against your connection log
- DOMAIN-SUFFIX,perplexity.ai,AISearch
# Add observed Perplexity API or CDN suffixes here after logging
# NotebookLM + minimal Google auth alignment (tune aggressively to your policy)
- DOMAIN-SUFFIX,notebooklm.google.com,AISearch
- DOMAIN-SUFFIX,accounts.google.com,AISearch
- DOMAIN-SUFFIX,googleusercontent.com,AISearch
- DOMAIN-SUFFIX,gstatic.com,AISearch
- DOMAIN-SUFFIX,googleapis.com,AISearch
# If a broad RULE-SET above this block steals matches, move these lines higherWhy not one giant DOMAIN-SUFFIX,google.com,AISearch? Because “Google” is not one product—it is an ecosystem. A coarse suffix routes Search, Maps, Drive, and YouTube through the same exit unless you add many exceptions, and exceptions fight in both directions. Prefer surgical rows derived from NotebookLM sessions, then widen only when logs justify it. If corporate Workspace requires split tunnels of its own, merge policies consciously rather than letting two YAML sections argue.
If you already route all non-local traffic through a catch-all, these lines still matter: they pin interactive research flows to the AISearch policy before a misleading GEOIP result sends an API to DIRECT because anycast addressing looks domestic. Domain-first wins are the recurring theme.
CDN Edges, Embeds, and the OAuth Double-Hop
Modern pages load scripts from domains that share nothing with the brand in the address bar. When an AI search product embeds a chart library, a maps tile, or a customer-support widget, those hosts must follow a consistent policy or the page enters partial failure mode—spinners with no stack trace. Your log is the source of truth; community lists help only when maintained.
OAuth and cookie flows punish mixed paths harder than static reads. If the HTML route uses exit A while the token refresh route uses exit B with a different egress IP reputation, some risk engines throttle silently. The user sees “try again.” Aligning authentication-related hosts with the app group is not paranoia; it is the same lesson corporate IT teaches about sticky sessions, expressed in Clash vocabulary.
Watch for WebSocket or streaming upgrades hidden behind generic hostnames. Blocking or mis-proxying upgrade paths produces half-open connections that browsers retry with exponential backoff—exactly the pattern people describe as “Perplexity feels fine on phone data but awful on Wi-Fi,” when Wi-Fi runs a different profile with an over-broad REJECT list.
DNS Must Agree With What Rules See
Routing without resolver alignment is guesswork. If fake-ip is on, domain rules generally behave, but poisoned or split DNS can still send some queries around your tunnel while answers return on another path. If you use aggressive nameserver-policy splits, ensure research domains resolve through resolvers that match the outbound you intend—not a public resolver on the wrong continent that returns optimized answers for the wrong eyeball network.
Our DNS leak prevention guide walks through fake-ip versus redir-host and how to avoid circular DoH chains. For research tabs, the practical habit is: after any DNS change, reload Clash, open one failing product, capture five minutes of logs, and diff SNIs against your YAML. Second-guessing without logs burns afternoons.
IPv6 deserves a mention. If your LAN advertises AAAA records that black-hole while IPv4 succeeds, streaming clients may appear “flaky” because happy eyeballs races sometimes pick the broken path. Narrowing AAAA or adjusting resolver behavior is dull work, but cheaper than chasing phantom AI regressions.
TUN, System Proxy, and Browser-Only Setups
Browser-only users often rely on SwitchyOmega-style extensions while the OS resolver stays “normal.” That can work, but extension coverage is never perfect: service workers, embedded iframes, and helper binaries may bypass the extension. TUN mode captures more at the cost of touching the whole routing table. System proxy sits in between. Pick based on how completely you need to catch the tab’s connection family, not based on forum fashion.
If you parallel this setup with the IDE article’s advice, note the difference in targets: here the priority is interactive web stacks and Google identity, not git and marketplace CDNs. You can still reuse the same Clash build; you are only swapping the hostname bundle and possibly tightening url-test intervals for the AISearch group. Windows users enabling TUN for the first time should keep the Windows TUN troubleshooting notes handy—adapter churn masquerades as “NotebookLM down” surprisingly often.
Troubleshooting Checklist Before You Blame the Model
When a research tool regresses after a config tweak, walk the list mechanically. First, confirm which rule matched: tail logs, trigger one failing action, read the policy name. If your new lines never appear, you are editing the wrong profile path or a GUI shadow copy. Second, separate TLS trust issues from routing—clock skew, corporate SSL inspection, and stale roots all masquerade as hangs. Third, compare IPv4-only versus dual-stack behavior. Fourth, temporarily collapse AISearch to a single known-good node to remove flapping from the equation.
Fifth, watch upload paths separately from question paths. NotebookLM-style ingestion may hit resumable upload endpoints with different hostnames than the chat surface; a rule that covers only the visible app domain is incomplete. Sixth, re-verify OAuth after any change to Google routing: sign out, sign in, watch the log for redirects you forgot to include.
Seventh, update core and Geo data together. Parser mismatches and outdated datasets create absurd outcomes no amount of clever suffix typing fixes. GUI bundles that ship a tested Mihomo pairing reduce that class of pain; piecing random nightlies does not.
Closing Thoughts
Perplexity and NotebookLM sit at the center of a noisy 2026 conversation about AI search, but the network story underneath them is refreshingly ordinary: many hosts, one user expectation of continuity. Clash routing shines when you treat that bundle as a first-class policy—its own group, its own ordered rules, resolver choices that match reality, and logs that replace superstition.
Compared with turning global mode on every time a tab stutters, a maintained research slice keeps domestic browsing snappy, avoids dragging unrelated Google surfaces through the wrong exit, and makes failures legible enough to fix in minutes. When you want client builds where the rule engine, DNS stack, and GUI move forward together, start from verified bundles on the Clash download page instead of assembling fragments from memory.
Keep your hostname list small, current, and justified by captures—not by copy-paste folklore. The first disciplined logging session pays for itself the next time an API moves CDN and your friends assume “the AI got worse.” → Download Clash for free and experience the difference.