@eskimo, We have tried saying "No" to everything, and still, Airdrop is not working. I will raise a ticket with Apple.

Oh, my apologies for the confusion. I'm referring to setTunnelNetworkSettings (https://developer.apple.com/documentation/networkextension/netunnelprovider/1406539-settunnelnetworksettings?language=objc). I am utilizing NETransparentProxyProvider and configuring rules using NETransparentProxyNetworkSettings within setTunnelNetworkSettings and acquiring whole UDP traffic. when setting the setTunnelNetworkSettings, it always generates a DNS query for a domain that is already cached by OS or browser using TTL time, which is correct. My concern is that, when I stop the NETransparentProxyManager using stopVPNTunnel and set setTunnelNetworkSettings to nil, it refrains from re-issuing the DNS query until the DNS TTL time has passed. Ideally, it should not utilize the DNS cache once we stop the tunnel, similar to when we set setTunnelNetworkSettings and it does not use the DNS cache and re-issues the DNS query

Yes, this is my NE product, which crashed the system. Filed a bug: FB13465634

Sure, I will open a ticket and proceed with the '/etc/resolver' approach. I'll also make a note if someone has configured managed DNS Thanks,

We have tested with com.apple.dnsSettings.managed, and it takes precedence over /etc/resolver. We will make a note that managed DNS settings take precedence over /etc/resolver In com.apple.dnsSettings.managed, we are only able to setup encrypted dns (TLS or HTTPS), Is there a way we can setup unencrypted DNS?

For now, this is for managed devices.

Thank you for your response, I attempted to use NEDNSSettingsManager, which requires either NEDNSOverHTTPSSettings or NEDNSOverTLSSettings for DNS configuration. Presently, our system does not support encrypted DNS. When I utilized only NEDNSSettings as indicated below, it generated the DNS setting in the filter, but it appears to be disabled (see attached screenshot). NEDNSSettingsManager.shared().loadFromPreferences { error in let dotSettings = NEDNSSettings(servers: ["1.2.3.4"]) //dotSettings.serverName = "example.com" dotSettings.matchDomains = ["test.corp.com"] NEDNSSettingsManager.shared().dnsSettings = dotSettings NEDNSSettingsManager.shared().localizedDescription = "Test config" NEDNSSettingsManager.shared().saveToPreferences { error in NEDNSSettingsManager.shared().loadFromPreferences { error in } } } In my scenario, I need to support custom DNS configurations for specific domains, each requiring a distinct DNS server. However, using NEDNSSettingsManager, I can only assign a single DNS server for multiple matched domains The file /etc/resolver/corp.conso.com is now working for me. Previously, I had been configuring the resolver file before setTunnelNetworkSettings, but now I'm configuring it after the tunnel settings and it is woking as expected. Im able to set custom DNS for specific domain. looking at man 5 resolver it does not talk about deprecation of /etc/resolver/, but only for /etc/resolv.conf. It also update the scutil --dns after adding file to/etc/resolver/corp.conso.com resolver #8 domain : corp.conso.com nameserver[0] : 2.2.2.2 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable)

Thank you for your response. I attempted to use NEDNSSettings within NETransparentProxyProvider, but it appears to be ignored. This issue is also documented in the NETransparentProxyProvider.h class. NEDNSSettings and NEProxySettings specified within NETransparentProxyNetworkSettings are ignored. Flows that match the includedNetworkRules within NETransparentProxyNetworkSettings will use the same DNS and proxy settings that other flows on the system are currently using. Full detail in NETransparentProxyProvider.h /*! @interface NETransparentProxyProvider @discussion The NETransparentProxyProvider class declares the programmatic interface for an object that implements the client side of a custom transparent network proxy solution. The NETransparentProxyProvider class has the following behavior differences from its super class NEAppProxyProvider: - Returning NO from handleNewFlow: and handleNewUDPFlow:initialRemoteEndpoint: causes the flow to proceed to communicate directly with the flow's ultimate destination, instead of closing the flow with a "Connection Refused" error. - NEDNSSettings and NEProxySettings specified within NETransparentProxyNetworkSettings are ignored. Flows that match the includedNetworkRules within NETransparentProxyNetworkSettings will use the same DNS and proxy settings that other flows on the system are currently using. - Flows that are created using a "connect by name" API (such as Network.framework or NSURLSession) that match the includedNetworkRules will not bypass DNS resolution. NETransparentProxyProvider is part of NetworkExtension.framework */

I noticed that when I create a file without the search field from the extension, it works properly. /n File: /private/etc/resolver/corp.conso.com domain corp.conso.com nameserver 2.2.2.2 /n We only encounter the issue when we add the search field to the file and create it from the system extension process.