I am trying to setup an extension using DNSProxyProvider that intercepts the DNS traffic on UDP and inserts our custom device identifier and send it to our custom DNS Server which gives us the response which I forward to the requesting client. I have been able to append the identifier with the domain name when sending out request to our custom DNS and I am getting the response back just fine but when I try to write the response to the udpflow I get this error in Console Logs. Error Domain=NEAppProxyFlowErrorDomain Code=9 "The datagram was too large" UserInfo={NSLocalizedDescription=The datagram was too large} Here is what I have tried so far. Truncating the datagram size to less than 10 bytes. Sending in dummy Data object while trying to write to the flow. Double checking the Signing and Capabilities, for Targets, the App and Network Extension. Attached below is code from my NEDNSProxyProvider. The DNS request is process in the handleNewFlow function which calls processUDPFlow override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { if flow is NEAppProxyTCPFlow { NSLog("BDDNSProxyProvider : Is TCP Flow...") } else if let udpFlow = flow as? NEAppProxyUDPFlow { NSLog("BDDNSProxyProvider: handleNewFlow : \(udpFlow)") processUDPFlow(udpFlow) // < -- } return true } In the code below I concatenate domain name in the request with deviceId and send it to our server. Also have the Logs lines in, please ignore them. // Read incoming DNS packets from the client self.udpAppProxyFlow = udpFlow udpFlow.readDatagrams { datagrams, error in if let error = error { NSLog("Error reading datagrams: \(error.localizedDescription)") return } guard let datagrams = datagrams else { NSLog("No datagrams received.") return } // Forward each DNS packet to the custom DNS server for (index, packet) in datagrams.enumerated() { let dnsMessage = self.parseDNSMessage(from: packet.0) NSLog("tDatagram Header: \(dnsMessage.header)") for question in dnsMessage.questions { NSLog("tDatagram Question: \(question.name), Type: \(question.type), Class: \(question.klass)") } for answer in dnsMessage.answers { NSLog("tDatagram Answer: \(answer.name), Type: \(answer.type), Data: \(answer.data)") } let oldDomain = self.extractDomainName(from: packet.0)! let packetWithNewDomain = self.replaceDomainName(in: packet.0, with: "827-\(oldDomain)") // func to append device ID NSLog("Packet's new domain \(self.extractDomainName(from: packetWithNewDomain ?? packet.0) ?? "Found nil")") self.sendToCustomDNSServer(packetWithNewDomain!) { responseDatagram in guard let responseDatagram = responseDatagram else { NSLog("Failed to get a response from the custom DNS server") return } let tDatagram = (responseDatagram, packet.1) udpFlow.writeDatagrams([tDatagram]) { error in if let error = error { NSLog("Failed to write DNS response back to client: \(error)") } else { NSLog("Successfully wrote DNS response back to client.") } } } } // Continue Reading Datagrams - DO NOT REMOVE! self.processUDPFlow(udpFlow) } } Following is the function I use to replace domainName // Ensure the datagram is at least the size of the DNS header guard datagram.count > 12 else { NSLog("Error : Invalid datagram: Too small to contain a DNS header") return nil } NSLog("BDLine 193") // Start reading after the header (12 bytes) var offset = 12 // Parse the original domain name while offset < datagram.count { let length = Int(datagram[offset]) // Get the length of the next label offset += 1 // Check for the null terminator (end of domain name) if length == 0 { // Domain name ends here break } // Validate that the length is within bounds guard offset + length <= datagram.count else { NSLog("Error : Invalid datagram: Domain name length exceeds packet size") return nil } // Skip over this label offset += length } Everything is falling into place other than this last Error I get when I try to write back to flow. What am I missing here and how can I resolve this issue? Any help would be appreciated. Thanks