Split tunnel - bug at the Include routes and search domains

App & System Services Networking
roee84 OP
Created Jan ’19
Replies 6
Boosts 0
Views 2.2k
Participants 2

I noticed a bug at the Packet Tunnel Provider app for macOS (maybe also for iOS, I didn't test it there it):

If I'm configuring a split tunnel, with wildcard match domain (empty string) - the system should consult its DNS server for all domains first, as listed here - https://forums.developer.apple.com/thread/35027


Now I've added some searchDomains. When There's no split tunnel, or there's a split tunnel with 'Exclude Routes', everything goes well.

But if the split tunnel is configured with 'Include Routes', it seems that the searchDomains aren't added to the DNS queries.


For example:

Lets say searchDomains contains the postfix 'com'

- working scenario: I've defined some routes at the split tunnel exclude, and run ping google

this worked well and I got results for google.com


- not working scenario: I've defined some routes at the split tunnel include, where google is one of those routes.

running ping google won't work and I get the error:

ping: cannot resolve google: Unknown host

Answered by roee84 in 348165022

ok, made some progress: it seems that for split-tunnel with include routes, you must NOT use the wildcard (which is an empty string) for dnsSettings.matchDomains (which is in contrast the documentation)

Replies  6
Boosts  0
Views  2.2k
Participants  2
DTS Engineer OP
Apple
Jan ’19

I noticed a bug at the Packet Tunnel Provider app for macOS

OK. If you’re convinced that this is a bug in the system the next step is to file a bug report. Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
roee84 OP
Jan ’19

Thanks, I'll do it.

But I also want to check if it happened to someone? Or maybe someone did manage to configure searchDomains and split tunnel with include routes at the same time?

0
roee84 OP
Jan ’19

Submitted bug 47663586

0
roee84 OP
Jan ’19
Accepted Answer

ok, made some progress: it seems that for split-tunnel with include routes, you must NOT use the wildcard (which is an empty string) for dnsSettings.matchDomains (which is in contrast the documentation)

0
roee84 OP
Sep ’20
Bumping this after a year, there's no update for the feedback I submitted.
Do you happen to know if the above behaviour for tunnel's DNS servers + split tunnel (include-routes) is a bug or by design?
0
roee84 OP
Sep ’20
P.S - the tag should be Network Extension
0
Split tunnel - bug at the Include routes and search domains
First post date Last post date
 
 
Q