I'm working on building a custom Packet Tunnel Provider and I'm running into a group of related problems surrounding how DNS appears to be handled.
If I don't specify dnsSettings in my NEPacketTunnelNetworkSettings then nothing resolves and the tunnel is useless.
So I tried setting a specific DNS resolver; that solves the problem of DNS resolution and the tunnel works, but those DNS requests are sent outside the tunnel and I don't see a way to enforce them going through the tunnel. This is a problem as plain text DNS requests are a big information leak.
I next tried to set the dnsSettings to an NEDNSOverHTTPSSettings object pointing to cloudflare's public DoH server. That doesn't appear to work. No DNS requests are seen over the wire, but nothing resolves so it's just as useless as the original state.
Is there something I'm missing here w/r/t DNS setting on packet tunnel providers?
If I don't specify dnsSettings in my NEPacketTunnelNetworkSettings then nothing resolves and the tunnel is useless.
So I tried setting a specific DNS resolver; that solves the problem of DNS resolution and the tunnel works, but those DNS requests are sent outside the tunnel and I don't see a way to enforce them going through the tunnel. This is a problem as plain text DNS requests are a big information leak.
I next tried to set the dnsSettings to an NEDNSOverHTTPSSettings object pointing to cloudflare's public DoH server. That doesn't appear to work. No DNS requests are seen over the wire, but nothing resolves so it's just as useless as the original state.
Is there something I'm missing here w/r/t DNS setting on packet tunnel providers?