SystemExtension ignores DNS entries in /etc/hosts file

Question

Created Sep ’21

Replies 3

Boosts 0

Participants 2

I am building a PacketTunnel using SystemExtensions. I have a local FQDN that does not quite resolve using DNS server. Therefore, I have an entry in /etc/hosts which points to the IP of the server. I am able to access this server via FQDN in Safari as well as able to ping it in Terminal.

However, my SystemExtension completely ignores the entry in /etc/hosts file and tries to resolve it using default DNS server which results in NXDOMAIN. I can see its DNS query in Wireshark. So, why would the SystemExtension not follow other apps and use the entries from hosts file for FQDN resolution?

I have already tried to flush dnscache, adding a synthesised IPv6 address and many other suggestion on internet but SystemExtension just refuses to resolve using hosts file. Is there any reason for this behaviour or I could be doing something wrong?

Boost

Answer 1

Systems Engineer OP

Apple

Sep ’21

So, why would the SystemExtension not follow other apps and use the entries from hosts file for FQDN resolution?

Good question. Are you handling this DNS query in your System Extension? If you try to resolve the query in the context of the System Extension does this respect the hosts file?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

dispatchMain OP

Sep ’21

Are you handling this DNS query in your System Extension?

Within the SystemExtension, I am actually trying to connect to server FQDN using NWConnection(to: NWEndpoint.url(server_FQDN), using: parameters). So, I am expecting the FQDN to be resolved to IP from hosts file and connection being established. But that is not happening.

If you try to resolve the query in the context of the System Extension does this respect the hosts file?

I did not try resolving the host myself using something like getaddrinfo or CFHostStartInfoResolution. So, I am not sure about this behaviour.

Also, just FYI, I have split tunnel and a few matchDomains in my extension but they are very different from server FQDN I am using to connect to, in case this matters.

0

Answer 3

Systems Engineer OP

Apple

Sep ’21

Within the SystemExtension, I am actually trying to connect to server FQDN using NWConnection(to: NWEndpoint.url(server_FQDN), using: parameters). So, I am expecting the FQDN to be resolved to IP from hosts file and connection being established. But that is not happening.

Okay, that is interesting. You could try resolving this by hand with something like getaddrinfo or one of the APIs out in <dns_sd.h>, but you should really not have to do this. Does installing the mDNSResponder for macOS provide you more insight onto what is happening here, or does it just tell you that your hosts file is still not used?

Out of curiosity, if you switch your packet tunnel to full tunnel, does this workaround the issue?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0