Hi,
We have a VPN solution based on NEPacketTunnelProvider. Our requirement is to be able to get UDP based dns traffic and perform dns resolutions for all dns queries, while the VPN is in split tunnel mode.
Earlier, till iOS 15.x, we used to use the approach mentioned by @eskimo in this link https://developer.apple.com/forums/thread/35027?answerId=122209022#122209022, where our VPN was in split tunnel and we used to use the wildcard match domain option to get all the dns queries in the VPN. We used to use the public dns servers like google dns servers (8.8.8.8, 8.8.4.4) in our vpn. In our NEDNSSettings of the NEPacketTunnelNetworkSettings, we have dnsProtocol set to "clear text" and the servers set to the above public dns servers.
From iOS 16 onwards, we are observing that despite specifying the clearText dns protocol, we are receiving encrypted dns packets probably because of system automatically using DoT or DoH, as the public dns servers does support this.
This is breaking multiple flows in our app.
This seems to be a regression in iOS 16, because the DNSSettings of the VPN should be respected by the platform. Is this a known issue on apple side? If yes, are there any tentative dates for fixing this?