Need help with handling flows inside NEDNSProxyProvider

Can somebody please explain the intended process of working with proxy flows?

I agree that this is confusing at first glance, but in reality it’s much easier than you might think. A DNS proxy is much like any of the other ‘app proxy style’ NE providers:

• The proxy receives one or more flows.

• Each flow is associated with a specific client.

• Each flow represents either a TCP connection or a related stream of UDP datagrams.

This is exactly what you see in a app proxy and transparent proxy providers. In the case of a DNS proxy:

• Each TCP flow returns a sequence of bytes which represent DNS queries framed in the standard way.

• Each UDP flow returns a sequence of DNS query packets.

• The proxy is responsible for running each query and sending the reply back on the corresponding flow. How it does this is up to it.

Keep in mind that UDP does not guarantee delivery, so your DNS proxy doesn’t have to reply to UDP queries. If it fails to reply, the DNS client is expected to retry. This is most helpful when you’re proxying a UDP flow to a UDP network connection, because it means that you don’t have to make up for the fact that the UDP network connection may not reply to your query.

And is NEDNSProxyProvider even a working solution

That kinda depends on what specific problem you’re trying to solve. You didn’t go into a lot of background into the high-level task you’re trying to achieve.

Also, you didn’t mention your target platform but, if it’s iOS, be aware that iOS places significant deployment restrictions on DNS proxys. See TN3134 Network Extension provider deployment.

since dns parsing is discouraged

No it’s not. DNS is a standard Internet protocol and so parsing DNS queries and formatting replies is absolutely necessary in some circumstances.

and has been broken recently?

Correct, but that’s one bug in one specific API. Most folks who come to this party bring their own DNS parsing code. I know I do (-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo Thanks for your reply. There's less mess in my head now) Regarding the high-level task I'm trying to achieve: basically, I need DNS settings but with an in-app on/off toggle. And since the use of dns settings requires the user to go into settings app, using that approach is a no-go. I'm well aware of MDM requirement when it comes to DNS proxy, that's not a problem.

I need DNS settings but with an in-app on/off toggle.

You mean NEDNSSettings? If so, implementing a DNS proxy is a lot of work just to get that in-app control.

Also, please drop me a line via email (address in my signature).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

You mean NEDNSSettings? If so, implementing a DNS proxy is a lot of work just to get that in-app control.

Yes, exactly that. Seems like NEDNSProxyProvider is not a solution for the problem... `