Hi, I'm using 2 separated providers, each derived from dns and application providers respectively.
in the application provider I use the object NETunnelNetworkSettings as input in method to setTunnelNetworkSettings to catch all network data originated from some specific applications (including dns packets).
in the dns provider I'd like to catch all dns traffic in general disregarding any specific application where the request was originated from.
in my experiment, If I avoid setting the DNS server addresses in DNSSettings inside NETunnelNetworkSettings, than all DNS originated from the specific application I set using the app proxy tunnel, will be destined to address 10.0.0.10 by default (and not the default DNS address).
However, If I do set this DNSSettings value, I get the following block (in my example I set the app proxy to catch the traffic of zoom.us application)
2023-04-19 11:34:45.493033+0300 0x1206 Default 0x0 501 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q36288] ShouldSuppressUnicastQuery: Query suppressed for zoom.us. Addr (blocked by policy)
2023-04-19 11:34:45.493582+0300 0x1206 Default 0x0 501 0 mDNSResponder: [com.apple.mDNSResponder:Default] [Q14787] ShouldSuppressUnicastQuery: Query suppressed for zoom.us. AAAA (blocked by policy)
my desire is to catch the application connections using the app proxy provider, and leave the dns requests/responses for the dns proxy provider.
I know this might not be the best approach, but perhaps there's a way to "tell" my application proxy provider to "ignore" DNS packets on udp connection, and let the DNS proxy handle it (without getting blocked by policy
error, which happen before the packet reaches any of the proxy providers.)
thanks !