NEDNSProxyProvider with DoH/DoT

Hello,

When my system DNS is set to DoH/DoT enabled DNS server i.e. 8.8.8.8 or 1.1.1.1, the NEDNSProxyProvider.handleNewFlow will not get called. What am I missing or is it the limitation? Also, the NEDNSProxyProvider.systemDNSSettings always return nil.

PS: The network extension is running on macOS 13.3.1 (a)

When my system DNS is set to DoH/DoT enabled DNS server i.e. 8.8.8.8 or 1.1.1.1, the NEDNSProxyProvider.handleNewFlow will not get called.

This is the expected behaviour (well, not expected by you, but you know what I mean :-).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

I'm experiencing the similar problem in iOS app.

Settings → Wifi → Configure DNS → Change from “Automatic” to “Manual” and enter 8.8.8.8 (save changes), reboot iOS device and DNS settings remain in place.

And after that the NEDNSProxyProvider.handleNewFlow will not get called.

Can someone please help/provide explanation for this behaviour and what steps we can take to solve it?

Can someone please help/provide explanation for this behaviour … ?

The explanation is:

  • 8.8.8.8 advertises a secure DNS resolver, per the Discovery of Designated Resolvers Internet Draft.

  • The system does not route secure DNS transactions to a DNS proxy server.

and what steps we can take to solve it?

From Apple’s perspective this is working correctly. If you’d like to see it behave differently, I recommend that you file an enhancement request explaining why your DNS proxy provider needs to see this traffic.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

NEDNSProxyProvider with DoH/DoT
 
 
Q