[Network Extension, Packet Tunnel Provider, iOS, split tunnel]
I've implemented a custom network extension app for iOS using Packet Tunnel Provider. A customer enabled a split tunnel, set the tunnel's DNS servers, and added relevant 'search domains' and 'match domains'.
Then, he reported an error related to DNS, specifically, DNS Over HTTPS. He noticed that DNS queries were sent over HTTPS.
He also has the corresponding app for Mac (Packet Tunnel Provider, macOS, system extension), and everything works fine with the same DNS configuration, and the DNS queries were sent as a 'clear text', not DoH.
- Is DoH the default behavior on iOS? Is it the default on macOS?
- Can we somehow change this behavior?
- Are DoH queries reach the tunnel as plain DNS queries?