Hi Team,
We are using NETransparentProxyProvider, and we have observed that whenever we set setNetworkInterface with NENetworkRule, it always generates the DNS query even if the TTL time has not passed.
However, when I stop the NETransparentProxyManager using stopVPNTunnel and set setNetworkInterface as nil, it will not re-issue the DNS query until the DNS TTL time has passed.
I'm not sure what the question is here? Also, do you mean that you are using setNetworkInterface on NEAppProxyFlow?
Oh, my apologies for the confusion.
I'm referring to setTunnelNetworkSettings (https://developer.apple.com/documentation/networkextension/netunnelprovider/1406539-settunnelnetworksettings?language=objc).
I am utilizing NETransparentProxyProvider and configuring rules using NETransparentProxyNetworkSettings within setTunnelNetworkSettings and acquiring whole UDP traffic.
when setting the setTunnelNetworkSettings, it always generates a DNS query for a domain that is already cached by OS or browser using TTL time, which is correct.
My concern is that, when I stop the NETransparentProxyManager using stopVPNTunnel and set setTunnelNetworkSettings to nil, it refrains from re-issuing the DNS query until the DNS TTL time has passed.
Ideally, it should not utilize the DNS cache once we stop the tunnel, similar to when we set setTunnelNetworkSettings and it does not use the DNS cache and re-issues the DNS query
@meaton: Could u pls suggest here?
Ideally, it should not utilize the DNS cache once we stop the tunnel, similar to when we set setTunnelNetworkSettings and it does not use the DNS cache and re-issues the DNS query
Depending upon how your NETransparentProxyNetworkSettings are setup you could be claiming DNS traffic by setting up your policies when the settings are applied, so it makes sense that DNS queries are applied. When removing these policies I suspect that the system remains using the standard time to live value for the cache on DNS records. I would recommend that if you need to claim and proxy DNS traffic to use the NETransparentProxyProvider or the NEDNSProxyProvider for these actions. Otherwise let the system handle the DNS records on its own, it should do the right thing here.
@meaton, thanks for the reply, Is there a way to remove DNS cache? I tried sudo killall -HUP mDNSResponder, but it only removed the system DNS cache.
There is also the browser cache (Chrome) that remains unaffected, and it will persist until its TTL expires.
When we switch off the WIFI and then enable it again, all DNS caches, including the browser cache (Chrome), are cleared. Is there anything else we can try to remove the DNS cache?
Is there a way to remove DNS cache? I tried sudo killall -HUP mDNSResponder, but it only removed the system DNS cache.
There is no public API to remove the DNS cache that I am aware of.