IPv6 DNS Queries Not Resolving

Is this MITM server running within your packet tunnel provider process?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

At present it is as its tightly coupled to the Packet Tunnel Provider due to only needing to be ran when the VPN link is active and for its lifecycle to be linked to that - enables it to run when the app is closed but VPN active and not get garbage collected.

Is this a quirk with it running within the same process? I presume the first suggestion is to spin out the server into its own process (using this?) and just maintain a reference in the Packet Tunnel Provider?

Is this a quirk with it running within the same process?

Possibly. When you see different behaviour in an app versus an NE provider, that’s usually because of NECP. See A Peek Behind the NECP Curtain for more on that. However, I need to better understand your setup before I can say anything for certain.

I presume the first suggestion is to spin out the server into its own process

No. You can’t start arbitrary background processes on iOS.

Please post some details about how your packet tunnel provider is configuring the tunnel. That is, the relevant settings your pass to setTunnelNetworkSettings(_:completionHandler:).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Please post some details about how your packet tunnel provider is configuring the tunnel. That is, the relevant settings your pass to setTunnelNetworkSettings(_:completionHandler:).

override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
        ...

        let tunnelNetworkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: configuration.host)

        let proxySettings = NEProxySettings()
        proxySettings.httpEnabled = true
        proxySettings.httpServer = NEProxyServer(address: configuration.host, port: configuration.port)
        proxySettings.httpsEnabled = true
        proxySettings.httpsServer = NEProxyServer(address: configuration.host, port: configuration.port)
        tunnelNetworkSettings.proxySettings = proxySettings
        
        let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
        ipv4Settings.includedRoutes = [NEIPv4Route.default()]
        tunnelNetworkSettings.ipv4Settings = ipv4Settings
        
        let ipv6 = NEIPv6Settings(addresses: ["FD00::9999:9999"], networkPrefixLengths: [64])
        ipv6.includedRoutes = [NEIPv6Route.default()]
        tunnelNetworkSettings.ipv6Settings = ipv6

        let dns = NEDNSSettings(servers: ["192.168.1.1"])
        dns.matchDomains = ["", "onion"]  // https://developer.apple.com/forums/thread/116033

        setTunnelNetworkSettings(tunnelNetworkSettings) { [weak self] error in
            guard let self = self else { return }
            
            if let error = error {
                completionHandler(error)
                return
            }
            
           // Code that starts the proxy server on the `configuration.host` and `configuration.port`
           
            completionHandler(nil)
        }
    }

Configuration Host: 127.0.0.1 Configuration Port: 9494

For the DNS I have as previously mentioned used 8.8.8.8 and 8.8.4.4. The current setting is my home router that also resolves DNS. Neither work.

Separate to this; I am also finding that applications such as the iOS Mail app don't work with this configuration and requests aren't directed. My gut feeling is that I need to handle the SMTP and IMAP protocols, although unsure because of the proxy or IPv4/6 settings. Could also be the routes in the settings. Happy to create a separate thread if you think this is appropriate.

I accidentally redacted out tunnelNetworkSettings.dnsSettings = dns from below the dns.matchDomains line in the previous code snippet. Realised after submitting and can't edit the reply.