Packet Tunnel Provider with DNS possible?

App & System Services Networking
mklnz5 OP
Created Sep ’24
Replies 3
Boosts 0
Views 287
Participants 2

I have created a NEPacketTunnelProvider which seems to work currently in testing.

However I have noticed that the DNS do not go through the TUN interface, even setting a bogus DNS server in NEPacketTunnelNetworkSettings still has no effect and I'm able to browse just fine.

I also know that there is the DNS Proxy Provider, can it be used in conjuction with Packet Tunnel Provider?

Though from what I have read this is not available for the general public and can only be used on supervised / managed devices?

Are there any supported methods of running a local DNS server, say on 127.0.0.1 and redirect all DNS queries to this server?

Answered by DTS Engineer in 803704022
Though from what I have read this is not available for the general public and can only be used on supervised / managed devices?

See TN3134 Network Extension provider deployment.

Also see TN3120 Expected use cases for Network Extension packet tunnel providers. I see a lot of folks trying to use a packet tunnel provider to implement a content filter. IME there’s no way to implement that reliably, and it’s not something that DTS supports.

If you are actually implement a VPN, you have a few options when it comes to DNS. For the details, see this post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  287
Participants  2
DTS Engineer OP
Apple
Sep ’24
Recommended
Though from what I have read this is not available for the general public and can only be used on supervised / managed devices?

See TN3134 Network Extension provider deployment.

Also see TN3120 Expected use cases for Network Extension packet tunnel providers. I see a lot of folks trying to use a packet tunnel provider to implement a content filter. IME there’s no way to implement that reliably, and it’s not something that DTS supports.

If you are actually implement a VPN, you have a few options when it comes to DNS. For the details, see this post.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
mklnz5 OP
Sep ’24

Thanks for the response. Actually the only thing I was missing is the matchDomains property and now the DNS is hitting the local DNS forwarder.

This is indeed for implementing a VPN tunnel, not filtering content. The DNS requirements are so that the queries are resolved and saved temporarily into a list in which then the VPN tunnel can perform conditional routing based on said IPs.

I know it is working in development on device but is it against App Store guidelines to host a local listening DNS forwarder in the Network Extension?

0
DTS Engineer OP
Apple
Sep ’24
Accepted Answer
is it against App Store guidelines to host a local listening DNS forwarder in the Network Extension?

I don’t work for App Review and can’t offer definitive advice on their behalf. The App Review Guidelines do have important things to say about Network Extension providers, but I don’t see anything that’s this specific.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Packet Tunnel Provider with DNS possible?
First post date Last post date
 
 
Q