Our company has a VPN client that uses the Packet Tunnel Provider network extension and when 18 came out we noticed that we were no longer seeing DNS requests get sent to the VPNs TUN interface. Do a packet trace, once the VPN becomes active we see requests to _dns.resolver.arpa and 12-courier.push.apple.com, which both get resolved as expected. Also our main app that controls the VPN service and does authentication has to resolve a hostname to get to an authentication service and we see those requests just fine as well. However, when we try to resolve by going to a webpage in Safari we see no DNS request corresponding to that.
What are we missing? At first I thought it was the RFC9461 stuff but from the packet traces I don't believe that is the case.
I have also tried other networking tools to send the DNS requests and that failed as well.
After inspecting the PTP (that I have unfortunately inherited due to a company workforce reduction) I believe I found the issue. It was returning from the startTunnel function before completely setting up the interfaces so we were telling the OS that the VPN was connected when it really wasn't. I suspect we have been getting lucky with all the releases up to now. Once I rewrote the code everything worked.