4 Replies
      Latest reply: Jan 23, 2017 11:49 AM by tech74 RSS
      tech74 Level 1 Level 1 (0 points)

        Hi,

         

        We have set up a NAT64 IPV6 network using mac mini running macOS Sierra. We have

        a SIP ( VoIP)  app which looks up DNS by using low level BSD sockets, so using connect on the

        socket and sending low level queries.

         

        We have a strange problem: an iPhone 5 (running iOS 10.2) and an iPad 4th gen ( running iOS 9.3 )

        can connect to the DNS server address obtained from the MAC NAT64 network and get DNS responses.


        However an iPhone 6S ( running iOS 10.2) and the exact same application code connects to the DNS server

        address but no responses are received to a DNS query, just get timeouts.


        We are not sure how to debug this because the DNS request goes via the MAC, any ideas would be most

        appreciated.


        Thanks

        • Re: DNS timeout on NAT64 network with iPhone 6S
          eskimo Apple Staff Apple Staff (6,995 points)

          … which looks up DNS by using low level BSD sockets …

          What API are you using for the DNS part of this?  getaddrinfo?  Or does this mean you’re actually doing your own DNS resolver on top of UDP?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: DNS timeout on NAT64 network with iPhone 6S
              tech74 Level 1 Level 1 (0 points)

              Hi Eskimo

               

              Yes we are using the following DNS resolver library over UDP. https://c-ares.haxx.se/

               

              Its widely used and worked well for us for years. We just don't have a way to find out

              what's up. Is there any debugging on the MAC that can be turned on?

               

              Thanks

                • Re: DNS timeout on NAT64 network with iPhone 6S
                  eskimo Apple Staff Apple Staff (6,995 points)

                  Yes we are using the following DNS resolver library over UDP.

                  Just for the record, I strongly recommend against using your own DNS resolver.  The system resolver has important advantages that you just can’t replicate in your own app.

                  We just don't have a way to find out what's up. Is there any debugging on the MAC that can be turned on?

                  I recommend you take a packet trace and see what’s happening on the ‘wire’.  You can do this from three different contexts:

                  • The iOS device, via RVI

                  • The Mac inside the NAT

                  • The Mac outside the NAT

                  For instructions, see QA1176 Getting a Packet Trace.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: DNS timeout on NAT64 network with iPhone 6S
                      tech74 Level 1 Level 1 (0 points)

                      Hi

                       

                      We have got a bit further along with this, we have captured traces and determined the DNS lookup

                      is taking place successfully with both iphone 5 and iphone 6s devices as far as the DNS request that the

                      MAC makes outside the NAT.

                       

                      The problem is that when the response is forwarded to the iOS device it is sent from a different IP address

                      than where the request was sent to with the iPhone 6s, so it is dropped. The traces are attached and show

                      a DNS request from the iphone 5 ( success case) and iPhone 6s ( failure case) together with the response.

                       

                      success trace :

                      You can see the DNS request sent to the MAC NAT64 DNS IP -> 2001:2:0:aab1::1 from iphone 5 IP -> 2001:2::aab1:bb:977d:ff3f:468e

                      The response comes from the 2001:2:0:aab1::1 address as expected

                       

                      fail trace

                      You can see the DNS request sent to the MAC NAT64 DNS IP -> 2001:2:0:aab1::1 from iphone 6s IP -> 2001:2::aab1:c43:86e2:db56:880

                      The response comes from 2001:2::aab1:cb3:7539:a537:d60f,  this is dropped by the iphone 6s

                       

                      https://s3.amazonaws.com/devforumslinks/iphone5_success.png

                       

                      https://s3.amazonaws.com/devforumslinks/iphone6s_fail.png