I'm using Network Extension for macOS. Split tunnel is true with some includedRoutes. My aim is to tunnel all DNS requests without exceptions.
So, according to https://developer.apple.com/documentation/networkextension/nednssettings/1406537-matchdomains, i added matchDomains with an empty string.
Even as per Quinn's post https://forums.developer.apple.com/message/122209#122209, if matchDomain is empty string, the system is supposed to tunnel the DNS requests first.
I try out browsing a few websites from the browser. But i see that the behaviour is inconsistent.
a. Sometimes, the DNS request comes to the tunnel.
b. Sometimes, it goes directly to the Mac machine's local DNS server.
c. Sometimes, it comes to the tunnel first and then if there's a delay in the response, it goes to the local DNS server.
#a. and #c. are fine but #b is not acceptable for my use case.
Any solutions for this?
