4 Replies
      Latest reply on May 25, 2020 12:44 PM by anandfrombangalore
      anandfrombangalore Level 1 Level 1 (0 points)

        HI,

         

        I would like to capture all the DNS requests in my Transparent App Proxy on macOS 10.15.4.

         

        First I tried different combinations but no luck:

         

        1 NENetworkRule *includeRule3 = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"" port:@"53"] prefix: 0 protocol:NENetworkRuleProtocolAny];

         

        It captures all TCP/UDP traffic along with DNS

         

        2.  NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"53"] prefix: 0 protocol:NENetworkRuleProtocolAny];

         

        It does not capture anything.

         

        3.    NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationHost:[NWHostEndpoint endpointWithHostname:@"" port:@"53"] protocol:NENetworkRuleProtocolAny];

         

        It also captures all TCP/UDP traffic along with DNS

         

        4. I setup DNS resolver:

            NSString *dnsServerIP = @"10.0.0.10";

            NSArray<NSString *> *dnsServerList = [NSArray arrayWithObjects: dnsServerIP, nil];

            NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers: dnsServerList];

         

            NSString* TLD1 = @"com";

            NSString* TLD2 = @"in";

            NSArray<NSString *> *dnsMatchDomainList = [NSArray arrayWithObjects: TLD1, TLD2, nil];

          

            dnsSettings.matchDomains = dnsMatchDomainList;

            dnsSettings.domainName = @"gp.com";

            settings.DNSSettings = dnsSettings;

         

        I also setup Filter rule to capture DNS server IP address "10.0.0.10".

         

        NENetworkRule *includeRule = [[NENetworkRule alloc] initWithDestinationNetwork:[NWHostEndpoint endpointWithHostname:@"10.0.0.10" port:@"53"] prefix: 8 protocol:NENetworkRuleProtocolAny];

         

        No DNS request is captured.

        scutil --dns shows DNS resolver:

        DNS configuration (for service-specific queries)

        resolver #1

          nameserver[0] : fe80::1

          nameserver[1] : 10.0.0.10

          service_identifier : 1

          flags    : Service-specific, Supplemental, Request A records, Request AAAA records

         

        Still DNS request is not received to Transparent App Proxy.

         

        Could you please help to get the right way to receive all the DNS requests to my Transparent App Proxy?

         

        Regards,

        Anand Choubey

        • Re: DNS Handling in Transparent App Proxy
          meaton Apple Staff Apple Staff (210 points)

          Are you using NEDNSProxyProvider or NEAppProxyProvider?  If you are using an App Proxy Provider Network Extension and are wanting to caputre DNS traffic, their is a specific network extension that does this.

           

          Matt Eaton

          DTS Engineering, CoreOS

          meaton3 at apple.com

            • Re: DNS Handling in Transparent App Proxy
              anandfrombangalore Level 1 Level 1 (0 points)

              Thanks!

               

              I am using NEAppProxyProvider, As per the documentation NEAppProxyProvider "DNS Handling": "The App Proxy Provider can specify the DNS resolver configuration that will be used by these applications using the...."

               

              https://developer.apple.com/documentation/networkextension/neappproxyprovider?language=objc

               

              Could you please help me understand how to make a DNS resolver with NEAppProxyProvider as per the above documentation?

               

              Can NEAppProxyProvider receive a DNS request using any filter or DNS resolver?

               

              Regards,

              Anand Choubey

                • Re: DNS Handling in Transparent App Proxy
                  meaton Apple Staff Apple Staff (210 points)

                  Anand,

                   

                  Yes.  It looks like you have setup a NEDNSSettings object already.  Have you tried using this with your NETunnelNetworkSettings?  Also, did you setup the NEAppProxyUDPFlow to receive the DNS flows?

                   

                  Matt Eaton

                  DTS Engineering, CoreOS

                  meaton3 at apple.com

                    • Re: DNS Handling in Transparent App Proxy
                      anandfrombangalore Level 1 Level 1 (0 points)

                      Thanks Matt!

                       

                      Yes, I set up DNS resolver and configures following rule to capture all DNS request whose TLD (Top level domain) is "com".

                      NENetworkRule *includeRule2 = [[NENetworkRule alloc] initWithDestinationHost:[NWHostEndpoint endpointWithHostname:@"*.com" port:@"53"] protocol:NENetworkRuleProtocolAny];

                      And handleNewUDPFlow is implemented too.

                       

                      Now all the DNS requests whose TLD is com, is received by my App proxy code.  dig command request is NOT recieved. Any recommendation, how to  receive the "dig" dns request.

                       

                      It looks like w/o adding TLD, my app proxy does not receive any DNS request.

                       

                      I would like to capture all the out going DNS request in my Transparent app proxy without configuring TLDs.  TLDs are in hundreds. Maintaining and Adding individual TLDs is difficult job and it may impact negatively overall performance of the system.

                       

                      Can it be done without adding Top level domains in filter rules?

                       

                      Regards,

                      Anand Choubey