I am trying to setup a system-wide DNS-over-TLS for iOS that can be turned off and on from within the app, and I'm struggling with the implementation details. I've searched online, searched forums here, used ChatGPT, and I'm getting conflicting information or code that is simply wrong. I can't find example code that is valid and gets me moving forward. I think I need to use NEDNSProxyProvider via the NetworkExtension. Does that sound correct? I have NetworkExtension -> DNS Proxy Capability set in both the main app and the DNSProxy extension. Also, I want to make sure this is even possible without an MDM. I see conflicting information, some saying this is opened up, but things like https://developer.apple.com/documentation/Technotes/tn3134-network-extension-provider-deployment saying a device needs to be managed. How do private DNS apps do this without MDM? From some responses in the forums it sounds like we need to parse the DNS requests that come in to the handleNewFlow function. Is there good sample code for this parsing? I saw some helpful information from Eskimo (for instance https://developer.apple.com/forums/thread/723831 ) and Matt Eaton ( https://developer.apple.com/forums/thread/665480 )but I'm still confused. So, if I have a DoT URL, is there good sample code somewhere for what startProxy, stopProxy, and handleNewFlow might look like? And valid code to call it from the main app?

I have a NotificationExtension that shares a codebase with a main application, but should not run some of the code. For a long time I've used NS_EXTENSION_UNAVAILABLE in Objective C on some methods that should not be used in the extension, but in tracking down a recent bug I noticed that those methods are being called in a CocoaPod where they should not (because of NS_EXTENSION_UNAVAILABLE). I verified this when running the Extension target in XCode and setting breakpoints. I also have a Preprocessor Macro "TARGET_IS_NOTIFICATION=1" in the extension Build Settings and a Swift Active Compilation Condition to filter out some other code inside shared methods/functions. When I realized NS_EXTENSION_UNAVAILABLE wasn't working, I tried the Preprocessor Macro and found that wasn't working in the CocoaPod either. If I use the Preprocessor macro in the main Extension class, it works correctly, but when used in the Cocoapod that is called by the extension, it does not. I am currently using XCode 13.3 on an M1 Macbook Pro. I do remember that a few weeks ago XCode updated itself and stopped building so that paths needed to be changed, but I think that is all straightened out and everything else seems to be working normally.