Our company has a VPN client that uses the Packet Tunnel Provider network extension and when 18 came out we noticed that we were no longer seeing DNS requests get sent to the VPNs TUN interface. Do a packet trace, once the VPN becomes active we see requests to _dns.resolver.arpa and 12-courier.push.apple.com, which both get resolved as expected. Also our main app that controls the VPN service and does authentication has to resolve a hostname to get to an authentication service and we see those requests just fine as well. However, when we try to resolve by going to a webpage in Safari we see no DNS request corresponding to that. What are we missing? At first I thought it was the RFC9461 stuff but from the packet traces I don't believe that is the case. I have also tried other networking tools to send the DNS requests and that failed as well.

I have a custom VPN app that uses NETunnelProviderManager to install a VPN Profile if one is not already installed. On previous iOS versions this would open the VPN Settings and ask for either the PIN, FaceID or TouchID and install the profile. With iOS 26 beta5 it opens the VPN Settings and stops. Is this a bug in iOS 26? Have there been changes to NETunnelProviderManager for iOS 26 that I'm not aware of? FYI we do the samething on macOS 26 beta5 and that works as expected.