NEPacketTunnelProvider DNS traffic sending

App & System Services Core OS
LLL_
LLL_ OP
Created Jan ’21
Replies 2
Boosts 0
Views 635
Participants 2
I created a VPN application using NEPacketTunnelProvider and set some ip lists for includedRoutes. My matchDomains is set to @[@“”], and now all my DNS resolution traffic will be sent from the utun port

Now there is a requirement. We have a domain name whose DNS resolution traffic does not want to be sent from the utun port. What should I do?

NEDNSSettings *DNSSettings does not provide a blacklist of DNS domain names
Although I know this is not very good, I still tried to add a large number of domain whitelists to matchDomains, but it seems that there is a bottleneck. When I add more than 5000 domains to matchDomains, the Internet will report an error Unknown host
Replies  2
Boosts  0
Views  635
Participants  2
LLL_
LLL_ OP
Jan ’21
I’m not sure if DNS Proxy Provider can solve my problem, but I’m trying to research

I found that using DNS Proxy Provider requires the creation of a DNS Proxy application extension, but I found that when creating a NetworkExtension for the MacOS platform, there are only "App Proxy" and "Packet Tunnel" in the Provider Type, but no "DNS Proxy"
So my attempt was interrupted
0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Jan ’21

I found that using DNS Proxy Provider requires the creation of a DNS
Proxy application extension

On macOS DNS proxy providers are only supported as a system extension. Start with the macOS > System Extension > Network Extension template.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
NEPacketTunnelProvider DNS traffic sending
First post date Last post date
 
 
Q