A question about how to obtain the physical port DNS when connected to the VPN

App & System Services Core OS
LLL_
LLL_ OP
Created Mar ’21
Replies 2
Boosts 0
Views 536
Participants 2
We use NetworkExtension to develop a Mac VPN application with the includedRoutes attribute set to defaultRoute. We hope that when the DNS of the physical port changes or the network is switched in the VPN connection state, the DNS information of the current "en" port can be obtained. And optimize accordingly.
We have found two ways to obtain DNS
SCDynamicStoreRef ds = SCDynamicStoreCreate(kCFAllocatorDefault, CFSTR("myapp"), NULL, NULL);

CFDictionaryRef dr = SCDynamicStoreCopyValue(ds, CFSTR("State:/Network/Global/DNS"));

NSArray *routerArray;

if (dr) {

    CFArrayRef router = CFDictionaryGetValue(dr, CFSTR("ServerAddresses"));

    routerArray = [NSArray arrayWithArray:(__bridge NSArray *)router];

    CFRelease(dr);

}

CFRelease(ds);
AND
res_state res = malloc(sizeof(struct __res_state));
int result = res_ninit(res);
if ( result == 0 ) {
for ( int i = 0; i < res->nscount; i++ ) {
NSString *s = [NSString stringWithUTF8String :  inet_ntoa(res->nsaddr_list[i].sin_addr)];
[dnsArray addObject:s];
}
}
res_nclose(res);

They work perfectly when there is no VPN connection, but when the VPN connected is established, they can only get the DNS of the "utun" port, which does not meet our needs. We hope to get the DNS of the "en" port.
Can we get the DNS information of the specified port?
This is very important to us.
please help us
Replies  2
Boosts  0
Views  536
Participants  2
LLL_
LLL_ OP
Mar ’21
After using the Packet Tunnel Provider to create a VPN and setting the includedRoutes to defaultRoute, not only the DNS information of the "en" port cannot be obtained
Monitoring of network switching will also fail
This has bothered us for a long time
0
Apple Staff, Systems Engineer
Systems Engineer OP
Apple
Mar ’21
Okay, if you set 1 or 2 DNS domains that your packet tunnel is concerned about serving, does this allow you to receive DNS traffic for your small set of domains?

Code Block objective-c
NEDNSSettings *dnsSettings = [[NEDNSSettings alloc] initWithServers:@[@"x.x.x.x"]];
dnsSettings.matchDomains = @[@"example.com"];
dnsSettings.matchDomainsNoSearch = YES;
settings.DNSSettings = dnsSettings;
settings.IPv4Settings = ipv4Settings;


NOTE: That NEDNSSettings is not meant to be an API to filter all DNS traffic on the system. It is intended to set a /small/ set of domains that are important to your business case. You will run into endless edge cases trying to route all DNS traffic through your tunnel using this API. There are other APIs for handling DNS in the NetworkExtension suite if needed.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
A question about how to obtain the physical port DNS when connected to the VPN
First post date Last post date
 
 
Q