Is there a way for iOS NSURLSession to control dns resolution by itself, similar to the ability of the libcurl library (https://curl.se/libcurl/c/CURLOPT_RESOLVE.html). Because I found that my app's domain name was hijacked in the public network.
Control DNS with NSURLSession
I want to directly set the mapping relationship between the domain name and ip in my app. Is there a corresponding function?
I want to directly set the mapping relationship between the domain name and ip in my app.
Not in NSURLSession.
Even if there were, this is likely to cause problems in the various odd environments that Apple devices find themselves in, for example, on an IPv6-only network. We strongly recommend that folks use APIs that connect by name, not using a specific IP address.
Because I found that my app's domain name was hijacked in the public network.
It seems that fixing that is a better path forward here. What exactly do you mean by “hijacked”?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Is there the interface?
Not in NSURLSession.
IMO the best way to fix this is to fix your DNS. Connecting by IP address is not recommended on our platforms, and our high-level APIs do not offer the flexibility to do things that we don’t recommend.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Is there any recommended way to fix my DNS?
That depends on what’s broken with your DNS. Earlier you wrote:
The IP resolved from the domain name is not the real IP.
That sounds like you need to update the A records in your DNS. Most folks use a third-party DNS provider that allows the domain owner to update DNS records via their web site.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I am one of the many developers who have been troubled by this for many years. I think developers should be given more development methods instead of being restricted. Using the NSURLSession class with IP direct connection is definitely to meet the application scenarios of its own apps, and Apple may not know the application scenarios of all companies' apps. Moreover, this restriction may not necessarily improve security, because everyone can still use libcurl or directly use sockets to write network components. Does it mean that using libcurl will also have hidden dangers? If this is true, Apple should just ban libcurl.
I think your suggestion is very unreasonable, and you have not given a reasonable reason for not providing this interface; when using LocalDNS to resolve domain names, it will go through multiple layers of DNS proxies, which are uncontrollable. Only by using our own HTTP DNS and using HTTPS IP direct connection can it be safe and reliable.