Hello,
I have a question about developing an iOS app for general public. Can such an app use DNS Proxy Provider?
The TN3134: Network Extension provider deployment article states that DNS Proxy Provider has the following restriction: "per-app on managed devices".
Does this imply that a DNS Proxy Provider that can be used in a regular iOS App Store app?
On the other hand, NEDNSProxyProvider only works with NEAppProxyFlow, is it possible to make it NOT per-app?
Does this imply that a DNS Proxy Provider that can be used in a regular iOS App Store app?
No.
Well, probably not, but it depends on your definition of “regular”.
On iOS, DNS proxy providers are limited to:
- Supervised devices, when deployed system-wide
- Managed devices, when deployed in per-app mode
You can distribute an app containing a DNS proxy provider to the App Store, but it’ll only be useful to folks who deploy it in one of the ways I’ve listed above. In per-app mode, the target apps must be installed by the MDM.
There are options in this space that do work on unmanaged devices:
- If you’re attempting to use a DNS proxy to implement a content filter, take a look at the new URL filter provider we introduced in iOS 26 beta [1]. See WWDC 2025 Session 234 Filter and tunnel network traffic with NetworkExtension for the details.
- If your goal is to set up a secure DNS system, check out DNS settings.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] I’m updating to TN3134 to cover this case. I hope to get that finished in the next few weeks.