The principal class for a DNS proxy provider app extension.


@interface NEDNSProxyProvider : NEProvider


A DNS proxy allows your app to intercept all DNS traffic generated on a device. You can use this capability to provide services like DNS traffic encryption, typically by redirecting DNS traffic to your own server. You usually do this in the context of managed devices, such as those owned by a school or an enterprise.

You create a DNS proxy as an app extension based on a custom subclass of the NEDNSProxyProvider class. Once active, the proxy receives access to flows of DNS traffic in the form of NEAppProxyFlow instances. Each flow corresponds to a socket opened by an app to UDP port 53 or TCP port 53. Your DNS proxy provider acts as a transparent DNS proxy for the flows of network data that it receives.

When you subclass NEDNSProxyProvider, you must provide implementations for the following methods:


Managing the DNS Proxy Life Cycle

Handling Proxied DNS Flow

- handleNewFlow:

Handles a new flow of DNS traffic.

- handleNewUDPFlow:initialRemoteEndpoint:

Handles a new flow of UDP traffic.

Getting System DNS Settings


The current system DNS settings.


Inherits From

See Also



The DNS resolver settings of a network tunnel.