A list of domain strings used to determine which DNS queries will use the DNS resolver settings contained in this object.
- iOS 9.0+
- macOS 10.11+
- Mac Catalyst 13.0+
This property is used to create a “split DNS” configuration, where only hosts in certain domains are resolved using the tunnel’s DNS resolver settings. Hosts not in one of the domains in this list are resolved using the system’s default resolver.
match contains the empty string it becomes the default domain. This is how a split-tunnel configuration can direct all DNS queries first to the VPN DNS servers before the primary DNS servers.
If the VPN tunnel becomes the network’s default route, the servers listed earlier by
NEDNSSettings become the default resolver and the
match list is ignored.