This is happening Mac M1 Monterey OS .Environment supports both IPv4 and IPV6. When a http client calls gettaddrinfo() it is returning both IPv6,IPv4 IPs . first v6 IPs and then v4 IPs. We need to have a way to sort gettaddrinfo() output to get v4 ip first and then v6. We tried changing DNS order with scutil by putting v4 DNS first , but still getaddrInfo() listing v6 IPs first . In linux there is a way to control gettaddrinfo() o/p with /etc/gai.conf https://man7.org/linux/man-pages/man5/gai.conf.5.html . In Mac I did not find any option like this , scutil changing order DNS is not effective . can you tell us what is way to do this in MAC OSx ?

Hi community: I'm trying to discover how the dnssec api works, but I cannot get a sample that works with it. Maybe I'm wrong with the requirements; if it is please, clarify it to me. So what I understood. All DNS zones (which respond to TLS listed here https://manage.whois.com/kb/answer/2998) have a way to say, hey I'm who I am. So without any extra configuration, we can use the new API. Is that right? So the code that I did, see the next code let urlSession = URLSession.init(configuration: .ephemeral) if #available(iOS 16.0, *) { urlSession.configuration.requiresDNSSECValidation = true } var request = URLRequest(url: URL(string: "https://www.apple.com")!) if #available(iOS 16.1, *) { request.requiresDNSSECValidation = true } cancellable = urlSession .dataTaskPublisher(for: request) .retryWithDelay(retries: 2, delay: 2, scheduler: DispatchQueue.global(qos: .background)) .sink(receiveCompletion: { result in if case let .failure(error) = result { print("Error \(error)") } }, receiveValue: { (data: Data, response: URLResponse) in print("It Works") Result: Task finished with error [-1001] Error Domain=NSURLErrorDomain Code=-1001, UserInfo={_kCFStreamErrorCodeKey=-2102, NSUnderlyingError=0x600003d86130 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <040AB9E7-EFCB-4072-8357-E0149769BB9D>.<2>, _NSURLErrorRelatedURLSessionTaskErrorKey=(``` "LocalDataTask <040AB9E7-EFCB-4072-8357-E0149769BB9D>.<2>" ), NSErrorFailingURLStringKey=https://apple.com/, NSErrorFailingURLKey=https://apple.com/, _kCFStreamErrorDomainKey=4} The DNS I'm using is 8.8.8.8. Do you know any other DNS server that supports DNSSEC? If I remove requiresDNSSECValidation from request it works. Also, it's curious that even failing the receiveCompletion is never called. But if I use the dataTask` with completion it's called with the error. Thanks for the clarifications.

Hi: Is there anyway to set a specific PrivacyContext to a concrete (no shared) URLSession? Thanks in advance

flutter: [16448:89622] Received XPC error Connection invalid for message type 3 kCFNetworkAgentXPCMessageTypePACQuery 2023-03-20 10:10:44.365174+0500 soo_simple_admin[16448:89622] PAC result block not invoked 2023-03-20 10:10:44.365298+0500 soo_simple_admin[16448:89631] [connection] nw_proxy_resolver_create_parsed_array [C1.1.1 proxy pac] Evaluation error: kCFErrorDomainCFNetwork: 308 2023-03-20 10:10:44.488110+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW B28ACB52-CBE1-421A-994E-BBF73EC5C489 [1: Operation not permitted] 2023-03-20 10:10:44.488299+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.1 142.250.185.42:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.490027+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW B0796A5C-A814-477A-9718-9C28E675BE50 [1: Operation not permitted] 2023-03-20 10:10:44.490162+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.2 172.217.18.138:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.491078+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW 68B6B294-9137-4F21-A08C-834647BD8DC6 [1: Operation not permitted] 2023-03-20 10:10:44.491134+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.3 172.217.169.234:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.491755+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW 3E4BFC0A-36BC-4D4C-90F2-D18783A03F06 [1: Operation not permitted] 2023-03-20 10:10:44.491859+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.4 216.58.209.138:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.492437+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW CED668BC-F736-4C97-ACFA-4974C945C465 [1: Operation not permitted] 2023-03-20 10:10:44.492470+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.5 142.250.181.170:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.492976+0500 soo_simple_admin[16448:89631] [] nw_path_evaluator_create_flow_inner NECP_CLIENT_ACTION_ADD_FLOW 07133559-E135-4D17-85BE-8B742B47FD0D [1: Operation not permitted] 2023-03-20 10:10:44.493010+0500 soo_simple_admin[16448:89631] [connection] nw_endpoint_flow_setup_channel [C1.1.1.1.6 142.250.201.138:443 in_progress channel-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy)] failed to request add nexus flow 2023-03-20 10:10:44.493568+0500 soo_simple_admin[16448:89631] Connection 1: received failure notification 2023-03-20 10:10:44.493608+0500 soo_simple_admin[16448:89631] Connection 1: failed to connect 1:1, reason -1 2023-03-20 10:10:44.493622+0500 soo_simple_admin[16448:89631] Connection 1: encountered error(1:1) 2023-03-20 10:10:44.493903+0500 soo_simple_admin[16448:89631] Task <08F0D649-FB69-4BFD-A002-B9150919959C>.<1> HTTP load failed, 0/0 bytes (error code: 1 [1:1]) 2023-03-20 10:10:44.494515+0500 soo_simple_admin[16448:89631] Task <08F0D649-FB69-4BFD-A002-B9150919959C>.<1> finished with error [1] Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <08F0D649-FB69-4BFD-A002-B9150919959C>.<1>, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=1, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <08F0D649-FB69-4BFD-A002-B9150919959C>.<1>" ), _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11], ipv4, dns, proxy}

I am trying to get DNS Proxy app extension up and running. So first off, I've crated a sample project to play around with the API. I've crated an iOS project, put some base code, but when I launch the app, I get NEProvider creation failed, caller does not have the com.apple.developer.networking.networkextension entitlement error. Breakpoints in the extension target don't work, managed to get the info using Console. I have no idea where to put the required entitlement. Please help Here are the logs and the sample project

Hello everybody. I need to implement DNS settings with on/off toggle (so that user would not have to go to the iPhone settings). So far my research have pointed me to the direction of proxy/tunnel. And in the interface of NEPacketTunnelProvider I've discovered that it's settings contain vpnSettings property, just like NEDNSSettingsManager So I've created a sample project (tunnel branch), and I've managed to get the vpn up and running, however I am unable to setup dns settings properly. Invoking NEPacketTunnelProvider.setTunnelNetworkSettings with any kind of config prevents the tunnel from starting. I've used similar settings with my NEDNSSettingsManager , and it worked just fine. My feeling is that I set invalid value into NETunnelProviderProtocol.serverAddress and NETunnelNetworkSettings.tunnelRemoteAddress, but I'm unable to verify that since I possess no access to any kind of infrastructure. I am aware of MDM restrictions, and at this point I need to setup Google dns via packet tunnel with a on/off switch. Thanks.

Hello everybody. I'm trying to re-route dns requests manually using DNS Proxy (basically, the same thing DNS settings do out-of-the-box). But the handleNewFlow(:) method just breaks my head. I've managed to find some bits of code to get some understanding of how to work with flows, but still can't comprehend the flow. Can somebody please explain the intended process of working with proxy flows? And is NEDNSProxyProvider even a working solution since dns parsing is discouraged and has been broken recently? Thanks

I'm researching the capabilities of NEDNSSettingsManager. I've been able to implement custom dns settings to route my phone's DNS requests onto the servers I need. However, I can't find if there's a mechanism to route specific domains to the local DNS provider. Let's say I'm a business with a local DNS server that resolves my internal resources. I need my corporate iPhones to hit a 3rd-party secure DNS server selected by me. The latter has no idea about domain "my.business.gg". Using NEDNSSettings.matchDomains has the opposite effect. Maybe NEDNSSettingsManager.onDemandRules is the way to go? If so, how would one use it? If not, is it possible to do what I need to do with DNS settings, or should I look into DNS Proxy instead? Please help. Thanks

Hi, I have Packet tunnel provider app and when I'm setting the network settings with two DNS server, one is supported DNSSEC and the other doesn't support it, the OS automatically force to use the supported server. Because of it some URLs failed to be resolved. How can I disabled this behavior? I didn't find any API for that. Thanks

Hi, We have a VPN solution based on NEPacketTunnelProvider. Our requirement is to be able to get UDP based dns traffic and perform dns resolutions for all dns queries, while the VPN is in split tunnel mode. Earlier, till iOS 15.x, we used to use the approach mentioned by @Quinn in this link https://developer.apple.com/forums/thread/35027?answerId=122209022#122209022, where our VPN was in split tunnel and we used to use the wildcard match domain option to get all the dns queries in the VPN. We used to use the public dns servers like google dns servers (8.8.8.8, 8.8.4.4) in our vpn. In our NEDNSSettings of the NEPacketTunnelNetworkSettings, we have dnsProtocol set to "clear text" and the servers set to the above public dns servers. From iOS 16 onwards, we are observing that despite specifying the clearText dns protocol, we are receiving encrypted dns packets probably because of system automatically using DoT or DoH, as the public dns servers does support this. This is breaking multiple flows in our app. This seems to be a regression in iOS 16, because the DNSSettings of the VPN should be respected by the platform. Is this a known issue on apple side? If yes, are there any tentative dates for fixing this?

I have a problem like the title here, but it only occurs in some mobile phones and some networks. It seems that it has little to do with the code level. How to solve it. When it is clear, some iOS 15 will appear, and iOS 13 does not have this problem.