I want to apply a special logic to DNS requests. Basically, I want to use a custom REST web service (already available) to know the category of the domain (gambling, p0rn0graphy...) and block it if needed or continue with the original DNS request as normal if the domain category is OK.
THe context is to protect children from harful content, tracking the websites they want to visit, blocking some of them depending on categories (gambling, adult_content...) and a custom list created by their parents.
I believe this is technically possible because we have apps like Charles Proxy that controls entirely the network, capturing every single packet.
I think I have to use NETunnelProviderManager and create a tun device. DNS requests go to this tun device, that applies my logic.
What I don't see is the big picture. Can you explain to me that?
Do I have to create a proxy (it seems charles creates one locally)?
Do I have to create a tunnel server?
I don't want to modify TCP packets, maintain connections or modify UPD datagrams (except the ones related to DNS requests).
Can you explain to me the architecture to achieve this, please?
BTW, I cannot use NEDNSProxyProvider because that API requires a managed/supervised device.