NEDNSSettingsManager and NEPacketTunnelProvider

App & System Services Networking
zzzzqwqq OP
Created Jun ’20
Replies 1
Boosts 0
Views 776
Participants 2
What is the interaction between NEDNSSettingsManager and NEPacketTunnelProvider? Do the dns settings provided by the packet tunnel provider supersede the ones provided by the dns settings manager, or vice versa? What about MDM configured DoT/DoH and packet tunnel provider supplied settings?

is there a way for the packet tunnel provider to query the currently configured dns servers, regardless of their source?


Replies  1
Boosts  0
Views  776
Participants  2
Engineer OP
Apple
Jun ’20
A packet tunnel provider configuration, as a VPN, takes precedence over a DNS Settings configuration (either delivered by an app or by a profile). That means that any DNS configuration the VPN sets (full tunnel or split tunnel) applies first, and then whatever isn’t handled by the VPN goes to the DNS Settings configuration.

Note that a VPN provider can apply an NEDNSSettings object that configured DoH or DoT itself.

NetworkExtension extensions and apps are not able to monitor the state of other configurations owned by other apps, so VPN apps cannot look at the currently installed DNS settings configurations.
1
NEDNSSettingsManager and NEPacketTunnelProvider
First post date Last post date
 
 
Q