Apple Services not available when connected to VPN with Custom DoH/DoT DNS

Question

Created Apr ’21

Replies 5

Boosts 0

Views 1.9k

Participants 4

When a device is connected to VPN using NEPacketTunnelProvider, and configured with encrypted custom DNS (NEDNSOverHTTPSSettings), some Apple Services (e.g. Siri) are unavailable. The same configuration but with clear text custom DNS (NEDNSSettings) works as expected.

Inspecting network traffic while using Siri revealed SSL shutdown packets and TCP termination packets.

Device: iOS 14.4.2
Network Extension APIs: NEPacketTunnelProvider, NEPacketTunnelNetworkSettings, NEDNSOverHTTPSSettings

Attachments:

com.apple.siri-network-traffic-packets.txt

com.apple.siri-console-app-logs.txt

Answered by Systems Engineer in 669953022

I would open a bug report here and include these logs as well as a pcap. Please respond back with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Apr ’21

Accepted Answer

I would open a bug report here and include these logs as well as a pcap. Please respond back with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

juraj_ivpn OP

Apr ’21

Hi Matt, thanks for the quick response!
Report is submitted, ID: 9072905

0

Answer 3

Systems Engineer OP

Apple

Apr ’21

No problem. I see you bug report internally and it looks like it has landed in the right spot.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 4

juraj_ivpn OP

Dec ’21

Hi!

From what I can see, the issue is still not fixed. Is there any info about this one?

Tested in iOS & iPadOS 15.2 Beta 4.

0

Answer 5

keeshux OP

Sep ’22

AFAIK Siri has never worked with encrypted DNS since iOS 14 introduced the feature. I can also confirm same behavior with macOS 12.6 today.

Is Apple going to do anything about this? We're talking about a critical issue for VPN providers.

0