IOS 16 local dns not working

App & System Services Networking Network

shyang OP

Created Sep ’22

Replies 18

Boosts 0

Views 9.6k

Participants 14

IOS 16 local dns not working from router

Does anyone know how to deal with it?

Answered by DTS Engineer in 729131022

Are you trying an app for iOS? Or just using an iOS device?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

dasoussan OP

Jan ’24

FYI: What I've seen by sniffing is that instead of a standard A record request (Type 1) they (Apple) have implemented a draft standard Type 65 query instead. This started sometime in the iOS 14 chain.

This smells a lot like what I've read above though I haven't read anyone actually root cause it. This is my experience, YMMV, usual disclaimers apply.

Most local DNS servers don't [yet] recognize this - after all, it is a draft standard - but Apple went ahead and implemented it anyway.

You can read the draft here:

https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-07.txt

What seems to happen - at least from the sniffing I've done - local DNS servers don't know what to do with the type 65 so they forward it to the rest of the internet assuming you are internet connected. iOS sometimes also issues a type 1 A request. The response from the rest of the internet must come back with at least something otherwise the name resolution - both of them - request fails.

In our case, we had to modify our local DNS server code to send a not found response back to the iOS devices. Then and only then will iOS listen to the A record that is also returned and process things like they used to before implementing this draft standard.

If the Type 65 request is not answered and the Type 1 is answered, the name resolution fails over to the next DNS server in the list.

I found a page at https://github.com/MikeBishop/dns-alt-svc/blob/main/svcb-implementations.md that talks about public services that are using this along with some local DNS servers that support the Type65 query draft standard.

Short version:

"iOS & macOS iOS 14 (September 2020) and macOS 11 (November 2020) support HTTPS/SVCB records. Type 65 (HTTPS) is requested for all URLSession or Network.framework connections that use an http or https scheme, or use ports 80 or 443."

You can check if this is what is biting you by sniffing the DNS requests between iOS and your local router; if you see the Type65 queries and fails or they go to a place that you don't want them to go to, then this is probably why your local DNS isn't working right..

BDelorme OP

Jan ’24

So, Is Apple Developers/Support will fix this issue ? I remember having the same bug in the past and stop updating iOS on all devices, until they provide a new version. Now I guess this bug still exist from at least the latest 3 updates.

kernhuber OP

Oct ’24

May be related: Many users in Germany use a router from AVM named FritzBox. When using its standard setup, the URL "http(s)://fritz.box" should bring you to the admin interface of the router. The domain was officially listed also, so no problem. However, some months ago some folks captured the official domain and rerouted all traffic to some bogus website. AVM deployed measures to re-assume the domain, and was successful. Should someone outside a network behind an AVM router access "fritz.box", (s)he will be shown a warning website. Folks from within a fritz.box-network will reach their router ... unless they use iOS or iPadOS (MacOS works fine).

When a new device goes online within the FritzBox network, it receives its configuration (IP, Routing, DNS(!)) via DHCP. This works fine for all clients, but iOS/iPadOS seems to ignore the setting provided by DHCP. The effect is, that iOS/iPadOS devices show the AVM warning site, all other devices will just open the router config page.