iOS: Always-On VPN and DNS resolution

App & System Services Networking
prashanth.prabhu OP
Created Feb ’17
Replies 2
Boosts 0
Views 4.6k
Participants 3

Hi,


For a feature that I am exploring, I need to be able to set up VPN and tunnel selective web-traffic through to a backend service. I have been experimenting with the iOS Always-On VPN functionality, towards this purpose. I am using a Strongswan server on the backend. Just in case it matters, the VPN profile is set up for certificate based authentication. Configuration is being pushed to the device via the Configurator. The DNS configuration mentioned below was added manually into the generated .mobileconfig, as the app doesn't seem to have support for those dictionary items yet.


I have been able to successfully set up a connection and have it stay on. However, I am having trouble getting the DNS queries to route correctly: The server pushes the DNS server, once the VPN connection is established. I do see, from the Xcode logs for the device (an iPad running 10.2.1) that iOS receives the DNS server and sets it up as a resolver. However, the wi-fi DNS resolver continues to stay on as the primary resolver.


I have tried setting up the 'ServerAddresses' and an empty 'SupplementalMatchDomains' [as described at https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW40] to see if I can force the VPN-based resolver to take precedence. But, this has had no effect.


I tried setting up a couple of explicit domains in the 'SupplementalMatchDomains' array, but the configured DNS did not receive the corresponding queries.

I have pasted a snippet of the logs below. Any thoughts on what may be going wrong? Or, contrary to documentation, is it not possible to make the VPN-based DNS the primary resolver?


Any help is much appreciated.


Thanks.

Prashanth



A snippet of the logs.

----

Feb 2 22:10:25 iPad configd[36] <Info>: 6DA19A0D-303C-4A96-96EC-2C1753DD2B73 specifies ServiceIndex 100, effective index is 106

Feb 2 22:10:25 iPad configd[36] <Info>: IPv4: 2 candidates

Feb 2 22:10:25 iPad configd[36] <Info>: 0. en0 serviceID=2FEE223F-60E7-4BB6-9F97-C23D21293ED3 addr=192.168.1.234 rank=0x1000002

Feb 2 22:10:25 iPad configd[36] <Info>: 1. ipsec0 serviceID=6DA19A0D-303C-4A96-96EC-2C1753DD2B73 addr=172.16.0.1 rank=0x300006a

Feb 2 22:10:25 iPad configd[36] <Info>: IPv6: 1 candidates

Feb 2 22:10:25 iPad configd[36] <Info>: 0. utun0 serviceID=8D8C3557-8617-48A2-8A84-6075AF264ECB addr=fe80:b::48d3:e05f:43bb:6ac1 rank=0x3ffffff

Feb 2 22:10:25 iPad configd[36] <Info>: 2FEE223F-60E7-4BB6-9F97-C23D21293ED3 is still primary IPv4

Feb 2 22:10:25 iPad configd[36] <Info>: 2FEE223F-60E7-4BB6-9F97-C23D21293ED3 is still primary DNS

Feb 2 22:10:25 iPad configd[36] <Info>: 2FEE223F-60E7-4BB6-9F97-C23D21293ED3 is still primary Proxies

Feb 2 22:10:25 iPad configd[36] <Info>: Updating network information

Feb 2 22:10:25 iPad configd[36] <Info>: nwi_state = { gen=273338872120 size=1864 #v4=2 #v6=1 reach_flags=(v4=0x2, v6=0x0) }

Feb 2 22:10:25 iPad configd[36] <Info>: IPv4:

Feb 2 22:10:25 iPad configd[36] <Info>: [0]: en0 dns rank 0x1000002 iaddr 192.168.1.234 reach_flags 0x2

Feb 2 22:10:25 iPad configd[36] <Info>: [1]: ipsec0 dns never rank 0x300006a iaddr 172.16.0.1 vpn_server_addr: 52.32.213.74 reach_flags 0x3

Feb 2 22:10:25 iPad configd[36] <Info>: IPv6:

Feb 2 22:10:25 iPad configd[36] <Info>: [0]: utun0 never rank 0x3ffffff iaddr fe80:b::48d3:e05f:43bb:6ac1 reach_flags 0x2

Feb 2 22:10:25 iPad configd[36] <Info>: 2 interfaces:

Feb 2 22:10:25 iPad configd[36] <Info>: en0

Feb 2 22:10:25 iPad configd[36] <Info>: ipsec0

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: waiting for DNS to change

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: waiting for NWI to change

Feb 2 22:10:25 iPad configd[36] <Info>: Updating DNS configuration

Feb 2 22:10:25 iPad configd[36] <Info>: DNS configuration

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #1

Feb 2 22:10:25 iPad configd[36] <Info>: nameserver[0] : 192.168.1.1

Feb 2 22:10:25 iPad configd[36] <Info>: if_index : 8 (en0)

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00020002 (Reachable, Directly Reachable Address)

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Default: 0

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #2

Feb 2 22:10:25 iPad configd[36] <Info>: domain : local

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 300000

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 0

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #3

Feb 2 22:10:25 iPad configd[36] <Info>: domain : 254.169.in-addr.arpa

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 300200

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 1

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #4

Feb 2 22:10:25 iPad configd[36] <Info>: domain : 8.e.f.ip6.arpa

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 300400

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 2

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #5

Feb 2 22:10:25 iPad configd[36] <Info>: domain : 9.e.f.ip6.arpa

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 300600

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 3

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #6

Feb 2 22:10:25 iPad configd[36] <Info>: domain : a.e.f.ip6.arpa

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 300800

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 4

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #7

Feb 2 22:10:25 iPad configd[36] <Info>: domain : b.e.f.ip6.arpa

Feb 2 22:10:25 iPad configd[36] <Info>: options : mdns

Feb 2 22:10:25 iPad configd[36] <Info>: timeout : 5

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00000002 (Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000000 (Not Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: order : 301000

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Multicast DNS: 5

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: DNS configuration (for scoped queries)

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #1

Feb 2 22:10:25 iPad configd[36] <Info>: nameserver[0] : 192.168.1.1

Feb 2 22:10:25 iPad configd[36] <Info>: if_index : 8 (en0)

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00001002 (Scoped, Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00020002 (Reachable, Directly Reachable Address)

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Scoped: 2FEE223F-60E7-4BB6-9F97-C23D21293ED3 0

Feb 2 22:10:25 iPad configd[36] <Info>:

Feb 2 22:10:25 iPad configd[36] <Info>: resolver #2

Feb 2 22:10:25 iPad configd[36] <Info>: nameserver[0] : 172.20.254.254

Feb 2 22:10:25 iPad configd[36] <Info>: if_index : 12 (ipsec0)

Feb 2 22:10:25 iPad configd[36] <Info>: flags : 0x00001002 (Scoped, Request A records)

Feb 2 22:10:25 iPad configd[36] <Info>: reach : 0x00000002 (Reachable)

Feb 2 22:10:25 iPad configd[36] <Info>: config id: Scoped: 6DA19A0D-303C-4A96-96EC-2C1753DD2B73 0

Feb 2 22:10:25 iPad configd[36] <Info>: DNS configuration updated: 273338914027

Feb 2 22:10:25 iPad configd[36] <Info>: Set kernel interface order for 2 interfaces

Feb 2 22:10:25 iPad configd[36] <Notice>: network changed: v4(en0:192.168.1.234) DNS* Proxy

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** 8 ticks late

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** No IPv6 address TENTATIVE, will continue

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: SystemWakeForNetworkAccess: Sleep Proxy Client disabled by command-line option

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: en0 ifr_eflags = 0x412000c0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: en0 ifr_eflags = 0x412000c0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: awdl0 ifr_eflags = 0x413e0080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: utun0 ifr_eflags = 0x1002080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: ipsec0 ifr_eflags = 0x1002080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: lo0 ifr_eflags = 0x11000000

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: lo0 ifr_eflags = 0x11000000

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: AdvertiseInterface: Returning due to AutoTargetServices zero for ipsec0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_RegisterInterface: InterfaceID 12 ipsec0 (172.16.0.1) not represented in list; marking active and retriggering queries

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: RestartRecordGetZoneData: ResourceRecords

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: SetupActiveInterfaces: Registered ipsec0(12) 00:00:00:00:00:00 InterfaceID 000000000000000C(0000000112010000), primary 0000000112010000, 172.16.0.1/8 (Primary)

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: SetupActiveInterfaces: ipsec0(12) Doing IP_DROP_MEMBERSHIP for 224.0.0.251 on 172.16.0.1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: setsearch

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: UpdateSearchDomainHash: buf 0.1.168.192.in-addr.arpa., ifid_buf 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddSearchDomain already in list 0.1.168.192.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: UpdateSearchDomainHash: buf 0.0.0.172.in-addr.arpa., ifid_buf 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddSearchDomain created new 0.0.0.172.in-addr.arpa., InterfaceID 0000000000000000

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: config->n_resolver = 7, generation 273338914027, last 198373167699

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[1] domain local n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[2] domain 254.169.in-addr.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[3] domain 8.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[4] domain 9.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[5] domain a.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[6] domain b.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[1] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: FinalizeSearchDomains: The hash is different

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: RetrySearchDomainQuestions: Questions with AppendSearchDomain not found

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupWABQueries:action 0x0: Flags 0x0, AuthRecs 0000000000000000, InterfaceID 0000000000000000 0.1.168.192.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupWABQueries:action 0x0: Flags 0x0, AuthRecs 0000000000000000, InterfaceID 0000000000000000 0.0.0.172.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: setservers fqdn

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: config->n_resolver = 7, generation 273338914027, last 198373167699

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddDNSServer(0): Adding 192.168.1.1 for ., InterfaceID 0000000000000008, serviceID 0, scoped 0, resGroupID 15089 req_A is True req_AAAA is False cell False req_DO is True

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigDNSServers(Unscoped): DNS server 192.168.1.1:53 for domain .

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[1] domain local n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding local., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[2] domain 254.169.in-addr.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding 254.169.in-addr.arpa., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[3] domain 8.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding 8.e.f.ip6.arpa., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[4] domain 9.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding 9.e.f.ip6.arpa., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[5] domain a.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding a.e.f.ip6.arpa., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[6] domain b.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddMcastResolver: Adding b.e.f.ip6.arpa., InterfaceID 0000000000000000, timeout 5

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddDNSServer(1): Adding 192.168.1.1 for ., InterfaceID 0000000000000008, serviceID 0, scoped 1, resGroupID 15097 req_A is True req_AAAA is False cell False req_DO is True

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigDNSServers(InterfaceScoped): DNS server 192.168.1.1:53 for domain .

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[1] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddDNSServer(2): Adding 172.20.254.254 for ., InterfaceID 000000000000000C, serviceID 0, scoped 1, resGroupID 15098 req_A is True req_AAAA is False cell False req_DO is True

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigDNSServers(InterfaceScoped): DNS server 172.20.254.254:53 for domain .

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: Acking configuration setservers 1, setsearch 0

Feb 2 22:10:25 iPad configd[36] <Info>: Post "com.apple.system.config.network_change" (delayed: 0.021686: 0x3)

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NWI changed

Feb 2 22:10:25 iPad configd[36] <Info>: Resolvers: 1 default, 6 multicast, 0 private

Feb 2 22:10:25 iPad configd[36] <Notice>: Publishing data to agent DNSAgent-@ipsec0 (76 bytes)

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name appldnld.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name trb.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name gsa.apple.com.

Feb 2 22:10:25 iPad configd[36] <Info>: Spawning floating agent for @ipsec0

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: DNS changed

Feb 2 22:10:25 iPad configd[36] <Info>: hostname (prefs) = iPad

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name eoemgw.elastica-inc.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupDNSConfig: Purging Resourcerecord 4 eoemgw.elastica-inc.com. Addr 52.32.213.74, New DNS server 192.168.1.1 , Old DNS server 192.168.1.1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.icloud.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name help.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name api-glb-sjc.smoot.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.upi.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name init-p01st.push.apple.com.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name cds.apple.com.akadns.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name configuration.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name init-p01md.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name gspe1-ssl.ls.apple.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name e8218.dscb1.akamaiedge.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name init.ess.apple.com.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name time-ios.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.freep.com.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name gspe21.ls.apple.com.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name gspe35-ssl.ls.apple.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name sr.symcd.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name lcdn-locator.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name e3167.e9.akamaiedge.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name e6858.dsce9.akamaiedge.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.chicagotribune.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.cbssports.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name mt-ingestion-service-mr22.itunes.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.icloud.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.apple.com.edgekey.net.globalredir.akadns.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name cds.apple.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name iphone-ld.apple.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name sr.symcb.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name help.apple.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name world-gen.g.aaplimg.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name world-gen.g.aaplimg.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name ocsp-ds.ws.symantec.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name www.apple.com.edgekey.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name init-p01md.apple.com.edgesuite.net.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: GetServerForName: DNS server 192.168.1.1:53 (Penalty Time Left 0) (Scope None:0000000000000000) found for name mail.yahoo.com.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPreferencesSetNames not invoking helper prevoldnicelabel iPad, prevnewnicelabel iPad, old iPad, new iPad

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPreferencesSetNames not invoking helper prevoldhostlabel iPad, prevnewhostlabel iPad, old iPad, new iPad

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: RegDomains BrowseDomains

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** SC key: State:/Network/Global/IPv4

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** SC key: State:/Network/Global/DNS

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** 2 changes (DNS) delay 25

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: SetNetworkChanged: Scheduling in 25 ticks

Feb 2 22:10:25 iPad nehelper(SystemConfiguration)[96] <Info>: SCPreferences() commit: /Library/Preferences/com.apple.networkextension.cache.plist

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Finished setting the tunnel configuration

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Request to add network agent to ipsec0

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Added network agent to ipsec0

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380] in state NESMVPNSessionStateStarting: set configuration completed with result 1

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Leaving state NESMVPNSessionStateStarting

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Entering state NESMVPNSessionStateRunning

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Notice>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: status changed to connected

Feb 2 22:10:25 iPad nesessionmanager(NetworkExtension)[428] <Info>: NESMIKEv2VPNSession[eoeAlwaysOnSupervised:DEA5A0A8-1070-4A6B-A1F7-A33393C3D380]: Updated network agent (active)

Feb 2 22:10:25 iPad UserEventAgent(com.apple.networkextension)[25] <Info>: File Handle Maintainer got a 2 action with token 1498

Feb 2 22:10:25 iPad UserEventAgent(com.apple.networkextension)[25] <Info>: File Handle Maintainer got a 1 action with token 1500

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** 5 ticks late

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: *** Network Configuration Change *** No IPv6 address TENTATIVE, will continue

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: SystemWakeForNetworkAccess: Sleep Proxy Client disabled by command-line option

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: en0 ifr_eflags = 0x412000c0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: en0 ifr_eflags = 0x412000c0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: awdl0 ifr_eflags = 0x413e0080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: utun0 ifr_eflags = 0x1002080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: ipsec0 ifr_eflags = 0x1002080

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: lo0 ifr_eflags = 0x11000000

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: getExtendedFlags: lo0 ifr_eflags = 0x11000000

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: setsearch

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: UpdateSearchDomainHash: buf 0.1.168.192.in-addr.arpa., ifid_buf 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddSearchDomain already in list 0.1.168.192.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: UpdateSearchDomainHash: buf 0.0.0.172.in-addr.arpa., ifid_buf 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNS_AddSearchDomain already in list 0.0.0.172.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: config->n_resolver = 7, generation 273338914027, last 273338914027

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[1] domain local n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[2] domain 254.169.in-addr.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[3] domain 8.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[4] domain 9.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[5] domain a.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: Unscoped resolver[6] domain b.e.f.ip6.arpa n_nameserver 0

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[0] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: ConfigResolvers: InterfaceScoped resolver[1] domain <<NULL>> n_nameserver 1

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: FinalizeSearchDomains: The hash is same

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupWABQueries:action 0x0: Flags 0x0, AuthRecs 0000000000000000, InterfaceID 0000000000000000 0.1.168.192.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupWABQueries:action 0x0: Flags 0x0, AuthRecs 0000000000000000, InterfaceID 0000000000000000 0.0.0.172.in-addr.arpa.

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: setservers fqdn

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: config->n_resolver = 7, generation 273338914027, last 273338914027

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: generation number 273338914027 same, not processing

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: uDNS_SetupDNSConfig: No configuration change

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPreferencesSetNames not invoking helper prevoldnicelabel iPad, prevnewnicelabel iPad, old iPad, new iPad

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPreferencesSetNames not invoking helper prevoldhostlabel iPad, prevnewhostlabel iPad, old iPad, new iPad

Feb 2 22:10:25 iPad mDNSResponder[109] <Info>: mDNSPlatformSetDNSConfig: RegDomains BrowseDomains

----

Replies  2
Boosts  0
Views  4.6k
Participants  3
aruba.apple.developer OP
Jul ’17

Hi,

I have an issue with Mac and IOS DNS resolution.

we have our own app which is running by using our custom VPN.The issue is when we are connecting VPN with Split Tunnel mode not able to access our intranets. Using scutil --dns command we found

  1. DNS servers configured by ISP will be in 1st resolver list (list contains Domains and nameservers).
  2. DNS servers configured by VPN connection will be in 2nd resolver list.

Ex: If we configured xyz.com as domain suffix then DNS request for any abc.xyz.com gets resolved.But we tries to access other internal sites like pqr.com (not configured domain) doesn’t get resolved.


Tried Solutions:

1. SCDynamicStore System Configuration API's but its working only with root priviledges.( Our VPN is working with Plugin which dont have any root access)

2. Set kSCPropNetDNSSearchDomains,kSCPropNetDNSDomainName and kSCPropNetDNSSupplementalMatchDomains. But its setting values only in resolver 2.


Questions:

1. Programmatically Is there any way to set VPN Configured DNS Server as a 1st resolver?

2. If the above is not possibles is there any right APIs to update the DNS server list to send all DNS traffic to the VPN configured DNS Server? (These APIs need to be used inside a plugin which doesn’t have root privileges).


Any help is much appreciated.

Please help me what may be going wrong?


Thanks,

Priya

0
HamStar OP
Aug ’20
Hi, did you ever resolve this? I am trying to make a DNS only vpn
0
iOS: Always-On VPN and DNS resolution
First post date Last post date
 
 
Q