We have developed a DNS filter based on NEDNSProxyProvider. It works great for a minute, then it stops responding. Our logs indicate that during the outage our extension gets DNS requests and formulates DNS responses that it hands back to the OS, but from outside of our code it is as though our extension is not responding.
It’d help if you included more details about the context of this problem and what you’ve done to investigate it at your end. I have general suggestions on that front in Quinn’s Top Ten DevForums Tips.
Specifically, I’m presuming that this macOS, but please let me know otherwise.
Also, have you tested this in the latest macOS 15.4 beta (15.4b4, 24E5238a)? It has some improvements in this space (r. 145825628) and it’s possible that it might change this story.
I’m not aware of any systematic problem with DNS proxy providers on current systems. Still, it’s tricky to implement them correctly, meaning there’s a wide scope for problems both within your code and the OS itself.
In situations like this I try to simplify the problem as much as possible. For example, I might create a small test program that issues a DNS request directly using BSD Sockets [1]. If you do this over a connected UDP socket then each socket will appear to the DNS proxy as a new UDP flow (NEAppProxyUDPFlow), and each request is a new datagram on that flow. Then wait for the problem to show up. Does a new request show up in the proxy? Does a new flow show up in the proxy?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] This breaks my “don’t do you own DNS resolution” rule, but it’s only for testing.
I seem trapped in Apple Support Labyrinth. I try to get paid support, but you tell me to post to the forum. I post here and you give me a Top 10 telling me to post to paid support. Can you please transfer this problem to a paid support ticket?
I believe you’re thinking of DTS’s previous tech support incident process. In May 2024 we replaced that with a new process called code-level support requests. DTS receives many such requests and we redirect the vast majority of them to the forums so that all developers can benefit from our work. And that’s what I did in this case.
I’ve also asked you to post extra details about your setup because then you’re in control of the information that you share. I don’t want to unilaterally share info from your original support request because I’m not sure which bits of that you consider to be private.
If you respond to the suggestions I made in my previous reply here, I’d be happy to resume looking at your technical issue.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Can you escalate this to a code-level support request please?