I’m using an NETransparentProxyProvider where I add UDP-53 rules to intercept DNS queries from a private application. These queries are resolved locally on the endpoint by returning a custom DNS response.
Example Rules look like this:
NENetworkRule(destinationHost: NWHostEndpoint(hostname: "mypaapp.com", port: 53),protocol:.UDP)
This works as expected through browser and ping. handleNewUDPFlow/handleNewFlow with NEAppProxyUDPFlow gets called where custom dns response get written.
Using nslookup mypaapp.com doesn't works.
Why does this behaves differently for nslookup?
nslookup, being a test tool, has its own resolver, meaning it runs UDP flows and TCP connections directly on port 53. ISTR that DNS flows are treated specially by the transparent proxy subsystem. Now where is that…
Right. Check out the doc comments in <NetworkExtension/NETransparentProxyNetworkSettings.h>.
If you want to intercept DNS flows, use a DNS proxy provider.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"