Expected behavior of searchDomains

Question

Created 1d

Replies 2

Boosts 0

Participants 2

Based on https://developer.apple.com/documentation/networkextension/nednssettings/searchdomains , we expect the values mentioned in searchDomains to be appended to a single label DNS query. However, we are not seeing this behavior.

We have a packetTunnelProvider VPN, where we set searchDomains to a dns suffix (for ex: test.com) and we set matchDomains to applications and suffix (for ex: abc.com and test.com) . When a user tries to access https://myapp , we expect to see a DNS query packet for myapp.test.com . However, this is not happening when matchDomainsNoSearch is set to true. https://developer.apple.com/documentation/networkextension/nednssettings/matchdomainsnosearch

When matchDomainsNoSearch is set to false, we see dns queries for myapp.test.com and myapp.abc.com.

What is the expected behavior of searchDomains?

Boost

Answer 1

DTS Engineer OP

Apple

9h

My understanding of these settings is pretty much aligned with yours. I would expect that if you have these settings:

dns.searchDomains = ["abc.com", "def.com"]
dns.matchDomains = ["ghi.com", "jkl.com"]
dns.matchDomainsNoSearch = true

then resolving myapp would look for myapp.abc.com and myapp.def.com. If that’s not working, then we’re probably in bug report territory.

Before you do that, however, I want to check how you’re actually resolving the address. Are you sure you’re using the system resolver? For example, Safari, URLSession, or Network framework.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

akshit_ak OP

8h

Hey Quinn, thank you for your reply. I am seeing this on iOS. An end user enters a single label field in a browser (tested with Safari and Chrome). For example, user enters https://myapp in Safari while my packetTunnelProvider VPN is connected, but we never see the DNS packet.

0