We have a macOS system extension with NETransparentProxyProvider which is able to intercept traffic and handle it. We also wanted to setup few search domains from our network extension. However, unlike PacketTunnelProvider, NEDNSSettings are completely ignored with NETransparentProxyProvider. So whats the best way to setup few DNS search domains when using NETransparentProxyProvider.
Setup SearchDomains with NETransparentProxyProvider
whats the best way to setup few DNS search domains when using NETransparentProxyProvider.
There isn’t one. I mean, transparent proxies are kinda meant to be transparent, and monkeying with search domains is anything but (-:
However, there are other options in this space. For example, if your product is deployed in a managed environment, you can instruct the site admin to include these search domains.
In an unmanaged environment you might be able to apply these settings using NEDNSSettingsManager. It’s focus is on encrypted DNS settings (NEDNSOverHTTPSSettings or NEDNSOverTLSSettings). I’ve never tried it with standard DNS settings (NEDNSSettings) but I can’t see anything that would explicitly block that.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
if your product is deployed in a managed environment, you can instruct the site admin to include these search domains.
Yes, we are looking for a solution for managed environments. Can you please share more details about this? Any sample payload?
I looked up documentations and could not find any payload to always apply search domains without applying secure DNS settings or settings limited to specific Wi-Fi or network.
We want to just push few DNS search domains to all managed machines for any type of network they connect to at any location without enforcing secure DNS.
I looked up documentations and could not find any payload to always apply search domains
Yeah, I think you’re right. I only deal with configuration profiles tangentially, and I just assumed that this would be possible. The experts on this tech lurk over in Apple Support Community, run by Apple Support, and specifically in the Business and Education topic area, so you could try asking there.
Just for my own education, did you try the NEDNSSettingsManager approach?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
When I looked up documentation of NEDNSSettingsManager I noticed below point for NEDNSSettingsManager.dnsSettings:
This property can be set to either an NEDNSOverHTTPSSettings object or an NEDNSOverTLSSettings object.
So I preferred MDM option given we do have a managed environment. Do you think standard DNSSettings still should work? I can give it a try in that case.