ameshkov
commented
5 months ago Does this Net Analyzer tool uses a local VPN approach to intercept the device traffic?
When there's an active VPN, iOS ignores DNS profile.
Closed donald2612 closed 5 months ago
ameshkov
commented
5 months ago Does this Net Analyzer tool uses a local VPN approach to intercept the device traffic?
When there's an active VPN, iOS ignores DNS profile.
donald2612
commented
4 months ago No VPN used, the tool examines the network adapter of the cellular-IF and uses the shown carrier DNS:
donald2612
commented
4 months ago "ISC Dig" is freeware and does also do this:
ameshkov
commented
4 months ago DNS profile does not change the interface settings.
As far as I understand, when DNS profile is used all requests that use NSURLSession API will use the DNS profile for the lookups. Low-level code won't be routed there so dig will still use the interface's DNS settings.
donald2612
commented
4 months ago Thank you for your answer! The question that raises is simply if Apple can regulate this behaviour on the app-basis, which I don't believe. If it can be avoided by apps to use the DNS-profile, then simply every app-developer would favour this route to get unfiltered replies from DHCP supplied DNS-servers, if they implement "low-level-code" DNS. So the user should not be left in the assumption that an app is not able to undermine a set profile, am I not right in this point?
ameshkov
commented
4 months ago This is indeed possible and app developers can circumvent the DNS profile and use whatever DNS server they prefer.
So far I've not seen any apps doing that, but you're right, overall implementation of DNS profile is a bit misleading.
donald2612
commented
4 months ago Good to know, I really appreciate your comment!!
What concerns me most, is that with DOH coming from our own apps, we will lose any filtering technique that can be done without lots of effort, and TV-sets that even use private-VPN to talk to their servers. What a dark future - and it can't be avoidable... I guess the war with this has just begun but we are still in team Green for now...
Hello!
I am wondering, after I've tested DNS-queries with an app called "Net Analyzer"
During this test I was only connected to my mobile carrier. The app did not use the installed AdGuardDNS-profile from the profile constructor, but instead was able to talk directly with the carriers DNS.
This app may be able to do this because of evelated rights it somehow has, but I did not not give any permissions to it. The question that arises can be already be guessed. When this app can talk directly to DNS, can every other app do this as well?
Or does Apple have secret permission structures, that I do not know of?