Closed donald2612 closed 5 months ago
Does this Net Analyzer tool uses a local VPN approach to intercept the device traffic?
When there's an active VPN, iOS ignores DNS profile.
No VPN used, the tool examines the network adapter of the cellular-IF and uses the shown carrier DNS:
"ISC Dig" is freeware and does also do this:
DNS profile does not change the interface settings.
As far as I understand, when DNS profile is used all requests that use NSURLSession
API will use the DNS profile for the lookups. Low-level code won't be routed there so dig will still use the interface's DNS settings.
Thank you for your answer! The question that raises is simply if Apple can regulate this behaviour on the app-basis, which I don't believe. If it can be avoided by apps to use the DNS-profile, then simply every app-developer would favour this route to get unfiltered replies from DHCP supplied DNS-servers, if they implement "low-level-code" DNS. So the user should not be left in the assumption that an app is not able to undermine a set profile, am I not right in this point?
This is indeed possible and app developers can circumvent the DNS profile and use whatever DNS server they prefer.
So far I've not seen any apps doing that, but you're right, overall implementation of DNS profile is a bit misleading.
Good to know, I really appreciate your comment!!
What concerns me most, is that with DOH coming from our own apps, we will lose any filtering technique that can be done without lots of effort, and TV-sets that even use private-VPN to talk to their servers. What a dark future - and it can't be avoidable... I guess the war with this has just begun but we are still in team Green for now...
Hello!
I am wondering, after I've tested DNS-queries with an app called "Net Analyzer"
During this test I was only connected to my mobile carrier. The app did not use the installed AdGuardDNS-profile from the profile constructor, but instead was able to talk directly with the carriers DNS.
This app may be able to do this because of evelated rights it somehow has, but I did not not give any permissions to it. The question that arises can be already be guessed. When this app can talk directly to DNS, can every other app do this as well?
Or does Apple have secret permission structures, that I do not know of?