Support iOS DNS settings without a VPN profile

[Mikaela]

As iOS 14 supports encrypted DNS without creating a VPN profile and it can be used together with a VPN (when VPN is disconnected, the DNS app is returned to), I think DNSCloak should support it.

The native DNS settings also show indication when current network is blocking connection to the server and it doesn't show a logo on the status bar (unlike the constant [VPN].

[Mikaela]

I forgot to add this link on a talk how to do it while I didn't find actual documentatin.

• https://developer.apple.com/videos/play/wwdc2020/10047/

[s-s]

Unfortunately, will not work. DNSCloak relies on a dnscrypt-proxy instance running in background. Vanilla iOS does not let a developer to run his code in background (strictly speaking, it is, but Apple checks for such "tricks" during review process), except for some predefined use-cases. The only option for networking app to have a background code running is to put it inside an instance of Network Extension service, where it fits naturally. Such service is listed as a "VPN profile" on iOS and runs once such profile activated. This is what DNSCloak does under the hood, no surprises.

New iOS 14 DNS feature (https://developer.apple.com/documentation/networkextension/dns_settings) just lets one to manage systemwide DNS configuration from the main app by specifying some custom DNS resolver (DoH/DoT), but doesn't provide any option to run custom client (i.e. dnscrypt-proxy). So, no features of dnscrypt-proxy can be used...