On iOS, DNS over HTTPS resolver may randomly stop working when moving between network interfaces

[agottardo]

Quoting me on Slack:

I was just able to repro this at a theatre with public WiFi. I was using override public dns with a NextDNS resolver enabled, iOS was showing the encrypted DNS warning and DNS resolution was broken until I turned off CorpDNS or I switched to the corp tailnet, where DoH is not used.

Some assorted bug reports that show the issue:

BUG-b64e902406c500582fcd230df9d19fb2e34b9d872664e2c3622c3c8306fecfd7-20240602104734Z-690b0b8ca9f418f4 BUG-4f12dbf1c14e0d1ab236eab531eff35d0061a9fb53bcc6c113d70791e49b679f-20240601052301Z-3ae329ddafcba030

We don't have a 100% repro scenario yet.

@raggi suggests:

I suspect we need to set tighter timings on the DOH http conns, like short idletimeout, short headertimeout and so on, so we don’t hang on non-functional http conns to the doh resolvers

we should probably also issue a closeidleconns [...] when there’s a network change

[diegoscl]

🤚🏼 Same issue here! Actually, I have the same behavior on macOS...

[agottardo]

@diegoscl please share a bug report identifier

[diegoscl]

BUG-09c56d312020bf87677d4af581598dde93d8cf9a4c253cd37bb6fe4b06c636b3-20240606230048Z-413ede8834151ef6

My theory is that it happens especially when I switch between IPv4 (mobile or work ISP) and IPv6 (home ISP) internet connections.

[FinalPoint]

I experienced another connectivity issue with Tailscale when moving off wifi and switching to cellular. Hard to tell if it’s the same issue or something completely different.

The client was displaying two error messages:

• Cannot connect to control server
• Relay server unavailable

version: 1.69.104

Contrary to my previous issues, simply disabling and reenabling my exit node did not work. I had to disable Tailscale and reenable it to get back network connectivity.

BUG-b64e902406c500582fcd230df9d19fb2e34b9d872664e2c3622c3c8306fecfd7-20240706104455Z-5a3fb985cbdda738

cc: @agottardo