[macOS]: DNSServiceQueryRecord is not working as per document

Hi Team,

We are using the transparent app proxy in macOS and resolving DNS queries using DNSServiceQueryRecord in the TAP process.

According to the documentation, when passing the interfaceIndex as 0, it should be queried on all interfaces, and based on IP rules, it assigns the query to that particular interface.

However, when we pass 0, it does not query any of the interfaces. We need to provide the specific interface index.

First off, a clarification on this:

According to the documentation, when passing the interfaceIndex as 0, it should be queried on all interfaces, and based on IP rules, it assigns the query to that particular interface.

There's a detail you in the documentation that's worth looking at more closely. What the DNSServiceQueryRecord class references says is:

"Passing 0 causes the name to be queried for on all interfaces. See "Constants for specifying an interface index" for more details."

That second sentence is critical. Any time our documentation says "...for more details...", that's almost always because "something" is being left out that's worth digging for. In this case, "0" is actually the constant "kDNSServiceInterfaceIndexAny", which says:

"If the client passes 0 for interface index, that means "do the right thing", which (at present) means..."

...followed by a multi-paragraph description how the flags interact. I'd also highlight the words "at present". The description present in that document probably described the systems behavior at "some" point, but I'm not at all certain that it does today. The overall goal of "kDNSServiceInterfaceIndexAny" is to provide clients with behavior that's broadly "sensible", even if/when the systems evolution changes what interfaces are available and/or how they function so that "general" clients don't need to be updated with those changes.

Finally, it's also possible the NETransparentProxyProvider extension is also a factor:

"This provider ignores NEDNSSettings and NEProxySettings specified within NETransparentProxyNetworkSettings. Flows that match the includedNetworkRules within NETransparentProxyNetworkSettings use the same DNS and proxy settings that other flows on the system currently use."

I haven't looked closely at exactly how that behavior is implemented but it probably involved changing how mDNSResponder (the daemon that implements DNSServiceQueryRecord) handled your request and it's possible your just seeing another side effect of that.

However, when we pass 0, it does not query any of the interfaces. We need to provide the specific interface index.

What interface is it failing to query?

__
Kevin Elliott
DTS Engineer, CoreOS Hardware

What interface is it failing to query?

When we provided "kDNSServiceInterfaceIndexAny," it did not reach any of the interfaces.

When we provided "kDNSServiceInterfaceIndexAny," it did not reach any of the interfaces.

What interfaces were active and which interface did you expect it to browse on? Did you verify that a bonjour browse packet was not being sent? If a bonjour browse packet was sent, did you receive any reply? What flags did you have set and what service were you browsing for?

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware

In my case, the WIFI (en0) interfaces is active. and ideally, dns query should reach to en0. Below is the API call.

DNSServiceQueryRecord(sdRef kDNSServiceFlagsReturnIntermediates | kDNSServiceFlagsTimeout, kDNSServiceInterfaceIndexAny, query, rrtype, rrclass, dns_callback, context);

We validated via Wireshark, but packets are not reaching to any interface."

[macOS]: DNSServiceQueryRecord is not working as per document
 
 
Q