Fall back to configurable preset DNS servers

Default to CloudFlare 1.1.1.1 Hard time making it work with system DNS servers. Retry later.
2019-04-25 16:32:22 +02:00 · 2019-04-25 16:32:22 +02:00 · b8cd969a1a
parent 31d9019f1a
commit b8cd969a1a
2 changed files with 30 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 - SoftEther sends an incomplete PUSH_REPLY. [#86](https://github.com/keeshux/tunnelkit/issues/86)
 - Authentication/Decrypt errors with TLS wrapping. [#88](https://github.com/keeshux/tunnelkit/issues/88), [#61](https://github.com/keeshux/tunnelkit/issues/61)
+- Broken DNS when no servers provided. [#84](https://github.com/keeshux/tunnelkit/issues/84)

 ## 1.6.2 (2019-04-17)

--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider.swift
@ -37,6 +37,7 @@

 import NetworkExtension
 import SwiftyBeaver
+import __TunnelKitNative

 private let log = SwiftyBeaver.self

@ -75,6 +76,9 @@ open class TunnelKitProvider: NEPacketTunnelProvider {
    /// The number of milliseconds between data count updates. Set to 0 to disable updates (default).
    public var dataCountInterval = 0
    
+    /// A list of fallback DNS servers when none provided (defaults to "1.1.1.1").
+    public var fallbackDNSServers = ["1.1.1.1"]
+    
    // MARK: Constants
    
    private let memoryLog = MemoryDestination()
@ -577,13 +581,31 @@ extension TunnelKitProvider: SessionProxyDelegate {
        if let replyDNSServers = reply.options.dnsServers {
            dnsServers.append(contentsOf: replyDNSServers)
        }
-        // FIXME: default to DNS servers from current network instead
-        if !dnsServers.isEmpty {
-            dnsSettings = NEDNSSettings(servers: dnsServers)
-            if let searchDomain = cfg.sessionConfiguration.searchDomain ?? reply.options.searchDomain {
-                dnsSettings?.domainName = searchDomain
-                dnsSettings?.searchDomains = [searchDomain]
-            }
+
+        // fall back to system-wide DNS servers
+        if dnsServers.isEmpty {
+            log.warning("DNS: No servers provided, falling back to \(fallbackDNSServers)")
+            dnsServers = fallbackDNSServers
+
+            // XXX: no quick way to make this work on Safari, even if ping and lookup work in iNetTools
+//            let systemServers = DNS().systemServers()
+//            log.warning("DNS: No servers provided, falling back to system settings: \(systemServers)")
+//            dnsServers = systemServers
+//
+//            // make DNS reachable outside VPN (yes, a controlled leak to keep things operational)
+//            for address in dnsServers {
+//                if address.contains(":") {
+//                    ipv6Settings?.excludedRoutes?.append(NEIPv6Route(destinationAddress: address, networkPrefixLength: 128))
+//                } else {
+//                    ipv4Settings?.excludedRoutes?.append(NEIPv4Route(destinationAddress: address, subnetMask: "255.255.255.255"))
+//                }
+//            }
+        }
+
+        dnsSettings = NEDNSSettings(servers: dnsServers)
+        if let searchDomain = cfg.sessionConfiguration.searchDomain ?? reply.options.searchDomain {
+            dnsSettings?.domainName = searchDomain
+            dnsSettings?.searchDomains = [searchDomain]
        }
        
        var proxySettings: NEProxySettings?