Pick proper DNS settings according to protocol

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5
+- Support DNS over HTTPS (DoH) and TLS (DoT).
 
 ## 3.2.0 (2021-01-07)
 

TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift

@@ -692,10 +692,35 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
             dnsServers = fallbackDNSServers
         }
 
-        let dnsSettings = NEDNSSettings(servers: dnsServers)
+        var dnsSettings = NEDNSSettings(servers: dnsServers)
+        if #available(iOS 14, macOS 11, *) {
+            switch cfg.sessionConfiguration.dnsProtocol {
+            case .https:
+                guard let serverURL = cfg.sessionConfiguration.dnsHTTPSURL else {
+                    break
+                }
+                let specific = NEDNSOverHTTPSSettings(servers: dnsServers)
+                specific.serverURL = serverURL
+                dnsSettings = specific
+                
+            case .tls:
+                guard let serverName = cfg.sessionConfiguration.dnsTLSServerName else {
+                    break
+                }
+                let specific = NEDNSOverTLSSettings(servers: dnsServers)
+                specific.serverName = serverName
+                dnsSettings = specific
+
+            default:
+                break
+            }
+        }
+
+        // "hack" for split DNS (i.e. use VPN only for DNS)
         if !isGateway {
             dnsSettings.matchDomains = [""]
         }
+        
         if let searchDomains = cfg.sessionConfiguration.searchDomains ?? options.searchDomains {
             log.info("DNS: Using search domains \(searchDomains.maskedDescription)")
             dnsSettings.domainName = searchDomains.first