-1

I have created a local DNS server using BIND9. It is just a simple DNS server that forwards queries to 1.1.1.1. When I use this as the only manual DNS server on my iOS device, it works fine. However when I add a secondary DNS server such as 8.8.8.8 as a failover, the secondary server always gets preferred. I read that this could be because of iOS preferring servers that support DoH/DoT, but could this actually be the case if I am using an IP address (8.8.8.8) instead of a domain name. I thought DoT/DoH servers required clients to use their domain name. Has someone else encountered this issue and been successful in resolving it?

M9A
  • 117
  • 3
  • `my iOS device` what is the results with your other endpoint types? – Greg Askew Aug 14 '23 at 07:16
  • On Windows and Android devices which I have checked on, the primary DNS server is always preferred – M9A Aug 14 '23 at 07:23
  • It seems simpler to state that iPhones are not working with the DNS server. – Greg Askew Aug 14 '23 at 07:38
  • But why does it work in iOS if it is the only DNS server but once I add a public server as secondary then iOS seems to pick the public one every single time even though its the secondary one – M9A Aug 14 '23 at 08:09
  • 1
    What does a packet capture show? – Greg Askew Aug 14 '23 at 08:19
  • I can see requests being made to _dns.resolver.arpa but that’s all. Everything else is clearly going to the public server – M9A Aug 14 '23 at 08:47
  • I believe that even Windows 10 by default now may query all DNS servers and use the first response. That is a feature and has been discussed frequently on SuperUser. Not sure if iPhones have a similar feature. That client default lack of determinism and if it is configurable like Windows is probably off topic for this forum though. Also it's unorthodox for a business to co mingle internal and external DNS for endpoints, that is usually not a good practice. – Greg Askew Aug 14 '23 at 10:12
  • What do you mean by using the first response? Is this the one that returns a response the quickest? Do you think it could be to do with DoH/DoT as the iOS client gives preference to that? – M9A Aug 14 '23 at 10:29
  • I mean this iPhone client behavior may be a better fit for SuperUser. – Greg Askew Aug 14 '23 at 11:59

0 Answers0