Fall back to network settings when no DNS servers

Rather than forcing CloudFlare (by default). Fixes #197
passepartoutvpn · Jan 26, 2021 · 0f097d5 · 0f097d5
1 parent 9567be7
commit 0f097d5
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5
 - Support DNS over HTTPS (DoH) and TLS (DoT).
 
+### Fixed
+
+- Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197)
+
 ## 3.2.0 (2021-01-07)
 
 ### Changed

diff --git a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider.swift
@@ -682,17 +682,9 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
             return
         }
 
-        var dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? []
+        let dnsServers = cfg.sessionConfiguration.dnsServers ?? options.dnsServers ?? []
 
-        // fall back
-        if !dnsServers.isEmpty {
-            log.info("DNS: Using servers \(dnsServers.maskedDescription)")
-        } else {
-            log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)")
-            dnsServers = fallbackDNSServers
-        }
-
-        var dnsSettings = NEDNSSettings(servers: dnsServers)
+        var dnsSettings: NEDNSSettings?
         if #available(iOS 14, macOS 11, *) {
             switch cfg.sessionConfiguration.dnsProtocol {
             case .https:
@@ -702,31 +694,43 @@ extension OpenVPNTunnelProvider: OpenVPNSessionDelegate {
                 let specific = NEDNSOverHTTPSSettings(servers: dnsServers)
                 specific.serverURL = serverURL
                 dnsSettings = specific
-
+                log.info("DNS: Using HTTPS server \(serverURL.maskedDescription)")
+
             case .tls:
                 guard let serverName = cfg.sessionConfiguration.dnsTLSServerName else {
                     break
                 }
                 let specific = NEDNSOverTLSSettings(servers: dnsServers)
                 specific.serverName = serverName
                 dnsSettings = specific
+                log.info("DNS: Using TLS server name \(serverName.maskedDescription)")
 
             default:
                 break
             }
         }
 
+        // fall back
+        if dnsSettings == nil && !dnsServers.isEmpty {
+            log.info("DNS: Using servers \(dnsServers.maskedDescription)")
+            dnsSettings = NEDNSSettings(servers: dnsServers)
+        } else {
+//            log.warning("DNS: No servers provided, using fall-back servers: \(fallbackDNSServers.maskedDescription)")
+//            dnsSettings = NEDNSSettings(servers: fallbackDNSServers)
+            log.warning("DNS: No settings provided, using current network settings")
+        }
+
         // "hack" for split DNS (i.e. use VPN only for DNS)
         if !isGateway {
-            dnsSettings.matchDomains = [""]
+            dnsSettings?.matchDomains = [""]
         }
 
         if let searchDomains = cfg.sessionConfiguration.searchDomains ?? options.searchDomains {
             log.info("DNS: Using search domains \(searchDomains.maskedDescription)")
-            dnsSettings.domainName = searchDomains.first
-            dnsSettings.searchDomains = searchDomains
+            dnsSettings?.domainName = searchDomains.first
+            dnsSettings?.searchDomains = searchDomains
             if !isGateway {
-                dnsSettings.matchDomains = dnsSettings.searchDomains
+                dnsSettings?.matchDomains = dnsSettings?.searchDomains
             }
         }