DNS provided through VPN is broken on iOS 16

TL;DR: You must define your DNS server using an IPv4 AND IPv6 address.

I have been using the built in VPNs on MacOS and iOS for years now. For a long time I used OS X server as the VPN server, but when Apple abandoned it I moved to linked and decided to harden the connection. Although it hasn’t always been smooth sailing it has been reliable and it gets the job done. Sometime though there is a monkey wrench thrown in. That was the case a few days ago when I updated to iOS 16.

The introduction of iOS 16 seems to have somehow affected the way that DNS is handled. Since on the iPhone you can only see the setting for DNS specific to wifi networks tracking this one down was a nightmare. In fact I am still not 100% sure I know exactly what has happened, but I did get DNS over the VPN working again. To understand what happened here it will be helpful to understand the way I have the server and network setup. In terms of DNS I have my custom DNS set in the primary router. My VPN server sites behind it and has ported forwarded to it. Once a client connects to the VPN that router is provided as primary DNS and the DNS server itself internally is the secondary.

This works fine on my macOS devices and worked great on iOS 15, however when I upgraded to iOS 16 internal DNS stopped resolving. After lots of testing I started to suspect IPv6 only because I never setup a static for the DNS server or defined it anywhere. The first thing I tried was turning off IPv6 and restarting devices. This didn’t do anything. After some more testing I finally went and gave the DNS server a static IPv6 and put that into the router to hand out to client. This was the magic sauce that fixed the issue.

I’m still not sure why or how this was finally what solved the problem, but hopefully this helps someone else!

Leave a Reply