dealing with WAN/VPN DNS in iOS devices
dealing with WAN/VPN DNS in iOS devices
I've been struggling with this for a while now and I need help right away. The latest iOS version is confusing me. I have several self-hosted VPN setups. I tried OpenVPN, WireGuard, and Xray, but none of them let me configure a custom DNS server (10.0.1.1). It sometimes picks the system settings or Cloudflare, never what I need. I definitely don’t want my DNS exposed over the WAN. How can I set up my own DNS in iOS with these VPN clients while keeping it secure? Every other platform works fine.
For WireGuard, add DNS 10.0.1.1 in the [Interface] part of your .conf file and then upload it to the WireGuard iOS app. With OpenVPN, set the DNS from the server config to 10.0.1.1; otherwise the app usually uses system or Cloudflare. Some third-party tools like Shadowrocket work better than the built-in apps. On iOS, you may need to configure the DNS directly in the VPN settings, as the OS often ignores it.
It doesn't function properly for me, especially with those tools I'm used to. The DNS adjustments seem to work on Android, Windows, and TunnelBlick, but not on iOS.
It’s frustrating when iOS’s network stack skips pushed DNS unless the app specifically requests it. That’s why Tunnelblick functions well on macOS but not on iOS. You might consider using Passepartout or Streisand profiles. The best solution I’ve encountered is to use a VPN profile via Shadowrocket or another tool that bypasses iOS restrictions. It’s not perfect, but it works around the limitations rather than relying on WireGuard or OpenVPN configurations.
I use tailscale and it generally functions well. My local Pihole DNS is set up to send those records to the app, and the phone responds mostly correctly. I don’t see ads, which means it’s working, but some of my internal DNS entries managed by the nginx proxy manager aren’t behaving as expected—some do, others don’t. It’s confusing because I’m not sure everything is set up properly.