dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity

fix: scope mobileconfig DNS to Wi-Fi only via OnDemandRules

Browse Source 
Without OnDemandRules, iOS applies the DoT profile globally —
cellular DNS breaks when the phone leaves the LAN.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Razvan Dimescu
2026-04-10 19:49:14 +03:00
parent 921ed68d54
commit 2afb8adc7d
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,3 +3,4 @@
CLAUDE.md CLAUDE.md
docs/ docs/
site/blog/posts/ site/blog/posts/
ios/

17
src/mobileconfig.rs
View File

@@ -144,8 +144,6 @@ fn build_ca_payload(ca_pem: &str) -> String {
} }
/// Render the `com.apple.dnsSettings.managed` payload dict for Full mode. /// Render the `com.apple.dnsSettings.managed` payload dict for Full mode.
/// Pins the device to Numa as its system resolver over DoT with
/// `ServerName = "numa.numa"` (must match the DoT cert SAN).
fn build_dns_payload(lan_ip: Ipv4Addr) -> String { fn build_dns_payload(lan_ip: Ipv4Addr) -> String {
format!( format!(
r#" <dict> r#" <dict>
@@ -160,8 +158,21 @@ fn build_dns_payload(lan_ip: Ipv4Addr) -> String {
<key>ServerName</key> <key>ServerName</key>
<string>numa.numa</string> <string>numa.numa</string>
</dict> </dict>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
<dict>
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>
<key>PayloadDescription</key> <key>PayloadDescription</key>
<string>Routes all DNS queries through Numa over DNS-over-TLS</string> <string>Routes DNS queries through Numa over DoT when on Wi-Fi</string>
<key>PayloadDisplayName</key> <key>PayloadDisplayName</key>
<string>Numa DNS-over-TLS</string> <string>Numa DNS-over-TLS</string>
<key>PayloadIdentifier</key> <key>PayloadIdentifier</key>