I need to make sure my IOS app requires DNSSec when it connects to a given server. How can I make sure the DNS calls are always using this?
You have to incorporate a DNS library to your source code. Try using libunbound. With libunbound you can verify the DNSSEC answer. With that, you can try to use DANE for securing your SSL certificate.
DNSSEC is available on the OS level with iOS 10+ as part of the dnssd Framework. You use it by using the kDNSServiceFlagsValidate flag when querying the DNS using DNSServiceQueryRecord.
If you want to secure your TLS connection you have to implement the dns query in URLSessions urlSession(_:didReceive:completionHandler:)
method.
However, you should be aware that there are public dns servers out there (like i.e. OpenDNS), that do not support DNSSEC.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With