Apple released iOS 9, which powers iPads, iPhones and the iPod Touch, on Sept. 16. About a week ahead of the official iOS 9 release, Cisco reported via Facebook that the “Tunnel All DNS” feature of its AnyConnect VPN service for mobile devices does not work correctly with the new operating system.
Tunnel All DNS prevents the VPN connection from using local DNS servers for name resolution. In other words, it forces all DNS requests to go to the VPN server, where they are encrypted and hidden from third parties.
If a device connected to a VPN uses local DNS servers, people with access to those servers can monitor which sites a user is connecting to, even if his or her Internet connection is encrypted.
What’s more, according to Tech Times, the problem “is not limited to AnyConnect and is believed to affect other SSL VPN clients out in the market.” So this issue affects everyone, not just Cisco clients.
The DNS resolution issue doesn’t affect Mac OS X, the version of Apple’s operating system for laptops and desktops. And it doesn’t prevent iOS 9 devices from connecting to VPNs or encrypting their traffic through them. It just causes DNS leaks. In a way, that’s worse than causing the VPN not to work at all, because protecting your privacy by using a VPN provides a false sense of security if your DNS requests are leaking over the VPN.
Although Cisco reported having notified Apple about the DNS leak issue in iOS 9, a fix has yet to appear. For now, the easiest solution is to avoid using iOS 9. If you can’t, check out our tips on dealing with VPN DNS leak issue, including configuring a private DNS service so that your browsing patterns will remain private even if your DNS requests leak.