Hidden VPN/DNS Gem in Apple's iOS4.1 announcement today

September 2, 2010    

I’ve been on-again, off-again fighting with getting my iPhone 4 to talk to a Cisco VPN concentrator to connect to a company internal network.  The iPhone would connect, but it couldn’t resolve any names, but my iPad worked with no issues.Turns out, the problem was with iOS 4.0.x’s implementation of  Multicast DNS.  According to this IETF draft, ‘…Any DNS query for a name ending with “.local.” MUST be sent to the mDNS multicast address…’, which Apple took literally for iOS 4.  Turns out the company whose VPN I’ve been having trouble with uses .local as their internal DNS domain.Although there’s no documentation I’ve been able to find, it seems that iOS 4.1 changes this behavior, because after updating my iPhone 4 to the iOS 4.1 GM seed today, it started being able to resolve the .local addresses just fine.As an added bonus, under 4.0, the iPhone would ask for a password every time I tried to connect to the VPN.  Under 4.1 (or 3.2), the password is saved like you would expect.