My Android app uses the VpnService API. The app makes some connections, starts a VpnService and shuttles data to-and-fro. Fairly normal.
While the VpnService is active, under particular circumstances I need to make an HttpsURLConnection to a remote server, and I need to do it outside of the VPN.
I can use HttpsURLConnection.SetSSLSocketFactory() with an appropriate SSLSocketFactory which protects the underlying socket from the VPN -- but the DNS lookup (performed internally to the HttpsURLConnection) goes through the VPN.
Is there a way to protect the DNS lookup (which boils down to a call by okhttp to InetAddress.getAllByName()) from the VPN?