Menu
What's new
By:
Filters Better Search

DNS Filter issues with iOS devices when iCloud private relay is on

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mr.Navigator

New Around Here
Hello all,

I'm experiencing issues specifically on iOS devices with private relay on, as it is bypassing DNS Filter entirely, meaning it's not blocking adult websites. I've tried different filters, even manually assigning the MAC address of a device to use the router settings, but no matter what I do, it's just not behaving as expected. Even manually setting the DNS IPv4 and IPv6 on the device, won't block adult websites. Issue is non-reproducible in windows devices and when private relay is disabled. Has anyone encounter a similar issue or dealing with a similar situation? What is your suggestion or resolution?

1680929816482.png


1680929847780.png


1680929868516.png
 
They use either DNS-over-TLS or DNS-over-HTTPS, which cannot be redirected by DNS Director because it uses a secure TLS connection to ensure that the DNS request isn't hijacked - which is what DNS Director in effect, hijacking DNS queries.

So you have to chose: Private Relay, or DNS Director. Can't use both.
 
Mr.Navigator said:
Hello all,

I'm experiencing issues specifically on iOS devices with private relay on, as it is bypassing DNS Filter entirely, meaning it's not blocking adult websites. I've tried different filters, even manually assigning the MAC address of a device to use the router settings, but no matter what I do, it's just not behaving as expected. Even manually setting the DNS IPv4 and IPv6 on the device, won't block adult websites. Issue is non-reproducible in windows devices and when private relay is disabled. Has anyone encounter a similar issue or dealing with a similar situation? What is your suggestion or resolution?

View attachment 49145

View attachment 49146

View attachment 49147
Click to expand...
So far as I know, Apple Private Relay makes its own DNS arrangements independent of the router.
The only way to enforce your own DNS with Private Relay is to include it in a DNS profile, installed on each client.
Profile/s can be found here, maybe elsewhere as well?

Encrypted DNS Party

Encrypted DNS Configuration Profiles for Apple Devices
encrypted-dns.party encrypted-dns.party
 
Last edited:
  • Like
Reactions: fsb
I tried adding to dnsmasq.conf.add

#block private relay
address=/mask.icloud.com/
address=/mask-h2.icloud.com/

which should (I think) show mask.icloud.com etc, as non existent hosts

which works from nslookup (on my machine)

500:[~]$ nslookup mask.icloud.com
Server: 2601:646:9e80:bb47::1
Address: 2601:646:9e80:bb47::1#53

** server can't find mask.icloud.com: NXDOMAIN

but when i turn on private relay it still works. I really want to block it completely. anyone figured out how?
 
vdemarco said:
I tried adding to dnsmasq.conf.add

#block private relay
address=/mask.icloud.com/
address=/mask-h2.icloud.com/

which should (I think) show mask.icloud.com etc, as non existent hosts

which works from nslookup (on my machine)

500:[~]$ nslookup mask.icloud.com
Server: 2601:646:9e80:bb47::1
Address: 2601:646:9e80:bb47::1#53

** server can't find mask.icloud.com: NXDOMAIN

but when i turn on private relay it still works. I really want to block it completely. anyone figured out how?
Click to expand...
Not possible IMHO.
Private relay bypasses dnsmasq totally, so whatever changes you make there will be irrelevant.
 
You must log in or register to reply here.

Similar threads

A
DNS Director - Issues when using Private DNS on mobile devices
Replies
15
Views
2K
Unetwork
U
M
Diversion SOLVED - Diversion not working on iPhone, all other devices protected
Replies
7
Views
2K
martinr
M
D
Solved Work-around for Wyze Devices with issues when Router has DNS-over-TLS (DoT) Enabled
Replies
4
Views
3K
DroidST
D
ftahumour
[AsusWrt-Merlin] DNS Resolution Issue with Netflix service only when connected to VPN server?
Replies
2
Views
4K
ftahumour
ftahumour
T
Internet not working on mobile devices mainly apps
Replies
0
Views
1K
Tingu
T
Similar threads
Thread starter Title Forum Replies Date
D Solved Openvpn client dns Asuswrt-Merlin 2
S Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
Preskitt.man DNS Issue?? AX5800 Pro Issue?? Asuswrt-Merlin 2
H DNS-rebind attack detected: farm.plista.com. etc...?? Asuswrt-Merlin 3
plapic DNS Director Asuswrt-Merlin 7
P DNS Director - Proprietary? Asuswrt-Merlin 6
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
Panic Button Wireguard client optional DNS Server setting Asuswrt-Merlin 2
M RT-AX86U and DNS Privacy over USB WAN Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 743 (members: 21, guests: 722)
Top