Apple TV and Alexa devices seem to directly use Quad9

VorlonCD · June 29, 2023, 4:28pm

So I noticed that my Apple TV device was hitting dns.quad9.net pretty hard with no virtually no other lookups from those devices.

This bothered me greatly.

First I forced my pihole IP in Apple TV network settings. But it STILL only queries quad9!!

I blocked dns.quad9.net and started getting a lot more regular looking queries from Apple TV - Good! It still works fine as far as I can tell. But who knows what will be broke down the road.

Also, all my Alexa devices have an annoying orange blink now. Can still control devices, get weather, etc but I may not know for a while if something random is broke.

Before I blocked quad9 completely, I tried redirecting dns.quad9.net to my pihole ip. But it didnt seem to help at all. Was still only getting quad9 requests from Apple TV. This is what it looks like in pihole.log using a custom dns record (.217 is apple, .6 is pihole):

query[A] dns.quad9.net from 10.0.1.217
/etc/pihole/custom.list dns.quad9.net is 10.0.1.6
query[HTTPS] dns.quad9.net from 10.0.1.217
forwarded dns.quad9.net to 149.112.112.112
reply dns.quad9.net is NODATA

Is there a better way to go about this?

Pihole - latest docker image, DHCP enabled. Note that I ONLY use quad9 in pihole.
Router - DHCP disabled, using asuswrt-Merlin > DNS director to force DNS to my pihole.

Thanks!

jfb · June 29, 2023, 7:55pm

This may be an indicator that the Apple TV is using Pi-hole for DNS. If it were using Quad9 directly (hard coded or otherwise), the DNS traffic should not appear in Pi-hole. If it were trying to use Quad9 for DNS, it seems most likely that the IP would be hardcoded in and the device would not be asking its current DNS resolver (Pi-hole) for the IP.

Run this command from the Pi terminal to see all the DNS queries from that Apple TV over the past few days:

sudo grep 10.0.1.217 /var/log/pihole/pihole.log*

I will note that I have multiple Apple TV's in use on my home network, all using Pi-hole for DNS. I have not seen any traffic from any of the Apple TV's for a quad9 domain name, nor any indication that DNS queries are going to a DNS server other than Pi-hole.

system · July 20, 2023, 7:55pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.