Expected Behaviour: iPhone IOS 15.0.2 with private relay enabled shows isn't compatible with iCloud Private Relay, and should be. Actual Behaviour: Setting the iphone to use 8.8.8.8 on the same WiFi network allows icloud private relay to work. Disabling pi-hole or allow-listing an individual clien…

Add special handling of iCloud Private Relay domains Implement special handling of Apple iCloud Private Relay domains to prevent Apple devices from bypassing Pi-hole. [image] Pi-hole FTL v5.10.1, Web v5.7 and Core v5.5 released Announcements Originally pub…

But I want to allow network users to use Private Relay if they want, I don't care about globally disabling it. There's something not working correctly at the moment - or have I misunderstood the changes in 5.10.1 (I am on 5.10.2) which means that pi-hole will always NXDOMAIN the Apple domains irres…

[image] bobbob: But I want to allow network users to use Private Relay if they want Do as said above: [image] yubiuser: You can turn it off by setting BLOCK_ICLOUD_PR=false in /etc/pihole/pihole-FTL.conf followed by a pihole restartdns

OK, great that works. Yes, I fully accept I need to read the instructions but having DNS behaviour overridden in a non obvious way is a bit frustrating. Thanks for the help!

[image] bobbob: There's something not working correctly at the moment - or have I misunderstood the changes in 5.10.1 (I am on 5.10.2) which means that pi-hole will always NXDOMAIN the Apple domains irrespective of what the query log says? Yes. As long as you don't disable the option in the c…

The query log was always showing as permitted, yes, hence it was not obvious to work out what was going on. I assumed the query log was the "truth" but I guess FTL has its own behaviour downstream.

And the Reply? Should have been NXDOMAIN.

I'm pretty sure it was A/AAAA OK/Cached. but I've had to blow the Docker image away and start again now, so sorry, can't easily check. I'm 99% sure I also checked on other clients using the pi-hole for valid nslookup entries for the Apple domains as well when I was troubleshooting.

[image] bobbob: overridden in a non obvious way What would be a more obvious but still not obtrusive way? We block the Mozilla canary domain the same way. Mozilla even asks developers of projects to do this to preserve local DNS functionality. It is handled by a similar config flag.

It's totally legit functionality - I guess if it were a web UI tick box instead of text config maybe? Or that the query log said "Blocked by FTL config" ?

Pi-hole Userspace

iCloud Private Relay Not Working

Help

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled