I use Pi-Hole running on a Raspberry Pi to block ads and malware for the entire house. I have to set a manual dns entry in the phone’s WiFi options. While normally browsing in Safari all ads are blocked and I can confirm using an adblock test that ads do get blocked. If I clear my browsing data and open a private browsing session no ads are being blocked. It’s not using my entered DNS settings. I don’t know if it’s overriding my entries and using my ISPs or if it’s using Apple’s. I do see some dns entries in the pi-hole logs for doh.apple.com, gateway.fe2.apple-dns.net, canary.mask.apple-dns.net. This did not happen on my old phone running iOS 17. This is a privacy concern.
The first image is a normal new Safari tab, ads are blocked. The second pic is a new private browsing tab after I closed and cleared all history in the normal browsing window.
You don’t have to manually enter the DNS server in your iPhones WiFi settings. Add the Pi-Hole as DNS server in your DHCP server.
Secondly the domains you see in the log are used for Apple’s privacy relay, not a privacy concern at all. Do you have that turned in privacy relay for your WiFi in the iPhones settings?
Thank you! Found the cause. I had to disable “Limit IP Address Tracking” in the WiFi settings. Now it blocks ads and uses the Pi-Hole for DNS in private browsing.
I have to manually enter the Pi-Hole DNS IP due to having Comcast and I have to use their XB8 modem for my Home Security. There is no way to change the DNS settings in Comcast’s modem. It is locked. I also cannot turn off the DHCP in the modem either. I can limit the scope of their DHCP server down to a few reserved address and then turn on DHCP in the Pi-hole but it became a fiasco for me trying to manage both. It was just easier to manually enter the Pi IP in 4 iPhones.