The issue I am facing: iPhone sends HTTPS record queries but they are not answered by local dns
Details about my system: pihole and iPhone are up to date
What I have changed since installing Pi-hole: nothing
It seems, that the iPhone is requesting an A record and an HTTPS record simultaneously. This works fine for external records but not for my internal ones. I use the same DNS name for an internal server to access this server internally and externally. Internal PiHole resolves this name to the internal IP. Externally, my DNS provider is resolving the name to my external IP. this works great, except for the iPhone. If the iPhone is connected internally, it gets the internal IP from the A record, but the external IP by the HTTPS record and is using the last one, which is not working. any chance to tell PiHole to resolve the HTTPS query to the same internal IP as the A query instead of sending it to the upstream?
How is that set up? Are you using Pi-hole's Local DNS to take precedence over the external upstream DNS, and then when you are external the real records are the only ones seen?
If you're using the approach above this would be normal because Pi-hole would return results for A and AAAA records using Local DNS but not for HTTPS and so they would be sent upstream. Since they recieve a technically valid response, this informs the iPhone's behaviour and take precedence, since that is one of the functions of HTTPS and SVCB type records.
if you're not using HTTPS records for real anywhere else internally you can block all HTTPS query types, thus preventing the iPhone from "working around" the otherwise-working setup. Create a regex blacklist entry for
.*;querytype=HTTPS
Does that fix the iPhone and make it work the way you want?
