Pi-hole no longer working as primary DNS - With iOS 16

nim6us · September 25, 2022, 2:32pm

For the record before this topic gets closed off I think this is a problem with iOS 16. After I changed the IPv4 settings on my Pi-hole everything appeared to be working. However my iPhone is the only device still is bypassing the Pi-hole. I compared to the other iPhones in my house and I'm the only one running iOS 16. I upgraded one of the other iPhones to iOS 16 and BOOM same issue.

Within the iPhone settings I've tried turning off the "Private Wi-Fi Address" and "Limit IP Address Tracking" options, but that did not work. I presume this is Apple trying to be overly clever, that if a DNS request gets sinkholed from the first server it tries one of the other DNS servers. Or perhaps it just broadcasts the request to all available DNS servers. If I change my iPhone DNS settings from dynamic to static and I point it at the Pi-hole all is well with the world and the blocking works as expected.

I know I could solve this across my network by making my Pi-hole the only DNS server on my router. However if for some reason the Pi-hole goes offline I'd lose all DNS.

SO it looks like for now I'll have to just statically set DNS on my devices running iOS 16 and I'll keep my ear to the ground for a better fix.

chrislph · September 25, 2022, 3:00pm

Could it be iCloud Private Relay - does this match up? "Private Relay protects users’ web browsing in Safari, DNS resolution queries, and insecure http app traffic"

https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/

Paragraphs 2 and 3 below explain how to turn it off per device or per network (for same user)

Per that dev doc are you seeing entries in your logs for their domains mask.icloud.com or mask-h2.icloud.com

nim6us · September 28, 2022, 12:32pm

Apologies for the slow reply. Reading the documentation it looks like iCloud Private Relay requires an iCloud+ subscription. I don't have a subscription, nor do any other members of my household. I checked my iPhone and there's not even an option to toggle it on/off so it's definitely not active.

I don't think iCloud Private Relay is the culprit in this case.

system · October 19, 2022, 12:32pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.