Actually no help needed but wanted to share the following, hoping it might help others as well:
After installation of iOS 15.5 Safari didn’t finish loading certain sites while others worked flawlessly - while being connected to the Wifi (with Pi-Hole).
Other Browsers didn’t show this behaviour and also Safari worked fine via 5g.
Apple must have changed something on their side. They have some domains they test for to see if the network is compatible with their Private Relay feature. Previously, when " iCloud Private Relay" was enabled, users got a message when they blocked those domains by Pi-hole that their network is not compatible with that feature. Later, they just seem to ignore the blocked domains and ads were loading
The feature was renamed meanwhile
In earlier versions of iOS, iPadOS, and macOS, this preference is called iCloud Private Relay.
I installed iOS 15.5 on my iPhone SE and after a while noticed that some sites didn’t load (e.g. banks, PayPal, etc.). I don’t know what exactly causes this behavior but I guess it has something to do with the latest version of iOS. Hopefully, they will change things useful.
Was troubleshooting my settings for hours until I found this. Was driving me nuts! Thanks.
Is this a problem which Apple has to fix? Since it's working when I'm using the Router's DNS there must be a problem between PiHole and Apple's setting, right?
By default Pi-hole blocks Apples canary domains which used to indicate to iOS devices that Private Relay should not be used within that particular network. If your device is using Private Relay/Limit IP Address Tracking, it bypasses Pi-hole.
Okay, this can be misunderstanding. Since I was not using Private Relay, but Limit IP Address Tracking, two different settings in my opinion.
Did I understand correctly that my devices are not trying to use the "Limit IP Tracking" feature even when it's turned on when "BLOCK_ICLOUD_PR=true" is set so that it won't be leading to mentioned problems if updates may turn it on again?
If it would be working by bypassing Pi-hole it wouldn't be as bad as the fact, that it isn't even working when using it while having Pi-hole as DNS resolver. It is working while using my standard DNS from the router, though.
Facing the same problem I just set BLOCK_ICLOUD_PR=false as there are quite some Apple devices in my network, but I'm not sure it really solved that issue... disabling the anti-tracking feature locally on the device did work right out of the box, but as I have quite a number of Apple devices in my network and anti-tracking is a really nice thing to have also in foreign networks, I'd really like to see this fixed/worked around in pi-hole if possible.
I got it that Apple probably changed something without documenting it in the last updates, but pi-hole should try to adapt to that new behaviour ASAP in any case.
My current understanding is, that Pi-Hole would work perfectly well without any manual configuration (not setting any value for BLOCK_ICLOUD_PR manually) if Apple wouldn’t have changed something unexpectedly.
Is this correct?
For me disabling “Limit IP Address tracking” to get things working is perfectly fine though - it’s something that is configured distinctly for every Wifi - so I just do that for my own one.
For a handful of iOS Devices that’s done quickly….
For iOS devices this is true, but for MacOS devices it isn't. For Macs this setting is configured on network interface level, i.e. you enable or disable it for your network interface (wired and/or WiFi), which affects every (W)LAN network you might connect to. For stationary Macs this isn't an issue, but for portable ones, it is.
Confirmed. I just tested it. I have it off at home, but it's on when I leave.
Still, it's not a good solution, cuz anytime someone comes over and wants to use their Mac or iPhone they'll have to be told to fix that. Hopefully the smart ones can figure out what's up. I'm open to test and take logs if it helps, I just don't know enough when it comes to that in-depth knowledge of these systems.
My latest outcome from troubleshooting this issue:
tested the last 12 hours and can confirm that BLOCK_ICLOUD_PR=false in pihole-FTL.conf is a valid workaround for now. Safari and Mail on iOS 15.5 and macOS 12.4 are now working as expected, all my affected websites are loading correctly.
My iOS/macOS settings are (which is Apples default setting):
Private Relay = OFF
Limit IP Address Tracking in WiFi settings = ON
Adblocking via PiHole is also working as expected on these Apple devices, I can see the blocked URLs in the PiHole log correctly.
Looks for me that the newest releases of iOS and macOS are pissed if anyone is blocking Apples DNS servers and they cannot be reached.
FYI: I have tested the following FTL settings:
NO BLOCK_ICLOUD_PR config in pihole-FTL.conf (PiHole default)
SET BLOCK_ICLOUD_PR config in pihole-FTL.conf to true
SET BLOCK_ICLOUD_PR config in pihole-FTL.conf to false
Only TEST3 with value false is working without issues in combination with Apples default settings on iOS / macOS.