Why would you want to block icloud private relay by default?

Leon_Guo · January 22, 2024, 3:01am

Why would you want to block icloud private relay by default?
It protect your IP address, and I would not want to block it by default

sawsanders · January 22, 2024, 3:34am

Because it will render Pi-hole useless for that device; it will bypass all Pi-hole filtering. If you want that, you can disable it in your Pi-hole configs.

The logic is that if you went through the trouble of setting up a Pi-hole on your home network, you would want all your devices to use it.

yubiuser · January 22, 2024, 3:36pm

Since

github.com/pi-hole/FTL

Implement special domains whitelisting

pi-hole:development ← pi-hole:tweak/special_domains_prio_v5

opened 05:20PM - 07 Dec 23 UTC

DL6ER

+19 -17

# What does this implement/fix? See #1807 - this is a backport of the feature… for FTL v5. Allows for fine grained application of the "special" domains that manage Apple Private Relay and Firefox Canary domains. When you apply them only to one group this effectively disables the special handling for this group while it stays intact for the rest or your network. --- **Related issue or feature (if applicable):** N/A **Pull request in [docs](https://github.com/pi-hole/docs) with documentation (if applicable):** N/A --- **By submitting this pull request, I confirm the following:** 1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against. 2. I have commented my proposed changes within the code. 3. I am willing to help maintain this change if there are issues with it later. 4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) 5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) ## Checklist: - [x] The code change is tested and works locally. - [x] I based my code and PRs against the repositories `developmental` branch. - [x] I [signed off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits. Pi-hole enforces the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions - [x] I [signed](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all my commits. Pi-hole requires signatures to verify authorship - [x] I have read the above and my PR is ready for review.

you can also whitelist those domains on per-group setting.

jfb · January 22, 2024, 4:27pm

If iCloud Private Relay is functioning on a client, some of the DNS traffic from that client (Safari, as of now) will not use Pi-hole. Since we assume that if you have a Pi-hole installed on your network you want all your network clients to use it for DNS, blocking this is our default configuration. Note that we similarly provide the required canary domain for Firefox so it won't default to DoH mode and bypass Pi-hole.

We block iCloud Private Relay per the Apple specifications.

https://docs.pi-hole.net/ftldns/configfile/#icloud_private_relay

This is a user configurable setting.

system · January 29, 2024, 4:28pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.