When I visit https://dnsleaktest.com/ on my PC connected via ethernet as well as on my laptop connected over wifi, both show my DNS has been masked. However, when I visit it from an iPhone or iPad, both are leaking my DNS. Both devices also still have ads loading on websites. My iPhone has Private Relay disabled and Configure DNS set to automatic, which is showing my IPV4 and IPV6 DNS servers. I have tried both enabling and disabling Private WiFi Address and Limit IP Address Tracking under the wifi settings, but neither seems to affect the results.
Any ideas why my unbound + adblock setup work on my other wireless devices but not on my Apple ones?
It's still leaking after disabling wifi assist unfortunately.
It's worth mentioning that I enabled Force Router DNS to enable DNS Hijacking in the adblock-fast settings and set DNS Service to unbound adblock list, so I thought that would ultimately cause everything connected to my router to use it. I also set DHCP Options to option:dns-server,0.0.0.0 on my lan interface and disabled Use DNS servers advertised by peer on my wan and wan6 interfaces.
I had been running PiHole just fine. Maybe I'll switch back to that...
In the meantime, manually adding those apple domains to adblock still doesn't work. The DNS leak test shows two servers for my ISP whereas on my non-Apple devices it shows it's not leaking. Anything specific I should be looking at in the results there?
Even after switching back to pihole, I am still seeing my DNS leaking in Safari on my iPhone and iPad. Apple appears to be overriding my settings somewhere.
Are you perhaps using iCloud Private Relay? Check in iCloud settings. After turning it off, you might need to turn off and on again wifi and airplane mode to see the difference. The 2 domains mentioned earlier are supposed to disable this feature for your network, but it might be your devices didn’t notice for some reason.
I have it disabled and every other Apple networking feature as far as I can tell. The wifi shows the correct dns server, but it doesn't appear to be using it from safari. Instead it uses my ISP's.
You probably need to use banip and block all public dns (theres a drop-down list). Think Apple uses doh so u can’t really enforce your own dns without blocking the doh server itseld. (Think this is the case for Google Chrome too).
That isn't my experience with Apple devices. Apple doesn't enforce their own DNS. But DNS config is messy. I think the order of precedence is:
iCloud Private Relay has its own DNS when enabled. Switch to off.
DoH is used when set manually by installing a special profile (Settings -> General -> VPN & Device Management -> DNS) or enabled via apps like NextDNS or 1.1.1.1, which are visible together with profiles. Switch to Automatic.
Manual oldschool DNS in Settings -> WiFi -> your SSID (i) icon -> Configure DNS). Switch to Automatic.
DNS obtained from DHCP (option 6).
Gateway aka router is assumed to provide DNS.
Bonus point: when WiFi "doesn't have internet access", cellular connection could be used, so disable Settings -> Cellular -> (scroll almost to the bottom) -> Wi-Fi Assist. Turn off.